1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
#!/bin/bash
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/apache2.0
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
#
set -e
source codebuild/bin/s2n_setup_env.sh
# Use prlimit to set the memlock limit to unlimited for linux. OSX is unlimited by default
# Codebuild Containers aren't allowing prlimit changes (and aren't being caught with the usual cgroup check)
if [[ "$OS_NAME" == "linux" && -n "$CODEBUILD_BUILD_ARN" ]]; then
PRLIMIT_LOCATION=`which prlimit`
sudo -E ${PRLIMIT_LOCATION} --pid "$$" --memlock=unlimited:unlimited;
fi
# Set the version of GCC as Default if it's required
if [[ -n "$GCC_VERSION" ]] && [[ "$GCC_VERSION" != "NONE" ]]; then
alias gcc=$(which gcc-$GCC_VERSION);
fi
# Find if the environment has more than 8 cores
JOBS=8
if [[ -x "$(command -v nproc)" ]]; then
UNITS=$(nproc);
if [[ $UNITS -gt $JOBS ]]; then
JOBS=$UNITS;
fi
fi
make clean;
echo "Using $JOBS jobs for make..";
echo "running with libcrypto: ${S2N_LIBCRYPTO}, gcc_version: ${GCC_VERSION}"
if [[ "$OS_NAME" == "linux" && "$TESTS" == "valgrind" ]]; then
# For linux make a build with debug symbols and run valgrind
# We have to output something every 9 minutes, as some test may run longer than 10 minutes
# and will not produce any output
while sleep 9m; do echo "=====[ $SECONDS seconds still running ]====="; done &
if [[ "$S2N_LIBCRYPTO" == "openssl-1.1.1" || "$S2N_LIBCRYPTO" == "awslc" ]]; then
# https://github.com/aws/s2n-tls/issues/3758
# Run valgrind in pedantic mode (--errors-for-leak-kinds=all)
echo "running task pedantic_valgrind"
S2N_DEBUG=true make -j $JOBS pedantic_valgrind
else
S2N_DEBUG=true make -j $JOBS valgrind
fi
kill %1
fi
CMAKE_PQ_OPTION="S2N_NO_PQ=False"
if [[ -n "$S2N_NO_PQ" ]]; then
CMAKE_PQ_OPTION="S2N_NO_PQ=True"
fi
test_linked_libcrypto() {
s2n_executable="$1"
so_path="${LIBCRYPTO_ROOT}/lib/libcrypto.so"
echo "Testing for linked libcrypto: ${so_path}"
echo "ldd:"
ldd "${s2n_executable}"
ldd "${s2n_executable}" | grep "${so_path}" || \
{ echo "Linked libcrypto is incorrect."; exit 1; }
echo "Test succeeded!"
}
setup_apache_server() {
# Start the apache server if the list of tests isn't defined, meaning all tests
# are to be run, or if the renegotiate test is included in the list of tests.
if [[ -z $TOX_TEST_NAME ]] || [[ "${TOX_TEST_NAME}" == *"test_renegotiate_apache"* ]]; then
source codebuild/bin/s2n_apache2.sh
APACHE_CERT_DIR="$(pwd)/tests/pems"
apache2_start "${APACHE_CERT_DIR}"
fi
}
run_integration_v2_tests() {
setup_apache_server
"$CB_BIN_DIR/install_s2n_head.sh" "$(mktemp -d)"
cmake . -Bbuild \
-DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
-D${CMAKE_PQ_OPTION} \
-DS2N_BLOCK_NONPORTABLE_OPTIMIZATIONS=True \
-DBUILD_SHARED_LIBS=on \
-DS2N_INTEG_TESTS=on \
-DPython3_EXECUTABLE=$(which python3)
cmake --build ./build --clean-first -- -j $(nproc)
test_linked_libcrypto ./build/bin/s2nc
test_linked_libcrypto ./build/bin/s2nd
cp -f ./build/bin/s2nc "$BASE_S2N_DIR"/bin/s2nc
cp -f ./build/bin/s2nd "$BASE_S2N_DIR"/bin/s2nd
cd ./build/
for test_name in $TOX_TEST_NAME; do
test="${test_name//test_/}"
echo "Running... ctest --no-tests=error --output-on-failure --verbose -R ^integrationv2_${test}$"
ctest --no-tests=error --output-on-failure --verbose -R ^integrationv2_${test}$
done
}
run_unit_tests() {
cmake . -Bbuild \
-DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
-D${CMAKE_PQ_OPTION} \
-DS2N_BLOCK_NONPORTABLE_OPTIMIZATIONS=True \
-DBUILD_SHARED_LIBS=on
cmake --build ./build -- -j $(nproc)
test_linked_libcrypto ./build/bin/s2nc
cmake --build build/ --target test -- ARGS="-L unit --output-on-failure -j $(nproc)"
}
# Run Multiple tests on one flag.
if [[ "$TESTS" == "ALL" || "$TESTS" == "sawHMACPlus" ]] && [[ "$OS_NAME" == "linux" ]]; then make -C tests/saw tmp/verify_HMAC.log tmp/verify_drbg.log failure-tests; fi
# Run Individual tests
if [[ "$TESTS" == "ALL" || "$TESTS" == "unit" ]]; then run_unit_tests; fi
if [[ "$TESTS" == "ALL" || "$TESTS" == "interning" ]]; then ./codebuild/bin/test_libcrypto_interning.sh; fi
if [[ "$TESTS" == "ALL" || "$TESTS" == "exec_leak" ]]; then ./codebuild/bin/test_exec_leak.sh; fi
if [[ "$TESTS" == "ALL" || "$TESTS" == "asan" ]]; then make clean; S2N_ADDRESS_SANITIZER=1 make -j $JOBS ; fi
if [[ "$TESTS" == "ALL" || "$TESTS" == "integrationv2" ]]; then run_integration_v2_tests; fi
if [[ "$TESTS" == "ALL" || "$TESTS" == "crt" ]]; then ./codebuild/bin/build_aws_crt_cpp.sh $(mktemp -d) $(mktemp -d); fi
if [[ "$TESTS" == "ALL" || "$TESTS" == "sharedandstatic" ]]; then ./codebuild/bin/test_install_shared_and_static.sh $(mktemp -d); fi
if [[ "$TESTS" == "ALL" || "$TESTS" == "dynamicload" ]]; then ./codebuild/bin/test_dynamic_load.sh $(mktemp -d); fi
if [[ "$TESTS" == "ALL" || "$TESTS" == "fuzz" ]]; then (make clean && make fuzz) ; fi
if [[ "$TESTS" == "ALL" || "$TESTS" == "benchmark" ]]; then (make clean && make benchmark) ; fi
if [[ "$TESTS" == "sawHMAC" ]] && [[ "$OS_NAME" == "linux" ]]; then make -C tests/saw/ tmp/verify_HMAC.log ; fi
if [[ "$TESTS" == "sawDRBG" ]]; then make -C tests/saw tmp/verify_drbg.log ; fi
if [[ "$TESTS" == "ALL" || "$TESTS" == "tls" ]]; then make -C tests/saw tmp/verify_handshake.log ; fi
if [[ "$TESTS" == "sawHMACFailure" ]]; then make -C tests/saw failure-tests ; fi
|
