blob: 8305e6766167eaaa038b40a13ac5f8707ab1cc5a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
|
#!/bin/bash
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
########################################################################
#
# mozilla/security/nss/tests/all.sh
#
# Script to start selected available NSS QA suites on one machine
# this script is called or sourced by NSS QA which runs on all required
# platforms
#
# Needs to work on all Unix and Windows platforms
#
# Currently available NSS QA suites:
# ----------------------------------
# cipher.sh - tests NSS ciphers
# libpkix.sh - tests PKIX functionality
# cert.sh - exercises certutil and creates certs necessary for
# all other tests
# dbtests.sh - tests related to certificate databases
# tools.sh - tests the majority of the NSS tools
# fips.sh - tests basic functionallity of NSS in FIPS-compliant
# - mode
# sdr.sh - tests NSS SDR
# crmf.sh - CRMF/CMMF testing
# smime.sh - S/MIME testing
# ssl.sh - tests SSL V2 SSL V3 and TLS
# ocsp.sh - OCSP testing
# merge.sh - tests merging old and new shareable databases
# pkits.sh - NIST/PKITS tests
# chains.sh - PKIX cert chains tests
# dbupgrade.sh - upgrade databases to new shareable version (used
# only in upgrade test cycle)
# memleak.sh - memory leak testing (optional)
# ssl_gtests.sh- Gtest based unit tests for ssl
# gtests.sh - Gtest based unit tests for everything else
# bogo.sh - Bogo interop tests (disabled by default)
# https://boringssl.googlesource.com/boringssl/+/master/ssl/test/PORTING.md
#
# NSS testing is now devided to 4 cycles:
# ---------------------------------------
# standard - run test suites with defaults settings
# pkix - run test suites with PKIX enabled
# upgradedb - upgrade existing certificate databases to shareable
# format (creates them if doesn't exist yet) and run
# test suites with those databases
# sharedb - run test suites with shareable database format
# enabled (databases are created directly to this
# format)
#
# Mandatory environment variables (to be set before testing):
# -----------------------------------------------------------
# HOST - test machine host name
# DOMSUF - test machine domain name
#
# Optional environment variables to specify build to use:
# -------------------------------------------------------
# BUILT_OPT - use optimized/debug build
# USE_64 - use 64bit/32bit build
# USE_ASAN - use Address Sanitizer build
#
# Optional environment variables to enable specific NSS features:
# ---------------------------------------------------------------
# NSS_DISABLE_ECC - disable ECC
#
# Optional environment variables to select which cycles/suites to test:
# ---------------------------------------------------------------------
# NSS_CYCLES - list of cycles to run (separated by space
# character)
# - by default all cycles are tested
#
# NSS_TESTS - list of all test suites to run (separated by space
# character, without trailing .sh)
# - this list can be reduced for individual test cycles
#
# NSS_SSL_TESTS - list of ssl tests to run (see ssl.sh)
# NSS_SSL_RUN - list of ssl sub-tests to run (see ssl.sh)
#
# Testing schema:
# ---------------
# all.sh ~ (main)
# | |
# +------------+------------+-----------+ ~ run_cycles
# | | | | |
# standard pkix upgradedb sharedb ~ run_cycle_*
# | |
# +------+------+------+-----> ~ run_tests
# | | | | |
# cert tools fips ssl ... ~ . *.sh
#
# Special strings:
# ----------------
# FIXME ... known problems, search for this string
# NOTE .... unexpected behavior
#
# NOTE:
# -----
# Unlike the old QA this is based on files sourcing each other
# This is done to save time, since a great portion of time is lost
# in calling and sourcing the same things multiple times over the
# network. Also, this way all scripts have all shell function
# available and a completely common environment
#
########################################################################
############################## run_tests ###############################
# run test suites defined in TESTS variable, skip scripts defined in
# TESTS_SKIP variable
########################################################################
run_tests()
