From 7770ea82d5772612f6ae9afc2a1b931079bd4eb0 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 10 Oct 2016 15:46:20 +0100 Subject: [PATCH 01/13] Add seed cmdline arg to test scripts --- tests/scripts/all.sh | 19 +++++++++++++++++++ tests/ssl-opt.sh | 6 +++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ee0df0cc45..6b3396059d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -32,6 +32,7 @@ CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 FORCE=0 +RELEASE=0 # Default commands, can be overriden by the environment : ${OPENSSL:="openssl"} @@ -48,6 +49,8 @@ usage() printf " -h|--help\t\tPrint this help.\n" printf " -m|--memory\t\tAdditional optional memory tests.\n" printf " -f|--force\t\tForce the tests to overwrite any modified files.\n" + printf " -s|--seed\t\tInteger seed value to use for this test run.\n" + printf " -r|--release-test\t\tRun this script in release mode. This fixes the seed value to 1.\n" printf " --out-of-source-dir=\t\tDirectory used for CMake out-of-source build tests." printf " --openssl=\t\tPath to OpenSSL executable to use for most tests.\n" printf " --openssl-legacy=\t\tPath to OpenSSL executable to use for legacy tests e.g. SSLv3.\n" @@ -106,6 +109,13 @@ while [ $# -gt 0 ]; do --force|-f) FORCE=1 ;; + --seed|-s) + shift + SEED="$1" + ;; + --release-test|-r) + RELEASE=1 + ;; --out-of-source-dir) shift OUT_OF_SOURCE_DIR="$1" @@ -171,9 +181,15 @@ else fi fi +if [ $RELEASE -eq 1 ]; then + # Fix the seed value to 1 to ensure that the tests are deterministic. + SEED=1 +fi + msg "info: $0 configuration" echo "MEMORY: $MEMORY" echo "FORCE: $FORCE" +echo "SEED: ${SEED-"UNSET"}" echo "OPENSSL: $OPENSSL" echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" echo "GNUTLS_CLI: $GNUTLS_CLI" @@ -187,6 +203,9 @@ export OPENSSL_CMD="$OPENSSL" export GNUTLS_CLI="$GNUTLS_CLI" export GNUTLS_SERV="$GNUTLS_SERV" +# Avoid passing --seed flag in every call to ssl-opt.sh +[ ! -z ${SEED+set} ] && export SEED + # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d9c45cd7a2..429d9cd19a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -58,6 +58,7 @@ print_usage() { printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n" printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" + printf " --seed\tInteger seed value to use for this test run\n" } get_options() { @@ -81,6 +82,9 @@ get_options() { -p|--preserve-logs) PRESERVE_LOGS=1 ;; + --seed) + shift; SEED="$1" + ;; -h|--help) print_usage exit 0 @@ -595,7 +599,7 @@ unset PORT_BASE # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" -P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT" +P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" O_CLI="$O_CLI -connect localhost:+SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT" From 1aae658d76d7cc98e698777b2bbe4a075dfe38ec Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 26 Sep 2016 09:15:44 +0100 Subject: [PATCH 02/13] Add safety check to sample mutex implementation Due to inconsistent freeing strategy in pkparse.c the sample mutex implementation in threading.c could lead to undefined behaviour by destroying the same mutex several times. This fix prevents mutexes from being destroyed several times in the sample threading implementation. --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index f8890dc70f..e6a4dbc765 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,8 @@ Bugfix * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. + * Fixed default threading implementation to avoid accidental double + initialisations and double frees. Changes * Extended test coverage of special cases, and added new timing test suite. From 8abc6b86f98cdfa6bf6788e512a73b1806a442c0 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 11 Oct 2016 15:41:40 +0100 Subject: [PATCH 03/13] Fix memory leak in test_suite_cmac.function --- tests/suites/test_suite_cmac.function | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 1f88ddcfe4..0cb437b670 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -93,6 +93,9 @@ void mbedtls_cmac_null_args( ) NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + +exit: + mbedtls_cipher_free( &ctx ); } /* END_CASE */ @@ -144,6 +147,8 @@ void mbedtls_cmac_multiple_blocks( int cipher_type, unhexify( block4, block4_string ); unhexify( expected_result, expected_result_string ); + mbedtls_cipher_init( &ctx ); + /* Validate the test inputs */ TEST_ASSERT( block1_len <= 100 ); TEST_ASSERT( block2_len <= 100 ); @@ -154,8 +159,6 @@ void mbedtls_cmac_multiple_blocks( int