tests: added test for invalid private keys

Also force asan to return an error code other than one (the normally
expected for invalid keys).

3 files changed, 54 insertions, 2 deletions

diff --git a/tests/key-tests/Makefile.am b/tests/key-tests/Makefile.am
index cbfbe65bff..84f761e2d9 100644
--- a/tests/key-tests/Makefile.am
+++ b/tests/key-tests/Makefile.am
@@ -29,11 +29,11 @@ EXTRA_DIST = data/key-ca.pem data/key-user.pem \
 	data/cert.dsa.1024.pem data/cert.dsa.2048.pem data/cert.dsa.3072.pem \
 	data/dsa.1024.pem data/dsa.2048.pem data/dsa.3072.pem data/dsa-pubkey-1018.pem \
 	data/bad-key.pem data/p8key-illegal.pem data/key-illegal.pem data/pkcs8-pbes2-sha256.pem \
-	data/pkcs8-pbes1-des-md5.pem data/pkcs8-invalid8.der
+	data/pkcs8-pbes1-des-md5.pem data/pkcs8-invalid8.der data/key-invalid1.der
 
 dist_check_SCRIPTS = key-id pkcs8 pkcs8-decode dsa ecdsa illegal-rsa pkcs8-invalid
 
-TESTS = key-id pkcs8 pkcs8-decode ecdsa pkcs8-invalid
+TESTS = key-id pkcs8 pkcs8-decode ecdsa pkcs8-invalid key-invalid
 
 if !WITH_OLD_NETTLE
 TESTS += illegal-rsa
@@ -44,6 +44,7 @@ TESTS += dsa
 endif
 
 TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \
+	ASAN_OPTIONS="exitcode=6"				\
 	LC_ALL="C"						\
 	VALGRIND="$(VALGRIND)"					\
 	top_builddir="$(top_builddir)"				\
diff --git a/tests/key-tests/data/key-invalid1.der b/tests/key-tests/data/key-invalid1.der
new file mode 100644
index 0000000000..909ee82a7a
--- /dev/null
+++ b/tests/key-tests/data/key-invalid1.der
diff --git a/tests/key-tests/key-invalid b/tests/key-tests/key-invalid
new file mode 100755
index 0000000000..43315a64e3
--- /dev/null
+++ b/tests/key-tests/key-invalid
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+# Copyright (C) 2004-2006, 2010, 2012 Free Software Foundation, Inc.
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
+DIFF="${DIFF:-diff -b -B}"
+TMPFILE=key-invalid.$$.tmp
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+fi
+
+ret=0
+for p8 in "key-invalid1.der";do
+	set -- ${p8}
+	file="$1"
+	${VALGRIND} "${CERTTOOL}" --inder --key-info \
+		--infile "${srcdir}/data/${file}"
+	rc=$?
+	if test ${rc} != 1; then
+		echo "FATAL ${p8} - errno ${rc}"
+		ret=1
+	else
+		echo "OK ${p8} - errno ${rc}"
+	fi
+done
+
+rm -f $TMPFILE
+
+echo "DONE (rc $ret)"
+exit $ret