{
for TEST in ${TESTS}
do
# NOTE: the spaces are important. If you don't include
# the spaces, then turning off ssl_gtests will also turn off ssl
# tests.
echo " ${TESTS_SKIP} " | grep " ${TEST} " > /dev/null
if [ $? -eq 0 ]; then
continue
fi
SCRIPTNAME=${TEST}.sh
echo "Running tests for ${TEST}"
echo "TIMESTAMP ${TEST} BEGIN: `date`"
(cd ${QADIR}/${TEST}; . ./${SCRIPTNAME} 2>&1)
echo "TIMESTAMP ${TEST} END: `date`"
done
}
########################## run_cycle_standard ##########################
# run test suites with defaults settings (no PKIX, no sharedb)
########################################################################
run_cycle_standard()
{
TEST_MODE=STANDARD
TESTS="${ALL_TESTS}"
TESTS_SKIP=
run_tests
}
############################ run_cycle_pkix ############################
# run test suites with PKIX enabled
########################################################################
run_cycle_pkix()
{
TEST_MODE=PKIX
TABLE_ARGS="bgcolor=cyan"
html_head "Testing with PKIX"
html "</TABLE><BR>"
HOSTDIR="${HOSTDIR}/pkix"
mkdir -p "${HOSTDIR}"
init_directories
NSS_ENABLE_PKIX_VERIFY="1"
export NSS_ENABLE_PKIX_VERIFY
TESTS="${ALL_TESTS}"
TESTS_SKIP="cipher dbtests sdr crmf smime merge multinit"
NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
run_tests
}
######################### run_cycle_upgrade_db #########################
# upgrades certificate database to shareable format and run test suites
# with those databases
########################################################################
run_cycle_upgrade_db()
{
TEST_MODE=UPGRADE_DB
TABLE_ARGS="bgcolor=pink"
html_head "Testing with upgraded library"
html "</TABLE><BR>"
OLDHOSTDIR="${HOSTDIR}"
HOSTDIR="${HOSTDIR}/upgradedb"
mkdir -p "${HOSTDIR}"
init_directories
if [ -r "${OLDHOSTDIR}/cert.log" ]; then
DIRS="alicedir bobdir CA cert_extensions client clientCA dave eccurves eve ext_client ext_server fips SDR server serverCA stapling tools/copydir cert.log cert.done tests.*"
for i in $DIRS
do
cp -r ${OLDHOSTDIR}/${i} ${HOSTDIR} #2> /dev/null
done
fi
# upgrade certs dbs to shared db
TESTS="dbupgrade"
TESTS_SKIP=
run_tests
NSS_DEFAULT_DB_TYPE="sql"
export NSS_DEFAULT_DB_TYPE
# run the subset of tests with the upgraded database
TESTS="${ALL_TESTS}"
TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains"
NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
run_tests
}
########################## run_cycle_shared_db #########################
# run test suites with certificate databases set to shareable format
########################################################################
run_cycle_shared_db()
{
TEST_MODE=SHARED_DB
TABLE_ARGS="bgcolor=yellow"
html_head "Testing with shared library"
html "</TABLE><BR>"
HOSTDIR="${HOSTDIR}/sharedb"
mkdir -p "${HOSTDIR}"
init_directories
NSS_DEFAULT_DB_TYPE="sql"
export NSS_DEFAULT_DB_TYPE
# run the tests for native sharedb support
TESTS="${ALL_TESTS}"
TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits"
NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
run_tests
}
############################# run_cycles ###############################
# run test cycles defined in CYCLES variable
########################################################################
run_cycles()
{
for CYCLE in ${CYCLES}
do
case "${CYCLE}" in
"standard")
run_cycle_standard
;;
"pkix")
if [ -z "$NSS_DISABLE_LIBPKIX" ]; then
run_cycle_pkix
fi
;;
"upgradedb")
run_cycle_upgrade_db
;;
"sharedb")
run_cycle_shared_db
;;
esac
. ${ENV_BACKUP}
done
}
############################## main code ###############################
cycles="standard pkix upgradedb sharedb"
CYCLES=${NSS_CYCLES:-$cycles}
tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests"
TESTS=${NSS_TESTS:-$tests}
ALL_TESTS=${TESTS}
nss_ssl_tests="crl fips_normal normal_fips iopr policy"
NSS_SSL_TESTS="${NSS_SSL_TESTS:-$nss_ssl_tests}"
nss_ssl_run="cov auth stapling stress"
NSS_SSL_RUN="${NSS_SSL_RUN:-$nss_ssl_run}"
SCRIPTNAME=all.sh
CLEANUP="${SCRIPTNAME}"
cd `dirname $0`
# all.sh should be the first one to try to source the init
if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
cd common
. ./init.sh
fi
# NOTE:
# Lists of enabled tests and other settings are stored to ${ENV_BACKUP}
# file and are are restored after every test cycle.
ENV_BACKUP=${HOSTDIR}/env.sh
env_backup > ${ENV_BACKUP}
if [ "${O_CRON}" = "ON" ]; then
run_cycles >> ${LOGFILE}
else
run_cycles | tee -a ${LOGFILE}
fi
SCRIPTNAME=all.sh
. ${QADIR}/common/cleanup.sh
|