diff options
| author | slavomir.katuscak%sun.com <devnull@localhost> | 2007-02-05 12:17:22 +0000 |
|---|---|---|
| committer | slavomir.katuscak%sun.com <devnull@localhost> | 2007-02-05 12:17:22 +0000 |
| commit | ad38ffecc1dd343baf8e6959a93c909fe84de206 (patch) | |
| tree | 270430140333173d0831d094febcd6283dfec4eb | |
| parent | bba5318d0eef79d1e64a046af8330a4e99210a2c (diff) | |
| download | nss-hg-ad38ffecc1dd343baf8e6959a93c909fe84de206.tar.gz | |
Bug 193386: Patch to fips.sh, fixed paths on HP-UX and AIX and added
PASSED/FAILED status reporting. sr=nelson,r=alexei
| -rwxr-xr-x | security/nss/tests/fips/fips.sh | 38 |
1 files changed, 23 insertions, 15 deletions
diff --git a/security/nss/tests/fips/fips.sh b/security/nss/tests/fips/fips.sh index c5b477001..9b56da248 100755 --- a/security/nss/tests/fips/fips.sh +++ b/security/nss/tests/fips/fips.sh @@ -102,77 +102,77 @@ fips_140() echo "modutil -dbdir ${P_R_FIPSDIR} -list" modutil -dbdir ${P_R_FIPSDIR} -list 2>&1 modutil -dbdir ${P_R_FIPSDIR} -chkfips true 2>&1 - html_msg $? 0 "Verify this module is in FIPS mode (modutil -chkfips true)" + html_msg $? 0 "Verify this module is in FIPS mode (modutil -chkfips true)" "." echo "$SCRIPTNAME: List the FIPS module certificates -----------------" echo "certutil -d ${P_R_FIPSDIR} -L" certutil -d ${P_R_FIPSDIR} -L 2>&1 - html_msg $? 0 "List the FIPS module certificates (certutil -L)" + html_msg $? 0 "List the FIPS module certificates (certutil -L)" "." echo "$SCRIPTNAME: List the FIPS module keys -------------------------" echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}" certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1 - html_msg $? 0 "List the FIPS module keys (certutil -K)" + html_msg $? 0 "List the FIPS module keys (certutil -K)" "." echo "$SCRIPTNAME: Attempt to list FIPS module keys with incorrect password" echo "certutil -d ${P_R_FIPSDIR} -K -f ${FIPSBADPWFILE}" certutil -d ${P_R_FIPSDIR} -K -f ${FIPSBADPWFILE} 2>&1 RET=$? - html_msg $RET 255 "Attempt to list FIPS module keys with incorrect password (certutil -K)" + html_msg $RET 255 "Attempt to list FIPS module keys with incorrect password (certutil -K)" "." echo "certutil -K returned $RET" echo "$SCRIPTNAME: Validate the certificate --------------------------" echo "certutil -d ${P_R_FIPSDIR} -V -n ${FIPSCERTNICK} -u SR -e -f ${R_FIPSPWFILE}" certutil -d ${P_R_FIPSDIR} -V -n ${FIPSCERTNICK} -u SR -e -f ${R_FIPSPWFILE} - html_msg $? 0 "Validate the certificate (certutil -V -e)" + html_msg $? 0 "Validate the certificate (certutil -V -e)" "." echo "$SCRIPTNAME: Export the certificate and key as a PKCS#12 file --" echo "pk12util -d ${P_R_FIPSDIR} -o fips140.p12 -n ${FIPSCERTNICK} -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE}" pk12util -d ${P_R_FIPSDIR} -o fips140.p12 -n ${FIPSCERTNICK} -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1 - html_msg $? 0 "Export the certificate and key as a PKCS#12 file (pk12util -o)" + html_msg $? 0 "Export the certificate and key as a PKCS#12 file (pk12util -o)" "." echo "$SCRIPTNAME: Export the certificate as a DER-encoded file ------" echo "certutil -d ${P_R_FIPSDIR} -L -n ${FIPSCERTNICK} -r -o fips140.crt" certutil -d ${P_R_FIPSDIR} -L -n ${FIPSCERTNICK} -r -o fips140.crt 2>&1 - html_msg $? 0 "Export the certificate as a DER (certutil -L -r)" + html_msg $? 