cipher_type, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); - mbedtls_cipher_init( &ctx ); - TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, @@ -231,6 +234,8 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type, unhexify( expected_result_a, expected_result_a_string ); unhexify( expected_result_b, expected_result_b_string ); + mbedtls_cipher_init( &ctx ); + /* Validate the test inputs */ TEST_ASSERT( block_a1_len <= 100 ); TEST_ASSERT( block_a2_len <= 100 ); @@ -244,8 +249,6 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); - mbedtls_cipher_init( &ctx ); - TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 ); TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx, From d4443582479d3ffcf16b3e376db73de9f3f7e25f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 12 Oct 2016 10:00:42 +0100 Subject: [PATCH 04/13] Fix memory leaks in CMAC tests --- library/cmac.c | 21 ++++++++++++++------- tests/suites/test_suite_cmac.function | 2 +- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 62f2a6abb4..ee2fe056ce 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -737,19 +737,19 @@ static int cmac_test_subkeys( int verbose, return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); } - mbedtls_cipher_init( &ctx ); - for( i = 0; i < num_tests; i++ ) { if( verbose != 0 ) mbedtls_printf( " %s CMAC subkey #%u: ", testname, i + 1 ); + mbedtls_cipher_init( &ctx ); + if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "test execution failed\n" ); - goto exit; + goto cleanup; } if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits, @@ -758,7 +758,7 @@ static int cmac_test_subkeys( int verbose, if( verbose != 0 ) mbedtls_printf( "test execution failed\n" ); - goto exit; + goto cleanup; } ret = cmac_generate_subkeys( &ctx, K1, K2 ); @@ -766,7 +766,8 @@ static int cmac_test_subkeys( int verbose, { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - goto exit; + + goto cleanup; } if( ( ret = memcmp( K1, subkeys, block_size ) ) != 0 || @@ -774,16 +775,22 @@ static int cmac_test_subkeys( int verbose, { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - goto exit; + + goto cleanup; } if( verbose != 0 ) mbedtls_printf( "passed\n" ); + + mbedtls_cipher_free( &ctx ); } -exit: + goto exit; + +cleanup: mbedtls_cipher_free( &ctx ); +exit: return( ret ); } diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 0cb437b670..4b31ab2ffd 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -93,7 +93,6 @@ void mbedtls_cmac_null_args( ) NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - exit: mbedtls_cipher_free( &ctx ); } @@ -114,6 +113,7 @@ void mbedtls_cmac_setkey( int cipher_type, int key_size, TEST_ASSERT( ( cipher_info = mbedtls_cipher_info_from_type( cipher_type ) ) != NULL ); + memset( buf, 0x2A, sizeof( buf ) ); TEST_ASSERT( ( result == mbedtls_cipher_cmac( cipher_info, key, key_size, buf, 16, tmp ) ) != 0 ); } From cd153278eb616e2c877d320a3a6bdd0658399676 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 4 Oct 2016 12:06:50 +0100 Subject: [PATCH 05/13] Fix typo in docs for mbedtls_x509write_csr_der() --- include/mbedtls/x509_csr.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 7a9c2e0550..fe9843cb54 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -282,7 +282,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s * * \note f_rng may be NULL if RSA is used for signature and the * signature is made offline (otherwise f_rng is desirable - * for couermeasures against timing attacks). + * for countermeasures against timing attacks). * ECDSA signatures always require a non-NULL f_rng. */ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, From 776a6fcd1a55818f70a843e249649a390545f48f Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 26 Sep 2016 09:52:41 +0100 Subject: [PATCH 06/13] Fix 1 byte overread in mbedtls_asn1_get_int() --- ChangeLog | 4 ++-- library/asn1parse.