From c935dc12550be64ac300fc995038af390b45abf5 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 9 Nov 2015 23:34:03 +0100
Subject: tests: suite: eliminate many leaks in the tests and run them under
 valgrind

---
 tests/suite/Makefile.am                     |   7 +-
 tests/suite/chain                           |  32 ++--
 tests/suite/pkcs11-is-known.c               |   4 +-
 tests/suite/suppressions.valgrind           |  30 +++-
 tests/suite/testsrn                         |  30 ++--
 tests/suite/x509paths/suppressions.valgrind | 270 ++++++++++++++++++++++++++++
 6 files changed, 339 insertions(+), 34 deletions(-)
 create mode 100644 tests/suite/x509paths/suppressions.valgrind

diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am
index 150a64cf1d..6a012ca95c 100644
--- a/tests/suite/Makefile.am
+++ b/tests/suite/Makefile.am
@@ -100,7 +100,6 @@ endif
 TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \
 	LC_ALL="C"					\
 	VALGRIND="$(VALGRIND)"				\
-	LIBTOOL="$(LIBTOOL)"				\
 	top_builddir="$(top_builddir)"			\
 	srcdir="$(srcdir)"
 
@@ -124,6 +123,6 @@ endif
 
 #pkcs11-chainverify cannot run under valgrind (or hell breaks loose)
 
-#if WANT_TEST_SUITE
-#LOG_COMPILER = $(VALGRIND)
-#endif
+if WANT_TEST_SUITE
+LOG_COMPILER = $(VALGRIND)
+endif
diff --git a/tests/suite/chain b/tests/suite/chain
index f67ad163da..10868f97b9 100755
--- a/tests/suite/chain
+++ b/tests/suite/chain
@@ -20,7 +20,11 @@
 # along with GnuTLS; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
-CERTTOOL="../../../src/certtool"
+CERTTOOL="${CERTTOOL:-../../../src/certtool${EXEEXT}}"
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
 
 SUCCESS=" 1 4 7 12 15 16 17 18 24 26 27 30 33 56 57 62 63 "
 FAILURE=" 2 3 5 6 8 9 10 11 13 14 19 20 21 22 23 25 28 29 31 32 54 55 58 59 60 61 "
@@ -34,33 +38,33 @@ RET=0
 
 i=1
 while test -d X509tests/test${i}; do
-	find X509tests/test${i} -name *.crl -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --crl-info --inder --infile > chains/chain${i}.pem  2>/dev/null
-	find X509tests/test${i} -name E*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+	find X509tests/test${i} -name *.crl -print0 |sort -r -z|xargs -n1 --null ${VALGRIND}  "${CERTTOOL}" --crl-info --inder --infile > chains/chain${i}.pem 
+	find X509tests/test${i} -name E*.crt -print0 |sort -r -z|xargs -n1 --null ${VALGRIND}  "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 
 	if test "${i}" -gt 1; then
-		find X509tests/test${i} -name I*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
+		find X509tests/test${i} -name I*.crt -print0 |sort -r -z|xargs -n1 --null ${VALGRIND}  "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 
 	fi
-	find X509tests/test${i} -name T*.crt -print0 |sort -r -z|xargs -n1 --null "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 2>/dev/null
-	"${CERTTOOL}" -e --infile chains/chain${i}.pem > out 2>&1
+	find X509tests/test${i} -name T*.crt -print0 |sort -r -z|xargs -n1 --null ${VALGRIND}  "${CERTTOOL}" --certificate-info --inder --infile >> chains/chain${i}.pem 
+	${VALGRIND} "${CERTTOOL}" -e --infile chains/chain${i}.pem > out
 	rc=$?
 	if test $rc != 0 && test $rc != 1; then
 		echo "Chain ${i} FATAL failure."
-		RET=1
+		exit 1
 	else
-		if echo "$KNOWN_BUGS" | grep " ${i} " > /dev/null 2>&1; then
+		if echo "$KNOWN_BUGS" | grep " ${i} " > /dev/null; then
 				echo "Chain ${i} verification was skipped due to known bug."
-		elif echo "$SUCCESS" | grep " ${i} " > /dev/null 2>&1; then
-			if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
+		elif echo "$SUCCESS" | grep " ${i} " > /dev/null; then
+			if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null; then
 				echo "Chain ${i} verification failure UNEXPECTED."
-				RET=1
+				exit 1
 			else
 				echo "Chain ${i} verification success as expected."
 			fi
-		elif echo "$FAILURE" | grep " ${i} " >/dev/null 2>&1; then
-			if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null 2>&1; then
+		elif echo "$FAILURE" | grep " ${i} " >/dev/null; then
+			if grep 'Chain verification output:' out | grep -v 'Chain verification output: Verified\.' > /dev/null; then
 				echo "Chain ${i} verification failure as expected."
 			else
 				echo "Chain ${i} verification success UNEXPECTED. "
-				RET=1
+				exit 1
 			fi
 		else
 			echo "Chain ${i} unclassified."
diff --git a/tests/suite/pkcs11-is-known.c b/tests/suite/pkcs11-is-known.c
index 55fa26cd39..3f4c4a8b37 100644
--- a/tests/suite/pkcs11-is-known.c
+++ b/tests/suite/pkcs11-is-known.c
@@ -405,7 +405,7 @@ void doit(void)
 	}
 	gnutls_x509_crt_deinit(issuer);
 
