Added Unit tests to increase MC/DC coverage#10200
Added Unit tests to increase MC/DC coverage#10200danielinux wants to merge 13 commits intowolfSSL:masterfrom
Conversation
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10200
Scan targets checked: wolfcrypt-port, wolfcrypt-port-bugs
No new issues found in the changed files. ✅
There was a problem hiding this comment.
Pull request overview
This PR expands MC/DC-oriented unit test coverage across wolfCrypt and TLS/DTLS APIs, and makes a small set of previously-internal entry points visible to the test harness to enable deeper branch coverage.
Changes:
- Expose select internal functions via
WOLFSSL_TEST_VISso they can be invoked from external unit tests. - Add a large set of new API/unit tests targeting guardrails and decision branches across crypto, ASN.1, PKCS#7/#12, TLS/DTLS, OCSP/CRL, and OpenSSL-compat layers.
- Improve liboqs integration (configure-time detection via
pkg-configand more complete runtime cleanup).
Reviewed changes
Copilot reviewed 55 out of 57 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| wolfssl/wolfcrypt/wc_encrypt.h | Expose wc_CryptKey for test visibility. |
| wolfssl/wolfcrypt/pkcs12.h | Expose wc_PKCS12_verify_ex for test visibility. |
| wolfssl/wolfcrypt/cryptocb.h | Expose additional CryptoCb helpers for test visibility. |
| wolfssl/wolfcrypt/asn.h | Expose ASN.1 helpers for test visibility. |
| wolfssl/internal.h | Expose TLSX_SupportExtensions for targeted tests. |
| wolfcrypt/src/port/liboqs/liboqs.c | Enhance liboqs close/teardown sequence. |
| tests/api/test_wolfmath.h | Register new wolfmath MC/DC tests. |
| tests/api/test_wolfmath.c | Add wolfmath MC/DC coverage tests. |
| tests/api/test_wc_encrypt.h | Register new wc_encrypt MC/DC tests. |
| tests/api/test_wc_encrypt.c | Add encrypted-keys / wc_CryptKey MC/DC tests. |
| tests/api/test_tls13.h | Register new TLS 1.3 MC/DC test batches. |
| tests/api/test_tls.h | Register new TLS/TLSX MC/DC test batches. |
| tests/api/test_signature.h | Register new signature wrapper MC/DC tests (+ Falcon). |
| tests/api/test_signature.c | Add signature wrapper MC/DC tests (+ Falcon sign/verify). |
| tests/api/test_sha256.h | Register SHA-256 residual-coverage test. |
| tests/api/test_sha256.c | Add SHA-256 residual-coverage test for update path. |
| tests/api/test_sha.h | Register SHA-1 residual-coverage test. |
| tests/api/test_sha.c | Add SHA-1 residual-coverage test for update path. |
| tests/api/test_rsa.h | Register additional RSA MC/DC tests. |
| tests/api/test_random.h | Register RNG guardrails/CryptoCb tests. |
| tests/api/test_random.c | Add RNG guardrails and CryptoCb behavior tests. |
| tests/api/test_poly1305.h | Register Poly1305 MC/DC tests. |
| tests/api/test_poly1305.c | Add Poly1305 guardrails/decision/feature coverage tests. |
| tests/api/test_pkcs7.h | Register PKCS#7 InitWithCert guardrails test. |
| tests/api/test_pkcs7.c | Add PKCS#7 InitWithCert guardrails test. |
| tests/api/test_pkcs12.h | Register PKCS#12 guardrails + MC/DC suites. |
| tests/api/test_pkcs12.c | Add PKCS#12 guardrails + MC/DC suites (create/parse/verify/file paths). |
| tests/api/test_ossl_x509.c | Extend OpenSSL-compat X509 tests for edge cases. |
| tests/api/test_ossl_x509_vp.c | Extend X509_VERIFY_PARAM tests (host length/flags/inherit). |
| tests/api/test_ossl_x509_ext.h | Register new NAME_CONSTRAINTS manual-paths test. |
| tests/api/test_ossl_x509_ext.c | Broaden OpenSSL-compat extension test coverage and build guards. |
| tests/api/test_ocsp.c | Add OCSP/CRL wrapper guardrails + wolfio HTTP helper coverage. |
| tests/api/test_md5.h | Register MD5 residual-coverage test. |
| tests/api/test_md5.c | Add MD5 residual-coverage test for update path. |
| tests/api/test_evp_pkey.h | Register new EVP_PKEY MC/DC/batch tests. |
| tests/api/test_evp_cipher.h | Register new EVP_CIPHER MC/DC/batch tests. |
| tests/api/test_ecc.h | Register additional ECC MC/DC tests. |
| tests/api/test_dtls.c | Extend DTLS wolfio/memio tests for more IO translation branches. |
| tests/api/test_dh.h | Register DH MC/DC tests. |
| tests/api/test_dh.c | Add DH MC/DC tests (named groups, agree, pubkey validation, etc.). |
| tests/api/test_chacha20_poly1305.h | Register ChaCha20-Poly1305 MC/DC tests. |
| tests/api/test_chacha.h | Register ChaCha MC/DC tests. |
| tests/api/test_chacha.c | Add ChaCha MC/DC tests for bad-args/decision/coverage paths. |
| tests/api/test_certman.c | Extend CertManager tests for verify/CRL buffer edge cases. |
| tests/api/test_asn.h | Register additional ASN MC/DC tests. |
| tests/api/test_aes.h | Register additional AES MC/DC tests. |
| configure.ac | Improve liboqs discovery/linking (pkg-config + flag handling). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 55 out of 57 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if (ret != 0) { | ||
| return ret; | ||
| } | ||
| liboqs_mutex_init = 1; | ||
| ret = wc_LockMutex(&liboqsRNGMutex); | ||
| if (ret != 0) { | ||
| return ret; |
There was a problem hiding this comment.
wolfSSL_liboqsInit() can return early after successfully initializing the mutex (e.g., wc_LockMutex() failure), leaving liboqs_mutex_init set and the mutex allocated. Because the init path only checks liboqs_init, subsequent calls will attempt wc_InitMutex() again on an already-initialized mutex. Consider guarding mutex init with if (!liboqs_mutex_init) and/or freeing/resetting the mutex + flag on any failure after wc_InitMutex() succeeds. Also, the liboqs RNG callback is installed later in this block regardless of whether wc_InitRng() succeeded; it should only be installed when RNG init succeeds to avoid using an uninitialized RNG.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 55 out of 57 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 56 out of 58 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
wolfcrypt/src/port/liboqs/liboqs.c:82
- If wc_LockMutex(&liboqsRNGMutex) fails after wc_InitMutex succeeds, wolfSSL_liboqsInit() returns without freeing the initialized mutex and leaves liboqs_mutex_init set. This can leak resources and make subsequent init attempts inconsistent. Consider setting liboqs_mutex_init only after a successful lock, or on lock failure call wc_FreeMutex(&liboqsRNGMutex) and clear liboqs_mutex_init before returning.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 56 out of 58 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
No description provided.