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index e6a4dbc765..8d76eb93cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,13 +31,13 @@ Bugfix a contribution from Tobias Tangemann. #541 * Fixed cert_app sample program for debug output and for use when no root certificates are provided. + * Fix conditional statement that would cause a 1 byte overread in + mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. * Fixed pthread implementation to avoid unintended double initialisations and double frees. (found by Niklas Amnebratt) * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. - * Fixed default threading implementation to avoid accidental double - initialisations and double frees. Changes * Extended test coverage of special cases, and added new timing test suite. diff --git a/library/asn1parse.c b/library/asn1parse.c index ffa2f5299a..4dd65c03c0 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -153,7 +153,7 @@ int mbedtls_asn1_get_int( unsigned char **p, if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) return( ret ); - if( len > sizeof( int ) || ( **p & 0x80 ) != 0 ) + if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 ) return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); *val = 0; From 3a5e0709828a6550bfe16261b9ff946bbfacc3d0 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 12 Oct 2016 16:37:59 +0100 Subject: [PATCH 07/13] Updated Changelog for fix #599 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 8d76eb93cb..c77c58fe66 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,7 +32,7 @@ Bugfix * Fixed cert_app sample program for debug output and for use when no root certificates are provided. * Fix conditional statement that would cause a 1 byte overread in - mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. + mbedtls_asn1_get_int(). Found and fixed by Guido Vranken. #599 * Fixed pthread implementation to avoid unintended double initialisations and double frees. (found by Niklas Amnebratt) * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for From 821da84ff9894060e615e51c50306c361c3411b8 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Mon, 26 Sep 2016 10:09:30 +0100 Subject: [PATCH 08/13] Fix documentation for mbedtls_gcm_finish() Fix implementation and documentation missmatch for the function arguments to mbedtls_gcm_finish(). Also, removed redundant if condition that always evaluates to true. --- ChangeLog | 2 ++ include/mbedtls/gcm.h | 4 ++-- library/gcm.c | 3 +-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index c77c58fe66..fc08e896c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,8 @@ Bugfix * Fixed the sample applications gen_key.c, cert_req.c and cert_write.c for builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. + * Fix documentation and implementation missmatch for function arguments of + mbedtls_gcm_finish(). Found by cmiatpaar. Changes * Extended test coverage of special cases, and added new timing test suite. diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 6743ac9a5f..1b77aaedd4 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -190,8 +190,8 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, * 16 bytes. * * \param ctx GCM context - * \param tag buffer for holding the tag (may be NULL if tag_len is 0) - * \param tag_len length of the tag to generate + * \param tag buffer for holding the tag + * \param tag_len length of the tag to generate (must be at least 4) * * \return 0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT */ diff --git a/library/gcm.c b/library/gcm.c index aaacf97d61..f1210c52c3 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -415,8 +415,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, if( tag_len > 16 || tag_len < 4 ) return( MBEDTLS_ERR_GCM_BAD_INPUT ); - if( tag_len != 0 ) - memcpy( tag, ctx->base_ectr, tag_len ); + memcpy( tag, ctx->base_ectr, tag_len ); if( orig_len || orig_add_len ) { From f6e3b9e8b21110e61c06837ed582ab4211289199 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 12 Oct 2016 19:47:29 +0100 Subject: [PATCH 09/13] Clarified Changelog for fix #602 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index fc08e896c1..2e89c6afe9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,7 +39,7 @@ Bugfix builds where the configuration MBEDTLS_PEM_WRITE_C is not defined. Found by inestlerode. #559. * Fix documentation and implementation missmatch for function arguments of - mbedtls_gcm_finish(). Found by cmiatpaar. + mbedtls_gcm_finish(). Found by cmiatpaar. #602 Changes * Extended test coverage of special cases, and added new timing test suite. From ef441784749d14ea9f8afad3f258489d2445c438 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 21 Sep 2016 13:18:12 +0100 Subject: [PATCH 10/13] Restore P>Q in RSA key generation (#558) The PKCS#1 standard says nothing about the relation between P and Q but many libraries guarantee P>Q and mbed TLS did so too in earlier versions. This commit restores this behaviour. --- ChangeLog | 1 + library/rsa.c | 18 ++++++++---------- tests/suites/test_suite_rsa.data | 2 +- tests/suites/test_suite_rsa.function | 1 + 