forked from wolfSSL/wolfssl
Merge pull request #7131 from bandi13/fips-check-upgrades
Fips check upgrades
This commit is contained in:
David Garske
GitHub
@ -16,6 +16,7 @@ GIT="${GIT:-git -c advice.detachedHead=false}"
|
|||||||
TEST_DIR="${TEST_DIR:-XXX-fips-test}"
|
TEST_DIR="${TEST_DIR:-XXX-fips-test}"
|
||||||
FLAVOR="${FLAVOR:-linux}"
|
FLAVOR="${FLAVOR:-linux}"
|
||||||
KEEP="${KEEP:-no}"
|
KEEP="${KEEP:-no}"
|
||||||
|
MAKECHECK=${MAKECHECK:-yes}
|
||||||
FIPS_REPO="${FIPS_REPO:-git@github.com:wolfssl/fips.git}"
|
FIPS_REPO="${FIPS_REPO:-git@github.com:wolfssl/fips.git}"
|
||||||
|
|
||||||
Usage() {
|
Usage() {
|
||||||
@ -39,7 +40,9 @@ usageText
|
|||||||
}
|
}
|
||||||
|
|
||||||
while [ "$1" ]; do
|
while [ "$1" ]; do
|
||||||
if [ "$1" = 'keep' ]; then KEEP='yes'; else FLAVOR="$1"; fi
|
if [ "$1" = 'keep' ]; then KEEP='yes';
|
||||||
|
elif [ "$1" = 'nomakecheck' ]; then MAKECHECK='no';
|
||||||
|
else FLAVOR="$1"; fi
|
||||||
shift
|
shift
|
||||||
done
|
done
|
||||||
|
|
||||||
@ -262,8 +265,7 @@ esac
|
|||||||
function checkout_files() {
|
function checkout_files() {
|
||||||
local name
|
local name
|
||||||
local tag
|
local tag
|
||||||
for file_entry in "$@"
|
for file_entry in "$@"; do
|
||||||
do
|
|
||||||
name=${file_entry%%:*}
|
name=${file_entry%%:*}
|
||||||
tag=${file_entry#*:}
|
tag=${file_entry#*:}
|
||||||
if ! $GIT rev-parse -q --verify "my$tag" >/dev/null
|
if ! $GIT rev-parse -q --verify "my$tag" >/dev/null
|
||||||
@ -283,14 +285,12 @@ function copy_fips_files() {
|
|||||||
local bname
|
local bname
|
||||||
local dname
|
local dname
|
||||||
local tag
|
local tag
|
||||||
for file_entry in "$@"
|
for file_entry in "$@"; do
|
||||||
do
|
|
||||||
name=${file_entry%%:*}
|
name=${file_entry%%:*}
|
||||||
tag=${file_entry#*:}
|
tag=${file_entry#*:}
|
||||||
bname=$(basename "$name")
|
bname=$(basename "$name")
|
||||||
dname=$(dirname "$name")
|
dname=$(dirname "$name")
|
||||||
if ! $GIT rev-parse -q --verify "my$tag" >/dev/null
|
if ! $GIT rev-parse -q --verify "my$tag" >/dev/null; then
|
||||||
then
|
|
||||||
$GIT branch --no-track "my$tag" "$tag" || exit $?
|
$GIT branch --no-track "my$tag" "$tag" || exit $?
|
||||||
fi
|
fi
|
||||||
$GIT checkout "my$tag" -- "$bname" || exit $?
|
$GIT checkout "my$tag" -- "$bname" || exit $?
|
||||||
@ -305,8 +305,7 @@ fi
|
|||||||
|
|
||||||
pushd "$TEST_DIR" || exit 2
|
pushd "$TEST_DIR" || exit 2
|
||||||
|
|
||||||
if ! $GIT clone "$FIPS_REPO" fips
|
if ! $GIT clone "$FIPS_REPO" fips; then
|
||||||
then
|
|
||||||
echo "fips-check: Couldn't check out FIPS repository."
|
echo "fips-check: Couldn't check out FIPS repository."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
@ -322,8 +321,7 @@ popd || exit 2
|
|||||||
# Since OE additions can still be processed for cert3389 we will call 140-2
|
# Since OE additions can still be processed for cert3389 we will call 140-2
|
||||||
# ready "fipsv2-OE-ready" indicating it is ready to use for an OE addition but
|
# ready "fipsv2-OE-ready" indicating it is ready to use for an OE addition but
|
||||||
# would not be good for a new certification effort with the latest files.
|
# would not be good for a new certification effort with the latest files.
|
||||||
if [ "$FLAVOR" = 'fipsv2-OE-ready' ] && [ -s wolfcrypt/src/fips.c ]
|
if [ "$FLAVOR" = 'fipsv2-OE-ready' ] && [ -s wolfcrypt/src/fips.c ]; then
|
||||||
then
|
|
||||||
cp wolfcrypt/src/fips.c wolfcrypt/src/fips.c.bak
|
cp wolfcrypt/src/fips.c wolfcrypt/src/fips.c.bak
|
||||||
sed "s/v4.0.0-alpha/fipsv2-OE-ready/" wolfcrypt/src/fips.c.bak >wolfcrypt/src/fips.c
|
sed "s/v4.0.0-alpha/fipsv2-OE-ready/" wolfcrypt/src/fips.c.bak >wolfcrypt/src/fips.c
|
||||||
fi
|
fi
|
||||||
@ -343,14 +341,12 @@ cavp-selftest-v2)
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if ! $MAKE
|
if ! $MAKE; then
|
||||||
then
|
|
||||||
echo 'fips-check: Make failed. Debris left for analysis.'
|
echo 'fips-check: Make failed. Debris left for analysis.'
|
||||||
exit 3
|
exit 3
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -s wolfcrypt/src/fips_test.c ]
|
if [ -s wolfcrypt/src/fips_test.c ]; then
|
||||||
then
|
|
||||||
NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
|
NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
|
||||||
if [ -n "$NEWHASH" ]; then
|
if [ -n "$NEWHASH" ]; then
|
||||||
cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
|
cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
|
||||||
@ -359,15 +355,15 @@ then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! $MAKE check
|
if [ "$MAKECHECK" = "yes" ]; then
|
||||||
then
|
if ! $MAKE check; then
|
||||||
echo 'fips-check: Test failed. Debris left for analysis.'
|
echo 'fips-check: Test failed. Debris left for analysis.'
|
||||||
exit 3
|
exit 3
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Clean up
|
# Clean up
|
||||||
popd || exit 2
|
popd || exit 2
|
||||||
if [ "$KEEP" = 'no' ];
|
if [ "$KEEP" = 'no' ]; then
|
||||||
then
|
|
||||||
rm -rf "$TEST_DIR"
|
rm -rf "$TEST_DIR"
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user