0 "Export the certificate as a DER (certutil -L -r)" "." echo "$SCRIPTNAME: List the FIPS module certificates -----------------" echo "certutil -d ${P_R_FIPSDIR} -L" certutil -d ${P_R_FIPSDIR} -L 2>&1 - html_msg $? 0 "List the FIPS module certificates (certutil -L)" + html_msg $? 0 "List the FIPS module certificates (certutil -L)" "." echo "$SCRIPTNAME: Delete the certificate and key from the FIPS module" echo "certutil -d ${P_R_FIPSDIR} -F -n ${FIPSCERTNICK} -f ${R_FIPSPWFILE}" certutil -d ${P_R_FIPSDIR} -F -n ${FIPSCERTNICK} -f ${R_FIPSPWFILE} 2>&1 - html_msg $? 0 "Delete the certificate and key from the FIPS module (certutil -D)" + html_msg $? 0 "Delete the certificate and key from the FIPS module (certutil -D)" "." echo "$SCRIPTNAME: List the FIPS module certificates -----------------" echo "certutil -d ${P_R_FIPSDIR} -L" certutil -d ${P_R_FIPSDIR} -L 2>&1 - html_msg $? 0 "List the FIPS module certificates (certutil -L)" + html_msg $? 0 "List the FIPS module certificates (certutil -L)" "." echo "$SCRIPTNAME: List the FIPS module keys." echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}" certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1 # certutil -K now returns a failure if no keys are found. This verifies that # our delete succeded. - html_msg $? 255 "List the FIPS module keys (certutil -K)" + html_msg $? 255 "List the FIPS module keys (certutil -K)" "." echo "$SCRIPTNAME: Import the certificate and key from the PKCS#12 file" echo "pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE}" pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1 - html_msg $? 0 "Import the certificate and key from the PKCS#12 file (pk12util -i)" + html_msg $? 0 "Import the certificate and key from the PKCS#12 file (pk12util -i)" "." echo "$SCRIPTNAME: List the FIPS module certificates -----------------" echo "certutil -d ${P_R_FIPSDIR} -L" certutil -d ${P_R_FIPSDIR} -L 2>&1 - html_msg $? 0 "List the FIPS module certificates (certutil -L)" + html_msg $? 0 "List the FIPS module certificates (certutil -L)" "." echo "$SCRIPTNAME: List the FIPS module keys --------------------------" echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}" certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1 - html_msg $? 0 "List the FIPS module keys (certutil -K)" + html_msg $? 0 "List the FIPS module keys (certutil -K)" "." LIBDIR="${DIST}/${OBJDIR}/lib" MANGLEDIR="${FIPSDIR}/mangle" @@ -199,13 +199,21 @@ fips_140() echo "PATH=${MANGLEDIR} ${DBTEST} -r -d ${P_R_FIPSDIR}" PATH="${MANGLEDIR}" ${DBTEST} -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1 RESULT=$? + elif [ "${OS_ARCH}" = "HP-UX" ]; then + echo "SHLIB_PATH=${MANGLEDIR} dbtest -r -d ${P_R_FIPSDIR}" + LD_LIBRARY_PATH="" SHLIB_PATH="${MANGLEDIR}" dbtest -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1 + RESULT=$? + elif [ "${OS_ARCH}" = "AIX" ]; then + echo "LIBPATH=${MANGLEDIR} dbtest -r -d ${P_R_FIPSDIR}" + LIBPATH="${MANGLEDIR}" dbtest -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1 + RESULT=$? else echo "LD_LIBRARY_PATH=${MANGLEDIR} dbtest -r -d ${P_R_FIPSDIR}" LD_LIBRARY_PATH="${MANGLEDIR}" dbtest -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1 RESULT=$? fi - html_msg ${RESULT} 46 "Init NSS with a corrupted library (dbtest -r)" + html_msg ${RESULT} 46 "Init NSS with a corrupted library (dbtest -r)" "." else html_msg 0 0 "Skipping corruption test, can't open ${DLL_PREFIX}softokn3.${DLL_SUFFIX}" fi |