From 9b04e19129bdaacc68cada54bd84e4a66e52ee52 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 12 Jun 2018 20:16:03 +0100 Subject: [PATCH 1/2] Use grep to detect zeroize test failures on GDB This patch uses grep to search the GDB output for errors as there is a bug in the tool that causes it to return 0 to the system even though there was a problem in the script. This patch also fixes the zeroize test to work with the --keep-going option in all.sh. --- tests/scripts/all.sh | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4894ad9b5..439a6bf13 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -896,12 +896,29 @@ cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" unset MBEDTLS_ROOT_DIR +# Test that the function mbedtls_platform_zeroize() is not optimized away by +# different combinations of compilers and optimization flags by using an +# auxiliary GDB script. Unfortunately, GDB does not return error values to the +# system in all cases that the script fails, so we must manually search the +# output to check whether the pass string is present and no failure strings +# were printed. for optimization_flag in -O2 -O3 -Ofast -Os; do for compiler in clang gcc; do msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" cleanup - CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" make programs - gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx + make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" + if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx > test_zeroize.log 2>&1 + if [ ! -s test_zeroize.log ]; then + err_msg "test_zeroize.log was not found or is empty" + record_status [ -s test_zeroize.log ] + elif ! grep "The buffer was correctly zeroized" test_zeroize.log >/dev/null 2>&1; then + err_msg "test_zeroize.log does not contain pass string" + record_status false + elif grep -i "error" test_zeroize.log >/dev/null 2>&1; then + err_msg "test_zeroize.log contains error string" + record_status false + fi + rm -f test_zeroize.log done done From 7994766581546762745efc0a13dd9a90a8b7787b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 20 Jun 2018 09:34:54 +0100 Subject: [PATCH 2/2] Fix usage of if_build_succeeded in all.sh zeroize test --- tests/scripts/all.sh | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 439a6bf13..01d69c762 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -357,6 +357,12 @@ if_build_succeeded () { fi } +# to be used instead of ! for commands run with +# record_status or if_build_succeeded +not() { + ! "$@" +} + msg "info: $0 configuration" echo "MEMORY: $MEMORY" echo "FORCE: $FORCE" @@ -907,17 +913,10 @@ for optimization_flag in -O2 -O3 -Ofast -Os; do msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" cleanup make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx > test_zeroize.log 2>&1 - if [ ! -s test_zeroize.log ]; then - err_msg "test_zeroize.log was not found or is empty" - record_status [ -s test_zeroize.log ] - elif ! grep "The buffer was correctly zeroized" test_zeroize.log >/dev/null 2>&1; then - err_msg "test_zeroize.log does not contain pass string" - record_status false - elif grep -i "error" test_zeroize.log >/dev/null 2>&1; then - err_msg "test_zeroize.log contains error string" - record_status false - fi + if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log + if_build_succeeded [ -s test_zeroize.log ] + if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log + if_build_succeeded not grep -i "error" test_zeroize.log rm -f test_zeroize.log done done