https://gitlab.synchro.net/main/sbbs/-/commit/05740b1cb14b43063d503764
Modified Files:
src/ssh/kex/curve25519-sha256.c src/ssh/test/dssh_test_internal.h test_alloc.c test_transport.c
Log Message:
curve25519-sha256.c coverage: 80% → 97% (40 → 5 missed branches)

Source cleanup:
- Fold int ok = EVP_DigestInit_ex(...) to eliminate dead ok && branch
- Guard dead dssh_parse_uint32 < 4 checks in Q_S and sig parse chains
with #ifndef DSSH_TESTING (same pattern as dh-gex and ssh-arch.c)
- Make compute_exchange_hash_c25519, x25519_exchange, and
encode_shared_secret DSSH_TESTABLE for direct unit testing

ossl/kex_client and alloc/kex_client iterate tests now run for ALL
KEX types (removed dhgex-only skip), covering curve25519 client-side
ossl and alloc failure paths.

Curve25519 server targeted tests (6 tests):
- ka NULL / NULL pubkey / NULL sign function pointers
- recv failure (no packets)
- wrong msg_type for ECDH_INIT
- bad Q_C length (16 instead of 32)

Curve25519 helper tests (3 tests):
- encode_shared_secret with leading-zero raw bytes
- x25519_exchange alloc failure
- encode_shared_secret alloc failure (both malloc sites)

Curve25519 client parse tests (7 tests via bad-server thread):
- recv ECDH_REPLY failure
- truncated K_S (too short / length overrun)
- truncated Q_S (too short)
- bad Q_S length (16 instead of 32)
- truncated sig (too short / length overrun)

5 remaining branches: 2 need targeted truncated-data tests,
3 are server alloc failures likely covered by iterate (profiling noise).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
￭ Synchronet ￭ Vertrauen ￭ Home of Synchronet ￭ [vert/cvs/bbs].synchro.net