forked from wolfSSL/wolfssl
Merge pull request #7131 from bandi13/fips-check-upgrades
Fips check upgrades
This commit is contained in:
David Garske
GitHub
@ -16,6 +16,7 @@ GIT="${GIT:-git -c advice.detachedHead=false}"
|
||||
TEST_DIR="${TEST_DIR:-XXX-fips-test}"
|
||||
FLAVOR="${FLAVOR:-linux}"
|
||||
KEEP="${KEEP:-no}"
|
||||
MAKECHECK=${MAKECHECK:-yes}
|
||||
FIPS_REPO="${FIPS_REPO:-git@github.com:wolfssl/fips.git}"
|
||||
|
||||
Usage() {
|
||||
@ -39,7 +40,9 @@ usageText
|
||||
}
|
||||
|
||||
while [ "$1" ]; do
|
||||
if [ "$1" = 'keep' ]; then KEEP='yes'; else FLAVOR="$1"; fi
|
||||
if [ "$1" = 'keep' ]; then KEEP='yes';
|
||||
elif [ "$1" = 'nomakecheck' ]; then MAKECHECK='no';
|
||||
else FLAVOR="$1"; fi
|
||||
shift
|
||||
done
|
||||
|
||||
@ -262,8 +265,7 @@ esac
|
||||
function checkout_files() {
|
||||
local name
|
||||
local tag
|
||||
for file_entry in "$@"
|
||||
do
|
||||
for file_entry in "$@"; do
|
||||
name=${file_entry%%:*}
|
||||
tag=${file_entry#*:}
|
||||
if ! $GIT rev-parse -q --verify "my$tag" >/dev/null
|
||||
@ -283,14 +285,12 @@ function copy_fips_files() {
|
||||
local bname
|
||||
local dname
|
||||
local tag
|
||||
for file_entry in "$@"
|
||||
do
|
||||
for file_entry in "$@"; do
|
||||
name=${file_entry%%:*}
|
||||
tag=${file_entry#*:}
|
||||
bname=$(basename "$name")
|
||||
dname=$(dirname "$name")
|
||||
if ! $GIT rev-parse -q --verify "my$tag" >/dev/null
|
||||
then
|
||||
if ! $GIT rev-parse -q --verify "my$tag" >/dev/null; then
|
||||
$GIT branch --no-track "my$tag" "$tag" || exit $?
|
||||
fi
|
||||
$GIT checkout "my$tag" -- "$bname" || exit $?
|
||||
@ -305,8 +305,7 @@ fi
|
||||
|
||||
pushd "$TEST_DIR" || exit 2
|
||||
|
||||
if ! $GIT clone "$FIPS_REPO" fips
|
||||
then
|
||||
if ! $GIT clone "$FIPS_REPO" fips; then
|
||||
echo "fips-check: Couldn't check out FIPS repository."
|
||||
exit 1
|
||||
fi
|
||||
@ -322,8 +321,7 @@ popd || exit 2
|
||||
# Since OE additions can still be processed for cert3389 we will call 140-2
|
||||
# ready "fipsv2-OE-ready" indicating it is ready to use for an OE addition but
|
||||
# would not be good for a new certification effort with the latest files.
|
||||
if [ "$FLAVOR" = 'fipsv2-OE-ready' ] && [ -s wolfcrypt/src/fips.c ]
|
||||
then
|
||||
if [ "$FLAVOR" = 'fipsv2-OE-ready' ] && [ -s wolfcrypt/src/fips.c ]; then
|
||||
cp wolfcrypt/src/fips.c wolfcrypt/src/fips.c.bak
|
||||
sed "s/v4.0.0-alpha/fipsv2-OE-ready/" wolfcrypt/src/fips.c.bak >wolfcrypt/src/fips.c
|
||||
fi
|
||||
@ -343,14 +341,12 @@ cavp-selftest-v2)
|
||||
;;
|
||||
esac
|
||||
|
||||
if ! $MAKE
|
||||
then
|
||||
if ! $MAKE; then
|
||||
echo 'fips-check: Make failed. Debris left for analysis.'
|
||||
exit 3
|
||||
fi
|
||||
|
||||
if [ -s wolfcrypt/src/fips_test.c ]
|
||||
then
|
||||
if [ -s wolfcrypt/src/fips_test.c ]; then
|
||||
NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
|
||||
if [ -n "$NEWHASH" ]; then
|
||||
cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
|
||||
@ -359,15 +355,15 @@ then
|
||||
fi
|
||||
fi
|
||||
|
||||
if ! $MAKE check
|
||||
then
|
||||
echo 'fips-check: Test failed. Debris left for analysis.'
|
||||
exit 3
|
||||
if [ "$MAKECHECK" = "yes" ]; then
|
||||
if ! $MAKE check; then
|
||||
echo 'fips-check: Test failed. Debris left for analysis.'
|
||||
exit 3
|
||||
fi
|
||||
fi
|
||||
|
||||
# Clean up
|
||||
popd || exit 2
|
||||
if [ "$KEEP" = 'no' ];
|
||||
then
|
||||
if [ "$KEEP" = 'no' ]; then
|
||||
rm -rf "$TEST_DIR"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user