ci: Add valgrind runs for all crypto backends

The libgcrypt has a lot of reachable code so allowing it to fail Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-08-05 20:55:46 +03:00 · 2024-07-01 20:05:39 +02:00
parent ec6363d6b5
commit 13935fca7e
2 changed files with 65 additions and 5 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -226,11 +226,7 @@ fedora/openssl_3.0.x/x86_64/minimal:
      -DWITH_GEX=OFF .. &&
      make -j$(nproc)

-# The PKCS#11 support is turned off as it brings dozens of memory issues from
-# engine_pkcs11 or openssl itself
-fedora/valgrind:
-  variables:
-    CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=OFF
+.valgrind:
  extends: .fedora
  stage: analysis
  script:
@@ -239,6 +235,24 @@ fedora/valgrind:
      make test_memcheck
    - cat Testing/Temporary/MemoryChecker.*.log | wc -l | grep "^0$"

+# The PKCS#11 support is turned off as it brings dozens of memory issues from
+# engine_pkcs11 or openssl itself
+fedora/valgrind/openssl:
+  variables:
+    CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=OFF
+  extends: .valgrind
+
+fedora/valgrind/mbedtls:
+  variables:
+    CMAKE_ADDITIONAL_OPTIONS: -DWITH_MBEDTLS=ON
+  extends: .valgrind
+
+fedora/valgrind/libgcrypt:
+  variables:
+    CMAKE_ADDITIONAL_OPTIONS: -DWITH_GCRYPT=ON
+  extends: .valgrind
+  allow_failure: true
+
 # Address sanitizer doesn't mix well with LD_PRELOAD used in the testsuite
 # so, this is only enabled for unit tests right now.
 # TODO: add -DCLIENT_TESTING=ON -DSERVER_TESTING=ON
--- a/tests/valgrind.supp
+++ b/tests/valgrind.supp
@@ -151,3 +151,49 @@
   fun:torture_run_tests
   fun:main
 }
+
+## libgcrypt
+{
+   Reachable allocations from libgcrypt
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   ...
+   fun:gcry_check_version
+   fun:ssh_crypto_init
+   fun:_ssh_init
+   fun:libssh_constructor
+   fun:call_init
+   fun:__libc_start_main@@GLIBC_2.34
+   fun:(below main)
+}
+{
+   randomize in libgcrypt keeps some memory around
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   ...
+   fun:_gcry_xmalloc
+   fun:_gcry_xcalloc
+   fun:initialize.lto_priv.0
+   fun:_gcry_rngcsprng_randomize
+   fun:ssh_get_random
+   ...
+}
+{
+   EC key operation allocs some reachable memory
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   ...
+   fun:_gcry_xmalloc
+   fun:_gcry_mpi_alloc
+   fun:_gcry_mpi_scan
+   fun:ec_p_init.lto_priv.0
+   ...
+   fun:_gcry_mpi_ec_internal_new
+   fun:ecc_sign.lto_priv.0
+   fun:_gcry_pk_sign
+   fun:gcry_pk_sign
+   ...
+}