From 72a3327c13b85cb6281ae902c0d35c9f4e34e436 Mon Sep 17 00:00:00 2001 From: Tim Ruffing Date: Wed, 4 Mar 2020 17:33:28 +0100 Subject: [PATCH] Add constant-time test to `make check` and make Travis fail if it fails Moreover, this changes the way Travis runs the constant-time tests by adding a `--error-exitcode=1` parameter to valgrind. Without that parameter, valgrind simply passes the exit code through, even in the case of valgrind errors. That is, Travis would succeed even if valgrind found problems. --- .gitignore | 2 ++ .travis.yml | 2 +- Makefile.am | 3 ++- src/valgrind_ctime_test.c | 2 +- valgrind_ctime_test.sh | 12 ++++++++++++ 5 files changed, 18 insertions(+), 3 deletions(-) create mode 100755 valgrind_ctime_test.sh diff --git a/.gitignore b/.gitignore index cb4331aa90..c061705f4e 100644 --- a/.gitignore +++ b/.gitignore @@ -31,6 +31,8 @@ libtool *.lo *.o *~ +*.log +*.trs src/libsecp256k1-config.h src/libsecp256k1-config.h.in src/ecmult_static_context.h diff --git a/.travis.yml b/.travis.yml index ff4a6d2bc9..de3ea39d83 100644 --- a/.travis.yml +++ b/.travis.yml @@ -95,7 +95,7 @@ script: travis_wait 30 valgrind --error-exitcode=42 ./exhaustive_tests; fi - if [ -n "$CTIMETEST" ]; then - libtool --mode=execute valgrind ./valgrind_ctime_test &> valgrind_ctime_test.log; + ./valgrind_ctime_test.sh &> valgrind_ctime_test.log; fi after_script: diff --git a/Makefile.am b/Makefile.am index e73b1baf38..8fc07ac890 100644 --- a/Makefile.am +++ b/Makefile.am @@ -96,6 +96,7 @@ tests_CPPFLAGS = -DSECP256K1_BUILD -I$(top_srcdir)/src -I$(top_srcdir)/include $ if VALGRIND_ENABLED tests_CPPFLAGS += -DVALGRIND noinst_PROGRAMS += valgrind_ctime_test +TESTS += valgrind_ctime_test.sh valgrind_ctime_test_SOURCES = src/valgrind_ctime_test.c valgrind_ctime_test_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) endif @@ -141,7 +142,7 @@ src/ecmult_static_context.h: $(gen_context_BIN) CLEANFILES = $(gen_context_BIN) src/ecmult_static_context.h endif -EXTRA_DIST = autogen.sh src/gen_context.c src/basic-config.h +EXTRA_DIST = autogen.sh valgrind_ctime_test.sh src/gen_context.c src/basic-config.h if ENABLE_MODULE_ECDH include src/modules/ecdh/Makefile.am.include diff --git a/src/valgrind_ctime_test.c b/src/valgrind_ctime_test.c index 04c06d498f..24b5887450 100644 --- a/src/valgrind_ctime_test.c +++ b/src/valgrind_ctime_test.c @@ -28,7 +28,7 @@ int main(void) { if (!RUNNING_ON_VALGRIND) { fprintf(stderr, "This test can only usefully be run inside valgrind.\n"); fprintf(stderr, "Usage: libtool --mode=execute valgrind ./valgrind_ctime_test\n"); - exit(1); + exit(99); /* indicates "ERROR" in make check */ } /** In theory, testing with a single secret input should be sufficient: diff --git a/valgrind_ctime_test.sh b/valgrind_ctime_test.sh new file mode 100755 index 0000000000..6b90242d2d --- /dev/null +++ b/valgrind_ctime_test.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +libtool --mode=execute valgrind --error-exitcode=1 ./valgrind_ctime_test "$@" + +case $? in + 127) # "command not found", i.e., either libtool or valgrind not installed + exit 77 # map this to "SKIP" (=77) for make check + ;; + *) + exit $? + ;; +esac