https://gitlab.synchro.net/main/sbbs/-/commit/405365deef5dbd0cfaadcde4
Modified Files:
src/ssh/kex/dh-gex-sha256.c src/ssh/test/dssh_test_alloc.c dssh_test_alloc.h test_alloc.c test_transport.c
Log Message:
dh-gex-sha256.c: 100% branch coverage

Thread-local alloc injection: add dssh_test_alloc_exclude_thread()
matching the ossl pattern, so server threads can opt out of library
malloc failure injection during two-threaded KEX tests.

alloc/kex_server iterate: single-threaded server KEX with library
alloc injection via dssh_test_alloc_fail_after(). Covers malloc
failures in serialize_bn_mpint, shared_secret, reply buffer, and
exchange_hash on the server path.

alloc/kex_client iterate: two-threaded KEX with server excluded
from alloc injection. Covers client-side malloc failures.

Client ka guard tests: two-threaded KEX with client's
key_algo_selected set to NULL or stub with NULL verify.

Client parse tests (7 tests via bad-server threads):
- recv GROUP failure (server closes before sending)
- GEX_GROUP empty / missing g
- GEX_REPLY wrong msg_type
- GEX_REPLY too short for K_S / K_S overrun
- GEX_REPLY f=0 (invalid DH value)
- GEX_REPLY too short for sig / sig overrun

Server ka==NULL targeted test.

Source cleanup: break client-side K_S and sig parse chains out of
|| expressions, guard dead dssh_parse_uint32 checks with
#ifndef DSSH_TESTING (same pattern as parse_bn_mpint line 60).

Result: dh-gex-sha256.c 246/246 branches covered (100.00%).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
￭ Synchronet ￭ Vertrauen ￭ Home of Synchronet ￭ [vert/cvs/bbs].synchro.net