forked from aws/s2n-tls
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.travis.yml
141 lines (132 loc) · 7.82 KB
/
.travis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
sudo: true
language: c
cache:
directories:
# Cache test dependencies that would normally be re-compiled for every build.
# This directory is unique for each entry of the build matrix per:
# https://docs.travis-ci.com/user/caching/#Caches-and-build-matrices
- test-deps
addons:
apt:
sources:
- ubuntu-toolchain-r-test
packages:
- gcc-6
- g++-6
- indent
- cppcheck
- kwstyle
osx_image: xcode8
os:
- osx
- linux
env:
- S2N_LIBCRYPTO=openssl-1.1.0 BUILD_S2N=true TESTS=integration
- S2N_LIBCRYPTO=openssl-1.0.2 BUILD_S2N=true TESTS=integration
- S2N_LIBCRYPTO=libressl BUILD_S2N=true TESTS=integration
# Force libcrypto to use "software only" crypto implementations for AES and AES-GCM. Verify s2n can gracefully use
# unoptimized routines. See https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_ia32cap.html
- OPENSSL_ia32cap="~0x200000200000000" BUILD_S2N=true TESTS=integration
- LATEST_CLANG=true TESTS=fuzz
- TESTS=sawHMAC SAW_HMAC_TEST=md5 SAW=true
- TESTS=sawHMAC SAW_HMAC_TEST=none SAW=true
- TESTS=sawHMAC SAW_HMAC_TEST=sha1 SAW=true
- TESTS=sawHMAC SAW_HMAC_TEST=sha224 SAW=true
- TESTS=sawHMAC SAW_HMAC_TEST=sha256 SAW=true
- TESTS=sawHMAC SAW_HMAC_TEST=sha384 SAW=true
- TESTS=sawHMAC SAW_HMAC_TEST=sha512 SAW=true
- TESTS=sawDRBG SAW=true
- TESTS=sawHMACFailure SAW=true
matrix:
exclude:
- os: osx
env: TESTS=sawHMAC SAW_HMAC_TEST=md5 SAW=true
- os: osx
env: TESTS=sawHMAC SAW_HMAC_TEST=none SAW=true
- os: osx
env: TESTS=sawHMAC SAW_HMAC_TEST=sha1 SAW=true
- os: osx
env: TESTS=sawHMAC SAW_HMAC_TEST=sha224 SAW=true
- os: osx
env: TESTS=sawHMAC SAW_HMAC_TEST=sha256 SAW=true
- os: osx
env: TESTS=sawHMAC SAW_HMAC_TEST=sha384 SAW=true
- os: osx
env: TESTS=sawHMAC SAW_HMAC_TEST=sha512 SAW=true
- os: osx
env: LATEST_CLANG=true TESTS=fuzz
- os: osx
env: TESTS=sawDRBG SAW=true
- os: osx
env: TESTS=sawHMACFailure SAW=true
#This exception is because the test isn't finished yet, remove to turn on DRBG Saw tests
- env: TESTS=sawDRBG SAW=true
allow_failures:
- os: osx
fast_finish: true
before_install:
# Setup the cache directory paths
- if [[ ! -d test-deps ]]; then mkdir test-deps ; fi
- export PYTHON_INSTALL_DIR=`pwd`/test-deps/python
- export GNUTLS_INSTALL_DIR=`pwd`/test-deps/gnutls
- export PRLIMIT_INSTALL_DIR=`pwd`/test-deps/prlimit
- export SAW_INSTALL_DIR=`pwd`/test-deps/saw
- export Z3_INSTALL_DIR=`pwd`/test-deps/z3
- export LIBFUZZER_INSTALL_DIR=`pwd`/test-deps/libfuzzer
- export LATEST_CLANG_INSTALL_DIR=`pwd`/test-deps/clang
- export SCAN_BUILD_INSTALL_DIR=`pwd`/test-deps/scan-build
- export OPENSSL_1_1_0_INSTALL_DIR=`pwd`/test-deps/openssl-1.1.0
- export OPENSSL_1_0_2_INSTALL_DIR=`pwd`/test-deps/openssl-1.0.2
- export LIBRESSL_INSTALL_DIR=`pwd`/test-deps/libressl
# Install GCC 6 if on OSX
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then .travis/install_osx_dependencies.sh ; fi
# Set GCC 6 as Default on both Ubuntu and OSX
- alias gcc=$(which gcc-6)
# Install latest version of clang, clang++, and llvm-symbolizer. Needed for fuzzing.
- if [[ ! -d "$LATEST_CLANG_INSTALL_DIR" ]]; then .travis/install_clang.sh `mktemp -d` $LATEST_CLANG_INSTALL_DIR $TRAVIS_OS_NAME > /dev/null ; fi
