# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
EXTRA_DIST = client.p12 noclient.p12 unclient.p12 pkcs12_2certs.p12 \
- pkcs12_5certs.p12 test-null.p12 cert-ca.p12 sha256.p12
+ pkcs12_5certs.p12 test-null.p12 cert-ca.p12 sha256.p12 suppressions.valgrind
dist_check_SCRIPTS = pkcs12
TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \
LC_ALL="C" \
+ VALGRIND="$(VALGRIND)" \
top_builddir="$(top_builddir)" \
srcdir="$(srcdir)"
+
+if WANT_TEST_SUITE
+LOG_COMPILER = $(VALGRIND)
+endif
srcdir="${srcdir:-.}"
top_builddir="${top_builddir:-../..}"
CERTTOOL="${CERTTOOL:-${top_builddir}/src/certtool${EXEEXT}}"
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
+fi
+
DIFF="${DIFF:-diff}"
DEBUG=""
-if test "x$1" != "x"; then
- DEBUG="1"
-fi
+DEBUG="1"
ret=0
for p12 in 'client.p12 foobar' noclient.p12 unclient.p12 pkcs12_2certs.p12; do
file="$1"
passwd="$2"
if test "x$DEBUG" != "x"; then
- "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \
+ ${VALGRIND} "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \
--infile "${srcdir}/${file}"
else
- "${CERTTOOL}" --p12-info --inder --password "${passwd}" \
- --infile "${srcdir}/${file}" >/dev/null 2>&1
+ ${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${passwd}" \
+ --infile "${srcdir}/${file}" >/dev/null
fi
rc=$?
if test ${rc} != 0; then
echo "NEON PKCS12 FATAL ${p12}"
- ret=1
+ exit 1
fi
done
file=test-null.p12
-"${CERTTOOL}" --p12-info --inder --null-password --infile "${srcdir}/${file}" >/dev/null 2>&1
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --null-password --infile "${srcdir}/${file}" >/dev/null
rc=$?
if test ${rc} != 0; then
echo "PKCS12 FATAL ${file}"
- ret=1
+ exit 1
fi
file=sha256.p12
-"${CERTTOOL}" --p12-info --inder --password 1234 --infile "${srcdir}/${file}" >/dev/null 2>&1
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 1234 --infile "${srcdir}/${file}" >/dev/null
rc=$?
if test ${rc} != 0; then
echo "PKCS12 FATAL ${file}"
- ret=1
+ exit 1
fi
# test whether we can encode a certificate and a key
-"${CERTTOOL}" --to-p12 --password 1234 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --outder --outfile out.p12 >/dev/null 2>&1
+${VALGRIND} "${CERTTOOL}" --to-p12 --password 1234 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --outder --outfile out.p12 >/dev/null
rc=$?
if test ${rc} != 0; then
echo "PKCS12 FATAL encoding"
- ret=1
+ exit 1
fi
-"${CERTTOOL}" --p12-info --inder --password 1234 --infile out.p12 >out.pem 2>/dev/null
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 1234 --infile out.p12 >out.pem 2>/dev/null
rc=$?
if test ${rc} != 0; then
echo "PKCS12 FATAL decrypting/decoding"
- ret=1
+ exit 1
fi
grep "BEGIN ENCRYPTED PRIVATE KEY" out.pem >/dev/null 2>&1
fi
# test whether we can encode a certificate, a key and a CA
-"${CERTTOOL}" --to-p12 --password 123456 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile out.p12 >/dev/null 2>&1
+${VALGRIND} "${CERTTOOL}" --to-p12 --password 123456 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile out.p12 >/dev/null
rc=$?
if test ${rc} != 0; then
echo "PKCS12 FATAL encoding 2"
exit 1
fi
-"${CERTTOOL}" --p12-info --inder --password 123456 --infile out.p12 >out.pem 2>/dev/null
+${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 123456 --infile out.p12 >out.pem 2>/dev/null
rc=$?
if test ${rc} != 0; then
echo "PKCS12 FATAL decrypting/decoding 2"
--- /dev/null
+# suppressions -- Valgrind suppresion file for libgcrypt
+
+# Copyright (C) 2008-2012 Free Software Foundation, Inc.
+
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved.