-	gnutls_x509_trust_list_deinit(tl, 0);
+	gnutls_x509_trust_list_deinit(tl, 1);
 
 
 
@@ -446,7 +446,7 @@ void doit(void)
 	}
 
 
-	gnutls_x509_trust_list_deinit(tl, 0);
+	gnutls_x509_trust_list_deinit(tl, 1);
 
 	/* deinit */
 	if (debug)
diff --git a/tests/suite/suppressions.valgrind b/tests/suite/suppressions.valgrind
index 7b5018ac89..47e4cda8b4 100644
--- a/tests/suite/suppressions.valgrind
+++ b/tests/suite/suppressions.valgrind
@@ -237,6 +237,34 @@
    Memcheck:Addr4
    fun:idna_to_ascii_4z
    fun:idna_to_ascii_8z
+   fun:gnutls_x509_crt_check_hostname2
    ...
 }
- 
\ No newline at end of file
+
+{
+   libidn-strlen2
+   Memcheck:Addr4
+   fun:idna_to_ascii_4z
+   fun:idna_to_ascii_8z
+   fun:gnutls_server_name_set
+   ...
+}
+
+{
+   libidn-strlen2
+   Memcheck:Addr4
+   fun:idna_to_ascii_4z
+   fun:idna_to_ascii_8z
+   fun:gnutls_server_name_get
+   ...
+}
+
+{
+   bash leak
+   Memcheck:Leak
+   match-leak-kinds: definite
+   fun:malloc
+   fun:xmalloc
+   fun:set_default_locale
+   fun:main
+}
diff --git a/tests/suite/testsrn b/tests/suite/testsrn
index 3ea2c1506e..0a25a22917 100755
--- a/tests/suite/testsrn
+++ b/tests/suite/testsrn
@@ -29,6 +29,10 @@ if test "${WINDIR}" != ""; then
 	exit 77
 fi 
 
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
 . "${srcdir}/../scripts/common.sh"
 
 PORT="${PORT:-${RPORT}}"
@@ -39,19 +43,19 @@ launch_server $$ --echo --priority NORMAL:+ANON-DH:%PARTIAL_RENEGOTIATION --dhpa
 PID=$!
 wait_server ${PID}
 
-"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-TLS1.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NONE:+AES-128-CBC:+MD5:+SHA1:+VERS-TLS1.0:+ANON-DH:+COMP-NULL:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
 	fail ${PID} "0. Renegotiation should have succeeded!"
 
-"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
 	fail ${PID} "1. Safe rehandshake should have succeeded!"
 
-"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
 	fail ${PID} "2. Unsafe rehandshake should have succeeded!"
 
-"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
 	fail ${PID} "3. Unsafe negotiation should have succeeded!"
 
-"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
 	fail ${PID} "4. Unsafe renegotiation should have failed!"
 
 
@@ -62,16 +66,16 @@ launch_server $$  --echo --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION --dhpara
 PID=$!
 wait_server ${PID}
 
-"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
 	fail ${PID} "5. Safe rehandshake should have succeeded!"
 
