https://gitlab.synchro.net/main/sbbs/-/commit/88e7a55065adc6154124bfad
Added Files:
src/ssh/TODO.md src/ssh/test/mock_alloc.c mock_alloc.h test_alloc.c test_dhgex_provider.h test_enc.c test_enc.h test_mac.c test_mac.h test_transport_errors.c
Modified Files:
src/ssh/CMakeLists.txt src/ssh/test/test_algo_key.c test_arch.c test_auth.c test_chan.c test_conn.c test_selftest.c test_transport.c
Log Message:
Add branch coverage test suite: 537 tests across 11 executables

Comprehensive test coverage for the DeuceSSH library, targeting every
testable branch identified in an exhaustive audit of all source files.

Test infrastructure:
- mock_alloc.h/.c: countdown allocator via --wrap=malloc/calloc/realloc
- test_enc.h/.c: XOR cipher as "aes256-ctr" with failure injection
- test_mac.h/.c: XOR-fold MAC as "hmac-sha2-256" with failure injection,
corrupt output, and oversized digest modes
- test_dhgex_provider.h: DH-GEX group provider and RSA key test helpers
- CMakeLists.txt: 4 KEX x key combos, 23 CTest configurations

New test files (7):
- test_alloc.c: 20 malloc failure tests across transport and auth
- test_transport_errors.c: 11 enc/mac failure injection tests
- test_algo_key.c: 67 tests for ed25519/RSA key operations, verify
parse errors (malformed blobs), file I/O edge cases

Extended test files (6):
- test_transport.c: +30 tests for version exchange, GLOBAL_REQUEST
handler, DEBUG/UNIMPLEMENTED edge cases, registration validation,
getter-before-handshake, build_namelist overflow, packet_size clamping
- test_auth.c: +14 client-side KBI error path tests
- test_conn.c: +5 tests for start-twice, accept timeout, reject NULL,
poll timeout
- test_arch.c: +2 namelist parse edge cases
- test_chan.c: +4 msgqueue peek, sigqueue stderr/truncation tests
- test_selftest.c: DH-GEX and RSA key algorithm support

Branch coverage results (ssh-chan.c reaches 100%):
ssh-chan.c 100.00% ssh-arch.c 98.53% ssh.c 90.00%
ssh-trans.c 79.12% aes256-ctr 72.22% ed25519 69.05%
ssh-auth.c 62.88% rsa-sha2-256 62.36% ssh-conn.c 61.69%

Remaining uncovered branches are OpenSSL error paths (82), dead code defense-in-depth (52), malloc failures needing --wrap extension (51),
C11 thread init failures (16), and deep protocol paths requiring
multi-threaded session infrastructure (~230).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/76e66e3390ab1570e1ebb86e
Modified Files:
src/ssh/TODO.md src/ssh/test/test_auth.c test_conn.c test_transport.c Log Message:
Add DEBUG/GLOBAL_REQUEST/banner/get_methods/OPEN_CONFIRMATION edge case tests

Transport tests:
- debug/msg_len_exceeds_payload: DEBUG with msg_len > actual data
(covers msg_len clamp to 0 on line 754)
- global_request/name_exceeds: GLOBAL_REQUEST with name_len > payload
(covers early break on line 781)

Auth tests:
- banner_truncated: three BANNER variants sent from server before
auth response Ä no msg_len header, msg_len > payload, valid msg
with truncated lang (covers lines 18, 22, 33-34)
- get_methods_none_accepted: server accepts "none" auth, client
get_methods receives SUCCESS with empty methods (covers lines 567-570)

Conn tests:
- truncated_open_confirmation: OPEN_CONFIRMATION < 17 bytes (line 641)
- open_conf_unknown_channel: OPEN_CONFIRMATION for nonexistent channel (line 646)
- channel_success_no_request: CHANNEL_SUCCESS/FAILURE when no request
pending (exercises the break path at line 612)

TODO.md: add bugs 5 (void* banner_cb), 6 (dead x11 type_len==2 check),
7 (KEX pubkey error check guards Ä already fixed).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net