# Install missing test dependencies. If the install directory already exists, cached artifacts will be used
# for that dependency.
install:
# Download and Install LibFuzzer with latest clang
- if [[ ! -d "$LIBFUZZER_INSTALL_DIR" ]]; then PATH=$LATEST_CLANG_INSTALL_DIR/bin:$PATH .travis/install_libFuzzer.sh `mktemp -d` $LIBFUZZER_INSTALL_DIR $TRAVIS_OS_NAME > /dev/null ; fi
# Download and Install Openssl 1.1.0
- if [[ ! -d "$OPENSSL_1_1_0_INSTALL_DIR" ]]; then .travis/install_openssl_1_1_0.sh `mktemp -d` $OPENSSL_1_1_0_INSTALL_DIR $TRAVIS_OS_NAME > /dev/null ; fi
- if [[ ! -d "$OPENSSL_1_0_2_INSTALL_DIR" ]]; then .travis/install_openssl_1_0_2.sh `mktemp -d` $OPENSSL_1_0_2_INSTALL_DIR $TRAVIS_OS_NAME > /dev/null ; fi
- if [[ ! -d "$LIBRESSL_INSTALL_DIR" ]]; then .travis/install_libressl.sh `mktemp -d` $LIBRESSL_INSTALL_DIR > /dev/null ; fi
# Install python linked with the latest Openssl for integration tests
- if [[ ! -d "$PYTHON_INSTALL_DIR" ]]; then mkdir -p $PYTHON_INSTALL_DIR && .travis/install_python.sh $OPENSSL_1_1_0_INSTALL_DIR `mktemp -d` $PYTHON_INSTALL_DIR > /dev/null ; fi
# Download and Install GnuTLS for integration tests
- if [[ ! -d "$GNUTLS_INSTALL_DIR" ]]; then mkdir -p $GNUTLS_INSTALL_DIR && .travis/install_gnutls.sh `mktemp -d` $GNUTLS_INSTALL_DIR $TRAVIS_OS_NAME > /dev/null ; fi
- if [[ ! -d "$PRLIMIT_INSTALL_DIR" ]] && [[ "$TRAVIS_OS_NAME" == "linux" ]]; then mkdir -p $PRLIMIT_INSTALL_DIR && .travis/install_prlimit.sh `mktemp -d` $PRLIMIT_INSTALL_DIR > /dev/null ; fi
- if [[ ! -d "$SCAN_BUILD_INSTALL_DIR" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then .travis/install_scan-build.sh $SCAN_BUILD_INSTALL_DIR; fi
# Install SAW and Z3 for formal verification
- if [[ ! -d "$SAW_INSTALL_DIR" ]]; then mkdir -p $SAW_INSTALL_DIR && .travis/install_saw.sh `mktemp -d` $SAW_INSTALL_DIR > /dev/null ; fi
- if [[ ! -d "$Z3_INSTALL_DIR" ]]; then mkdir -p $Z3_INSTALL_DIR && .travis/install_z3.sh `mktemp -d` $Z3_INSTALL_DIR > /dev/null ; fi
before_script:
# Add all of our test dependencies to the PATH. Use Openssl 1.1.0 so the latest openssl is used for s_client
# integration tests.
- export PATH=$PYTHON_INSTALL_DIR/bin:$OPENSSL_1_1_0_INSTALL_DIR/bin:$GNUTLS_INSTALL_DIR/bin:$SAW_INSTALL_DIR/bin:$Z3_INSTALL_DIR/bin:$SCAN_BUILD_INSTALL_DIR/bin:$PATH
- export LD_LIBRARY_PATH=$OPENSSL_1_1_0_INSTALL_DIR/lib:$LD_LIBRARY_PATH; export DYLD_LIBRARY_PATH=$OPENSSL_1_1_0_INSTALL_DIR/lib:$LD_LIBRARY_PATH;
# Select the libcrypto to build s2n against. If this is unset, default to the latest(Openssl 1.1.0)
- if [[ -z $S2N_LIBCRYPTO ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_1_0_INSTALL_DIR ; fi
- if [[ "$S2N_LIBCRYPTO" == "openssl-1.1.0" ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_1_0_INSTALL_DIR ; fi
- if [[ "$S2N_LIBCRYPTO" == "openssl-1.0.2" ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_0_2_INSTALL_DIR ; fi
- if [[ "$S2N_LIBCRYPTO" == "libressl" ]]; then export LIBCRYPTO_ROOT=$LIBRESSL_INSTALL_DIR ; fi
# Set the libfuzzer to use for fuzz tests
- export LIBFUZZER_ROOT=$LIBFUZZER_INSTALL_DIR
# Create a link to the selected libcrypto. This shouldn't be needed when LIBCRYPTO_ROOT is set, but some tests
# have the "libcrypto-root" directory path hardcoded.
- rm -rf libcrypto-root && ln -s $LIBCRYPTO_ROOT libcrypto-root
# Use prlimit to set the memlock limit to unlimited for linux. OSX is unlimited by default
- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo -E $PRLIMIT_INSTALL_DIR/bin/prlimit --pid "$$" --memlock=unlimited:unlimited ; fi
script:
- if [[ "$BUILD_S2N" == "true" ]]; then .travis/run_cppcheck.sh ; fi
- if [[ "$BUILD_S2N" == "true" && "$TRAVIS_OS_NAME" == "linux" ]]; then .travis/run_kwstyle.sh ; fi
- if [[ "$TRAVIS_OS_NAME" == "linux" && "$TESTS" == "integration" ]]; then make -j 8 ; fi
# Build and run unit tests with scan-build for osx. scan-build bundle isn't available for linux
- if [[ "$TRAVIS_OS_NAME" == "osx" && "$TESTS" == "integration" ]]; then scan-build --status-bugs -o /tmp/scan-build make -j8; STATUS=$?; test $STATUS -ne 0 && cat /tmp/scan-build/*/* ; [ "$STATUS" -eq "0" ] ; fi
- if [[ "$TESTS" == "integration" ]]; then make clean; make integration ; fi
- if [[ "$TESTS" == "fuzz" ]]; then export PATH=$LATEST_CLANG_INSTALL_DIR/bin:$PATH && make clean && make fuzz ; fi
- if [[ "$TRAVIS_OS_NAME" == "linux" && "$TESTS" == "sawHMAC" ]]; then make -C tests/saw/ tmp/verify_s2n_hmac_$SAW_HMAC_TEST.log ; fi
- if [[ "$TESTS" == "sawDRBG" ]]; then make -C tests/saw tmp/spec/DRBG/DRBG.log ; fi
- if [[ "$TESTS" == "sawHMACFailure" ]]; then make -C tests/saw failure-tests ; fi