+
+{
+ zlib inflateInit
+ Memcheck:Cond
+ fun:inflateReset2
+ fun:inflateInit2_
+ fun:_gnutls_comp_init
+ fun:_gnutls_init_record_state
+ fun:_gnutls_epoch_set_keys
+ fun:_gnutls_write_connection_state_init
+ fun:_gnutls_send_handshake_final
+}
+
+{
+ libgcrypt1
+ Memcheck:Leak
+ fun:malloc
+ fun:_gcry_private_malloc
+ fun:do_malloc
+ fun:_gcry_malloc
+ fun:_gcry_module_add
+ fun:gcry_pk_register_default
+ fun:_gcry_pk_init
+ fun:global_init
+ fun:_gcry_check_version
+ fun:gcry_check_version
+ fun:gnutls_global_init
+}
+
+{
+ libgcrypt1-new
+ Memcheck:Leak
+ fun:malloc
+ fun:_gcry_private_malloc
+ fun:do_malloc
+ fun:_gcry_malloc
+ fun:_gcry_module_add
+ fun:pk_register_default
+ fun:_gcry_pk_init
+ fun:global_init
+ fun:_gcry_check_version
+ fun:gcry_check_version
+ fun:gnutls_global_init
+}
+
+{
+ libgcrypt2
+ Memcheck:Leak
+ fun:malloc
+ fun:_gcry_private_malloc
+ fun:do_malloc
+ fun:_gcry_malloc
+ fun:_gcry_module_add
+ fun:gcry_md_register_default
+ fun:_gcry_md_init
+ fun:global_init
+ fun:_gcry_check_version
+ fun:gcry_check_version
+ fun:gnutls_global_init
+}
+
+{
+ libgcrypt2-new
+ Memcheck:Leak
+ fun:malloc
+ fun:_gcry_private_malloc
+ fun:do_malloc
+ fun:_gcry_malloc
+ fun:_gcry_module_add
+ fun:md_register_default
+ fun:_gcry_md_init
+ fun:global_init
+ fun:_gcry_check_version
+ fun:gcry_check_version
+ fun:gnutls_global_init
+}
+
+{
+ libgcrypt3
+ Memcheck:Leak
+ fun:malloc
+ fun:_gcry_private_malloc
+ fun:do_malloc
+ fun:_gcry_malloc
+ fun:_gcry_module_add
+ fun:gcry_cipher_register_default
+ fun:_gcry_cipher_init
+ fun:global_init
+ fun:_gcry_check_version
+ fun:gcry_check_version
+ fun:gnutls_global_init
+}
+
+{
+ libgcrypt3-new
+ Memcheck:Leak
+ fun:malloc
+ fun:_gcry_private_malloc
+ fun:do_malloc
+ fun:_gcry_malloc
+ fun:_gcry_module_add
+ fun:cipher_register_default
+ fun:_gcry_cipher_init
+ fun:global_init
+ fun:_gcry_check_version
+ fun:gcry_check_version
+ fun:gnutls_global_init
+}
+
+{
+ libgcrypt4
+ Memcheck:Leak
+ fun:malloc
+ fun:do_malloc
+ fun:_gcry_malloc
+ fun:_gcry_xmalloc
+ fun:_gcry_xcalloc
+ fun:initialize
+ fun:_gcry_randomize
+ fun:gcry_randomize
+ fun:gc_pseudo_random
+ fun:_gnutls_rnd_init
+ fun:gnutls_global_init
+}
+
+{
+ libgcrypt5
+ Memcheck:Leak
+ fun:malloc
+ fun:_gcry_private_malloc
+ fun:do_malloc
+ fun:_gcry_malloc
+ fun:_gcry_xmalloc
+ fun:_gcry_xcalloc
+ fun:initialize
+ fun:_gcry_randomize
+ fun:gcry_randomize
+ fun:gc_pseudo_random
+ fun:_gnutls_rnd_init
+ fun:gnutls_global_init
+}
+
+{
+ libgcrypt6
+ Memcheck:Leak
+ fun:malloc
+ fun:do_malloc
+ fun:_gcry_malloc
+ fun:_gcry_xmalloc
+ fun:_gcry_xcalloc
+ fun:initialize
+ fun:_gcry_create_nonce
+ fun:gcry_create_nonce
+ fun:wrap_gcry_rnd_init
+ fun:_gnutls_rnd_init
+ fun:gnutls_global_init
+}
+
+{
+ libgcrypt7
+ Memcheck:Leak
+ fun:malloc
+ fun:_gcry_private_malloc
+ fun:do_malloc
+ fun:_gcry_malloc
+ fun:_gcry_xmalloc
+ fun:_gcry_xcalloc
+ fun:initialize
+ fun:_gcry_create_nonce
+ fun:gcry_create_nonce
+ fun:wrap_gcry_rnd_init
+ fun:_gnutls_rnd_init
+ fun:gnutls_global_init
+}
+
+{
+ libgcrypt7-new
+ Memcheck:Leak
+ fun:malloc
+ fun:_gcry_private_malloc
+ fun:do_malloc
+ fun:_gcry_malloc
+ fun:_gcry_xmalloc
+ fun:_gcry_xcalloc
+ fun:initialize
+ fun:_gcry_rngcsprng_create_nonce
+ fun:_gcry_create_nonce
+ fun:gcry_create_nonce
+ fun:wrap_gcry_rnd_init
+ fun:_gnutls_rnd_init
+ fun:gnutls_global_init
+}
+
+{
+ ignore p11 leaks
+ Memcheck:Leak
+ fun:calloc
+ obj:*
+ obj:*
+ obj:*
+ obj:*
+ fun:p11_kit_initialize_registered
+ fun:gnutls_pkcs11_init
+ fun:gnutls_global_init
+}
+
+{
+ nettle memxor3
+ Memcheck:Addr8
+ fun:memxor3
+ obj:*
+}
+
+{
+ nettle memxor
+ Memcheck:Addr8
+ fun:memxor
+ obj:*
+}
+
+{
+ memxor_different_alignment
+ Memcheck:Addr8
+ fun:memxor_different_alignment
+ obj:*
+}
+
+{
+ libidn-strlen
+ Memcheck:Addr4
+ fun:idna_to_ascii_4z
+ fun:idna_to_ascii_8z
+ fun:gnutls_x509_crt_check_hostname2
+ ...
+}
+
+{
+ libidn-strlen2
+ Memcheck:Addr4
+ fun:idna_to_ascii_4z
+ fun:idna_to_ascii_8z
+ fun:gnutls_server_name_set
+ ...
+}
+
+{
+ libidn-strlen2
+ Memcheck:Addr4
+ fun:idna_to_ascii_4z
+ fun:idna_to_ascii_8z
+ fun:gnutls_server_name_get
+ ...
+}
+
+{
+ bash leak
+ Memcheck:Leak
+ match-leak-kinds: definite
+ fun:malloc
+ fun:xmalloc
+ fun:set_default_locale
+ fun:main
+}