Closed Bug 534472 Opened 11 years ago Closed 11 years ago

The mangle softoken test in fips.sh reports Passed if softokn3.dll cannot be found

Categories

(NSS :: Test, defect, P3)

x86
Windows 7
defect

Tracking

(Not tracked)

RESOLVED FIXED
3.12.7

People

(Reporter: wtc, Assigned: slavomir.katuscak+mozilla)

Details

Attachments

(1 file)

I wrote a patch to build NSS as static libraries (so there
is no softokn3.dll).

When I ran all.sh, I was surprised that all tests passed.
I inspected the output.log file and found that fips.sh
skips the mangle softoken test and reports a Passed status
if the mangle command fails.  (In my NSS static build,
the mangle command fails with the "file not found" error
becaust softokn3.dll/libsoftokn3.dylib doesn't exist.)

Is this intentional?  It seems that the mangle softoken test
should fail if softokn3.dll/libsoftokn3.dylib doesn't exist,
or if it cannot mangle softokn3.dll/libsoftokn3.dylib for
some reason.

Nit: the fips.sh script says this test is
"Detect mangled database".  It should say "Detect mangled softoken"
or "Detect mangled FIPS module".

http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/tests/fips/fips.sh&mark=263,268-269,298-299&rev=1.33#263
Wan-Teh, this test is design to fail if dbtest works with mangled softoken, it should return error 46 instead. If mangle test doesn't pass then it doesn't make sense to check dbtest for return value, so test is skipped. 

Current version of test use softoken copy in mangledir, but older version used softoken directly and if it was used by more processes at the same time (what is not correct and was fixed as bug 193386) then on Windows mangle would fail and test is ignored. This is probably the reason why the test doesn't fail even if mangle fails.
Slavo: thanks for the reply.  Now that we create a copy of softoken in
mangledir for the mangle test, we should be able to make the test
fail if mangle fails.  I'll let you decide.  Please at least fix
the "Detect mangled database" message in output.log because it isn't
accurate.  Thanks.
Priority: -- → P3
Target Milestone: --- → 3.12.7
Attached patch Patch.Splinter Review
Attachment #428194 - Flags: review?(wtc)
Comment on attachment 428194 [details] [diff] [review]
Patch.

r=wtc.  Thanks, Slavo.

>-  echo "$SCRIPTNAME: Detect mangled database --------------------------"
>+  echo "$SCRIPTNAME: Detect mangled softoken--------------------------"
>   SOFTOKEN=${MANGLEDIR}/${DLL_PREFIX}softokn3.${DLL_SUFFIX}
> 
>   echo "mangling ${SOFTOKEN}"
>   echo "mangle -i ${SOFTOKEN} -o -8 -b 5"
>   ${BINDIR}/mangle -i ${SOFTOKEN} -o -8 -b 5 2>&1
>   if [ $? -eq 0 ]; then
      ...
>     html_msg ${RESULT} 46 "Init NSS with a corrupted library (dbtest -r)" "."
>   else
>-    html_msg 0 0 "Skipping corruption test, can't open ${DLL_PREFIX}softokn3.${DLL_SUFFIX}"
>+    html_failed "Mangle ${DLL_PREFIX}softokn3.${DLL_SUFFIX}"
>   fi

In the html_failed line, should we use
    ${SOFTOKEN}
instead of
    ${DLL_PREFIX}softokn3.${DLL_SUFFIX}
because we're now mangling a copy of softoken in ${MANGLEDIR}?
Attachment #428194 - Flags: review?(wtc) → review+
${SOFTOKEN} contains absolute path, that can be long in some cases, for HTML report I would rather keep there only filename with no path.
Checking in fips.sh;
/cvsroot/mozilla/security/nss/tests/fips/fips.sh,v  <--  fips.sh
new revision: 1.34; previous revision: 1.33
done
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.