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2e89c6afe9..ab626b96a3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,7 @@ Bugfix by inestlerode. #559. * Fix documentation and implementation missmatch for function arguments of mbedtls_gcm_finish(). Found by cmiatpaar. #602 + * Guarantee that P>Q at RSA key generation. #558 Changes * Extended test coverage of special cases, and added new timing test suite. diff --git a/library/rsa.c b/library/rsa.c index 7a33689b2e..40ef2a9480 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -102,7 +102,10 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); + if( nbits % 2 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); /* @@ -116,16 +119,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0, f_rng, p_rng ) ); - if( nbits % 2 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, ( nbits >> 1 ) + 1, 0, + MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, f_rng, p_rng ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, - f_rng, p_rng ) ); - } if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) continue; @@ -134,6 +129,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, if( mbedtls_mpi_bitlen( &ctx->N ) != nbits ) continue; + if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) + mbedtls_mpi_swap( &ctx->P, &ctx->Q ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) ); diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index d522332a26..af168805fd 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -361,7 +361,7 @@ RSA Generate Key - 2048 bit key mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key -mbedtls_rsa_gen_key:1025:3:0 +mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 8837e3a837..d48bc8595e 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -678,6 +678,7 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) if( result == 0 ) { TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &ctx.Q ) > 0 ); } exit: From 4d69ecd9cb57cd77aee9519454618c98e4373b30 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 13 Oct 2016 00:14:37 +0100 Subject: [PATCH 11/13] Added credit to Changelog for fix #558 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ab626b96a3..b011ee42a4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,7 +40,7 @@ Bugfix by inestlerode. #559. * Fix documentation and implementation missmatch for function arguments of mbedtls_gcm_finish(). Found by cmiatpaar. #602 - * Guarantee that P>Q at RSA key generation. #558 + * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558 Changes * Extended test coverage of special cases, and added new timing test suite. From e019296ab7d0206dc6bc137a398b3f7f5c15f733 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 12 Oct 2016 23:07:30 +0100 Subject: [PATCH 12/13] Fix stdio redirection memory leak in test suites --- tests/suites/helpers.function | 5 +++++ tests/suites/main_test.function | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 5938447af1..ff3ab99e48 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -140,6 +140,11 @@ static int restore_output( FILE** out_stream, int old_fd ) return 0; } + +static void close_output( FILE* stdout ) +{ + fclose( stdout ); +} #endif /* __unix__ || __APPLE__ __MACH__ */ static int unhexify( unsigned char *obuf, const char *ibuf ) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 14209a576e..afff5a4823 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -261,7 +261,7 @@ int main(int argc, const char *argv[]) char buf[5000]; char *params[50]; void *pointer; - int stdout_fd = 0; + int stdout_fd = -1; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) @@ -499,6 +499,11 @@ int main(int argc, const char *argv[]) mbedtls_memory_buffer_alloc_free(); #endif +#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) + if( stdout_fd != -1 ) + close_output( stdout ); +#endif /* __unix__ || __APPLE__ __MACH__ */ + return( total_errors != 0 ); } From e709f7c9e07b54542f368297272b0fca36304300 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 13 Oct 2016 11:26:29 +0100 Subject: [PATCH 13/13] Fix global variable shadowing --- tests/suites/helpers.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index ff3ab99e48..63815df852 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -141,9 +141,9 @@ static int restore_output( FILE** out_stream, int old_fd ) return 0; } -static void close_output( FILE* stdout ) +static void close_output( FILE* out_stream ) { - fclose( stdout ); + fclose( out_stream ); } #endif /* __unix__ || __APPLE__ __MACH__ */