-"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
 	fail ${PID} "6. Unsafe rehandshake should have succeeded!"
 
-"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
 	fail ${PID} "7. Unsafe negotiation should have failed!"
 
-"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
 	fail ${PID} "8. Unsafe renegotiation should have failed!"
 
 kill ${PID}
@@ -81,16 +85,16 @@ launch_server $$ --echo --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION -
 PID=$!
 wait_server ${PID}
 
-"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 && \
 	fail ${PID} "9. Initial connection should have failed!"
 
-"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
 	fail ${PID} "10. Unsafe connection should have succeeded!"
 
-"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
 	fail ${PID} "11. Unsafe negotiation should have succeeded!"
 
-"${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
+${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --rehandshake --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
 	fail ${PID} "12. Unsafe renegotiation should have succeeded!"
 
 kill ${PID}
diff --git a/tests/suite/x509paths/suppressions.valgrind b/tests/suite/x509paths/suppressions.valgrind
new file mode 100644
index 0000000000..47e4cda8b4
--- /dev/null
+++ b/tests/suite/x509paths/suppressions.valgrind
@@ -0,0 +1,270 @@
+# suppressions -- Valgrind suppresion file for libgcrypt
+
+# Copyright (C) 2008-2012 Free Software Foundation, Inc.
+
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved.
+
+{
+   zlib inflateInit
+   Memcheck:Cond
+   fun:inflateReset2
+   fun:inflateInit2_
+   fun:_gnutls_comp_init
+   fun:_gnutls_init_record_state
+   fun:_gnutls_epoch_set_keys
+   fun:_gnutls_write_connection_state_init
+   fun:_gnutls_send_handshake_final
+}
+
+{
+   libgcrypt1
+   Memcheck:Leak
+   fun:malloc
+   fun:_gcry_private_malloc
+   fun:do_malloc
+   fun:_gcry_malloc
+   fun:_gcry_module_add
+   fun:gcry_pk_register_default
+   fun:_gcry_pk_init
+   fun:global_init
+   fun:_gcry_check_version
+   fun:gcry_check_version
+   fun:gnutls_global_init
+}
+
+{
+   libgcrypt1-new
+   Memcheck:Leak
+   fun:malloc
+   fun:_gcry_private_malloc
+   fun:do_malloc
+   fun:_gcry_malloc
+   fun:_gcry_module_add
+   fun:pk_register_default
+   fun:_gcry_pk_init
+   fun:global_init
+   fun:_gcry_check_version
+   fun:gcry_check_version
+   fun:gnutls_global_init
+}
+
+{
+   libgcrypt2
+   Memcheck:Leak
+   fun:malloc
+   fun:_gcry_private_malloc
+   fun:do_malloc
+   fun:_gcry_malloc
+   fun:_gcry_module_add
+   fun:gcry_md_register_default
+   fun:_gcry_md_init
+   fun:global_init
+   fun:_gcry_check_version
+   fun:gcry_check_version
+   fun:gnutls_global_init
+}
+
+{
+   libgcrypt2-new
+   Memcheck:Leak
+   fun:malloc
+   fun:_gcry_private_malloc
+   fun:do_malloc
+   fun:_gcry_malloc
+   fun:_gcry_module_add
+   fun:md_register_default
+   fun:_gcry_md_init
+   fun:global_init
+   fun:_gcry_check_version
+   fun:gcry_check_version
+   fun:gnutls_global_init
+}
+
+{
+   libgcrypt3
+   Memcheck:Leak
+   fun:malloc
+   fun:_gcry_private_malloc
