From: Nikos Mavrogiannopoulos Date: Mon, 9 Nov 2015 20:54:09 +0000 (+0100) Subject: tests: run the PKCS #12 tests under valgrind X-Git-Tag: gnutls_3_5_0~594 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cdd6be8ca9bdf3f307adbc21cc51e902142b39f5;p=thirdparty%2Fgnutls.git tests: run the PKCS #12 tests under valgrind --- diff --git a/tests/pkcs12-decode/Makefile.am b/tests/pkcs12-decode/Makefile.am index 7180256ec9..f21a82eabf 100644 --- a/tests/pkcs12-decode/Makefile.am +++ b/tests/pkcs12-decode/Makefile.am @@ -20,7 +20,7 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. EXTRA_DIST = client.p12 noclient.p12 unclient.p12 pkcs12_2certs.p12 \ - pkcs12_5certs.p12 test-null.p12 cert-ca.p12 sha256.p12 + pkcs12_5certs.p12 test-null.p12 cert-ca.p12 sha256.p12 suppressions.valgrind dist_check_SCRIPTS = pkcs12 @@ -30,5 +30,10 @@ endif TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \ LC_ALL="C" \ + VALGRIND="$(VALGRIND)" \ top_builddir="$(top_builddir)" \ srcdir="$(srcdir)" + +if WANT_TEST_SUITE +LOG_COMPILER = $(VALGRIND) +endif diff --git a/tests/pkcs12-decode/pkcs12 b/tests/pkcs12-decode/pkcs12 index 64a360738f..1427ec6872 100755 --- a/tests/pkcs12-decode/pkcs12 +++ b/tests/pkcs12-decode/pkcs12 @@ -24,12 +24,14 @@ srcdir="${srcdir:-.}" top_builddir="${top_builddir:-../..}" CERTTOOL="${CERTTOOL:-${top_builddir}/src/certtool${EXEEXT}}" +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +fi + DIFF="${DIFF:-diff}" DEBUG="" -if test "x$1" != "x"; then - DEBUG="1" -fi +DEBUG="1" ret=0 for p12 in 'client.p12 foobar' noclient.p12 unclient.p12 pkcs12_2certs.p12; do @@ -37,48 +39,48 @@ for p12 in 'client.p12 foobar' noclient.p12 unclient.p12 pkcs12_2certs.p12; do file="$1" passwd="$2" if test "x$DEBUG" != "x"; then - "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \ + ${VALGRIND} "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \ --infile "${srcdir}/${file}" else - "${CERTTOOL}" --p12-info --inder --password "${passwd}" \ - --infile "${srcdir}/${file}" >/dev/null 2>&1 + ${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${passwd}" \ + --infile "${srcdir}/${file}" >/dev/null fi rc=$? if test ${rc} != 0; then echo "NEON PKCS12 FATAL ${p12}" - ret=1 + exit 1 fi done file=test-null.p12 -"${CERTTOOL}" --p12-info --inder --null-password --infile "${srcdir}/${file}" >/dev/null 2>&1 +${VALGRIND} "${CERTTOOL}" --p12-info --inder --null-password --infile "${srcdir}/${file}" >/dev/null rc=$? if test ${rc} != 0; then echo "PKCS12 FATAL ${file}" - ret=1 + exit 1 fi file=sha256.p12 -"${CERTTOOL}" --p12-info --inder --password 1234 --infile "${srcdir}/${file}" >/dev/null 2>&1 +${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 1234 --infile "${srcdir}/${file}" >/dev/null rc=$? if test ${rc} != 0; then echo "PKCS12 FATAL ${file}" - ret=1 + exit 1 fi # test whether we can encode a certificate and a key -"${CERTTOOL}" --to-p12 --password 1234 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --outder --outfile out.p12 >/dev/null 2>&1 +${VALGRIND} "${CERTTOOL}" --to-p12 --password 1234 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --outder --outfile out.p12 >/dev/null rc=$? if test ${rc} != 0; then echo "PKCS12 FATAL encoding" - ret=1 + exit 1 fi -"${CERTTOOL}" --p12-info --inder --password 1234 --infile out.p12 >out.pem 2>/dev/null +${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 1234 --infile out.p12 >out.pem 2>/dev/null rc=$? if test ${rc} != 0; then echo "PKCS12 FATAL decrypting/decoding" - ret=1 + exit 1 fi grep "BEGIN ENCRYPTED PRIVATE KEY" out.pem >/dev/null 2>&1 @@ -96,14 +98,14 @@ if test "${rc}" != "0"; then fi # test whether we can encode a certificate, a key and a CA -"${CERTTOOL}" --to-p12 --password 123456 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile out.p12 >/dev/null 2>&1 +${VALGRIND} "${CERTTOOL}" --to-p12 --password 123456 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile out.p12 >/dev/null rc=$? if test ${rc} != 0; then echo "PKCS12 FATAL encoding 2" exit 1 fi -"${CERTTOOL}" --p12-info --inder --password 123456 --infile out.p12 >out.pem 2>/dev/null +${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 123456 --infile out.p12 >out.pem 2>/dev/null rc=$? if test ${rc} != 0; then echo "PKCS12 FATAL decrypting/decoding 2" diff --git a/tests/pkcs12-decode/suppressions.valgrind