+   fun:do_malloc
+   fun:_gcry_malloc
+   fun:_gcry_module_add
+   fun:gcry_cipher_register_default
+   fun:_gcry_cipher_init
+   fun:global_init
+   fun:_gcry_check_version
+   fun:gcry_check_version
+   fun:gnutls_global_init
+}
+
+{
+   libgcrypt3-new
+   Memcheck:Leak
+   fun:malloc
+   fun:_gcry_private_malloc
+   fun:do_malloc
+   fun:_gcry_malloc
+   fun:_gcry_module_add
+   fun:cipher_register_default
+   fun:_gcry_cipher_init
+   fun:global_init
+   fun:_gcry_check_version
+   fun:gcry_check_version
+   fun:gnutls_global_init
+}
+
+{
+   libgcrypt4
+   Memcheck:Leak
+   fun:malloc
+   fun:do_malloc
+   fun:_gcry_malloc
+   fun:_gcry_xmalloc
+   fun:_gcry_xcalloc
+   fun:initialize
+   fun:_gcry_randomize
+   fun:gcry_randomize
+   fun:gc_pseudo_random
+   fun:_gnutls_rnd_init
+   fun:gnutls_global_init
+}
+
+{
+   libgcrypt5
+   Memcheck:Leak
+   fun:malloc
+   fun:_gcry_private_malloc
+   fun:do_malloc
+   fun:_gcry_malloc
+   fun:_gcry_xmalloc
+   fun:_gcry_xcalloc
+   fun:initialize
+   fun:_gcry_randomize
+   fun:gcry_randomize
+   fun:gc_pseudo_random
+   fun:_gnutls_rnd_init
+   fun:gnutls_global_init
+}
+
+{
+   libgcrypt6
+   Memcheck:Leak
+   fun:malloc
+   fun:do_malloc
+   fun:_gcry_malloc
+   fun:_gcry_xmalloc
+   fun:_gcry_xcalloc
+   fun:initialize
+   fun:_gcry_create_nonce
+   fun:gcry_create_nonce
+   fun:wrap_gcry_rnd_init
+   fun:_gnutls_rnd_init
+   fun:gnutls_global_init
+}
+
+{
+   libgcrypt7
+   Memcheck:Leak
+   fun:malloc
+   fun:_gcry_private_malloc
+   fun:do_malloc
+   fun:_gcry_malloc
+   fun:_gcry_xmalloc
+   fun:_gcry_xcalloc
+   fun:initialize
+   fun:_gcry_create_nonce
+   fun:gcry_create_nonce
+   fun:wrap_gcry_rnd_init
+   fun:_gnutls_rnd_init
+   fun:gnutls_global_init
+}
+
+{
+   libgcrypt7-new
+   Memcheck:Leak
+   fun:malloc
+   fun:_gcry_private_malloc
+   fun:do_malloc
+   fun:_gcry_malloc
+   fun:_gcry_xmalloc
+   fun:_gcry_xcalloc
+   fun:initialize
+   fun:_gcry_rngcsprng_create_nonce
+   fun:_gcry_create_nonce
+   fun:gcry_create_nonce
+   fun:wrap_gcry_rnd_init
+   fun:_gnutls_rnd_init
+   fun:gnutls_global_init
+}
+
+{
+   ignore p11 leaks
+   Memcheck:Leak
+   fun:calloc
+   obj:*
+   obj:*
+   obj:*
+   obj:*
+   fun:p11_kit_initialize_registered
+   fun:gnutls_pkcs11_init
+   fun:gnutls_global_init
+}
+
+{
+   nettle memxor3
+   Memcheck:Addr8
+   fun:memxor3
+   obj:*
+}
+
+{
+   nettle memxor
+   Memcheck:Addr8
+   fun:memxor
+   obj:*
+}
+
+{
+   memxor_different_alignment
+   Memcheck:Addr8
+   fun:memxor_different_alignment
+   obj:*
+}
+
+{
+   libidn-strlen
+   Memcheck:Addr4
+   fun:idna_to_ascii_4z
+   fun:idna_to_ascii_8z
+   fun:gnutls_x509_crt_check_hostname2
+   ...
+}
+
+{
+   libidn-strlen2
+   Memcheck:Addr4
+   fun:idna_to_ascii_4z
+   fun:idna_to_ascii_8z
+   fun:gnutls_server_name_set
+   ...
+}
+
+{
+   libidn-strlen2
+   Memcheck:Addr4
+   fun:idna_to_ascii_4z
+   fun:idna_to_ascii_8z
+   fun:gnutls_server_name_get
+   ...
+}
+
+{
+   bash leak
+   Memcheck:Leak
+   match-leak-kinds: definite
+   fun:malloc
+   fun:xmalloc
+   fun:set_default_locale
+   fun:main
+}
-- 
cgit v1.2.1