b/tests/pkcs12-decode/suppressions.valgrind new file mode 100644 index 0000000000..47e4cda8b4 --- /dev/null +++ b/tests/pkcs12-decode/suppressions.valgrind @@ -0,0 +1,270 @@ +# suppressions -- Valgrind suppresion file for libgcrypt + +# Copyright (C) 2008-2012 Free Software Foundation, Inc. + +# Copying and distribution of this file, with or without modification, +# are permitted in any medium without royalty provided the copyright +# notice and this notice are preserved. + +{ + zlib inflateInit + Memcheck:Cond + fun:inflateReset2 + fun:inflateInit2_ + fun:_gnutls_comp_init + fun:_gnutls_init_record_state + fun:_gnutls_epoch_set_keys + fun:_gnutls_write_connection_state_init + fun:_gnutls_send_handshake_final +} + +{ + libgcrypt1 + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_module_add + fun:gcry_pk_register_default + fun:_gcry_pk_init + fun:global_init + fun:_gcry_check_version + fun:gcry_check_version + fun:gnutls_global_init +} + +{ + libgcrypt1-new + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_module_add + fun:pk_register_default + fun:_gcry_pk_init + fun:global_init + fun:_gcry_check_version + fun:gcry_check_version + fun:gnutls_global_init +} + +{ + libgcrypt2 + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_module_add + fun:gcry_md_register_default + fun:_gcry_md_init + fun:global_init + fun:_gcry_check_version + fun:gcry_check_version + fun:gnutls_global_init +} + +{ + libgcrypt2-new + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_module_add + fun:md_register_default + fun:_gcry_md_init + fun:global_init + fun:_gcry_check_version + fun:gcry_check_version + fun:gnutls_global_init +} + +{ + libgcrypt3 + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_module_add + fun:gcry_cipher_register_default + fun:_gcry_cipher_init + fun:global_init + fun:_gcry_check_version + fun:gcry_check_version + fun:gnutls_global_init +} + +{ + libgcrypt3-new + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_module_add + fun:cipher_register_default + fun:_gcry_cipher_init + fun:global_init + fun:_gcry_check_version + fun:gcry_check_version + fun:gnutls_global_init +} + +{ + libgcrypt4 + Memcheck:Leak + fun:malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_xmalloc + fun:_gcry_xcalloc + fun:initialize + fun:_gcry_randomize + fun:gcry_randomize + fun:gc_pseudo_random + fun:_gnutls_rnd_init + fun:gnutls_global_init +} + +{ + libgcrypt5 + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_xmalloc + fun:_gcry_xcalloc + fun:initialize + fun:_gcry_randomize + fun:gcry_randomize + fun:gc_pseudo_random + fun:_gnutls_rnd_init + fun:gnutls_global_init +} + +{ + libgcrypt6 + Memcheck:Leak + fun:malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_xmalloc + fun:_gcry_xcalloc + fun:initialize + fun:_gcry_create_nonce + fun:gcry_create_nonce + fun:wrap_gcry_rnd_init + fun:_gnutls_rnd_init + fun:gnutls_global_init +} + +{ + libgcrypt7 + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_xmalloc + fun:_gcry_xcalloc + fun:initialize + fun:_gcry_create_nonce + fun:gcry_create_nonce + fun:wrap_gcry_rnd_init + fun:_gnutls_rnd_init + fun:gnutls_global_init +} + +{ + libgcrypt7-new + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_xmalloc + fun:_gcry_xcalloc + fun:initialize + fun:_gcry_rngcsprng_create_nonce + fun:_gcry_create_nonce + fun:gcry_create_nonce + fun:wrap_gcry_rnd_init + fun:_gnutls_rnd_init + fun:gnutls_global_init +} + +{ + ignore p11 leaks + Memcheck:Leak + fun:calloc + obj:* + obj:* + obj:* + obj:* + fun:p11_kit_initialize_registered + fun:gnutls_pkcs11_init + fun:gnutls_global_init +} + +{ + nettle memxor3 + Memcheck:Addr8 + fun:memxor3 + obj:* +} + +{ + nettle memxor + Memcheck:Addr8 + fun:memxor + obj:* +} + +{ + memxor_different_alignment + Memcheck:Addr8 + fun:memxor_different_alignment + obj:* +} + +{ + libidn-strlen + Memcheck:Addr4 + fun:idna_to_ascii_4z + fun:idna_to_ascii_8z + fun:gnutls_x509_crt_check_hostname2 + ... +} + +{ + libidn-strlen2 + Memcheck:Addr4 + fun:idna_to_ascii_4z + fun:idna_to_ascii_8z + fun:gnutls_server_name_set + ... +} + +{ + libidn-strlen2 + Memcheck:Addr4 + fun:idna_to_ascii_4z + fun:idna_to_ascii_8z + fun:gnutls_server_name_get + ... +} + +{ + bash leak + Memcheck:Leak + match-leak-kinds: definite + fun:malloc + fun:xmalloc + fun:set_default_locale + fun:main +}