.travis.yml

sudo: true
language: c
cache:
    directories:
        # Cache test dependencies that would normally be re-compiled for every build.
        # This directory is unique for each entry of the build matrix per:
        # https://docs.travis-ci.com/user/caching/#Caches-and-build-matrices
        - test-deps

addons:
    apt:
      sources:
        - ubuntu-toolchain-r-test
      packages:
        - gcc-6
        - g++-6
        - indent
        - cppcheck
        - kwstyle

osx_image: xcode8

os:
  - osx
  - linux

env:
  - S2N_LIBCRYPTO=openssl-1.1.0 BUILD_S2N=true TESTS=integration
  - S2N_LIBCRYPTO=openssl-1.0.2 BUILD_S2N=true TESTS=integration
  - S2N_LIBCRYPTO=libressl BUILD_S2N=true TESTS=integration
  # Force libcrypto to use "software only" crypto implementations for AES and AES-GCM. Verify s2n can gracefully use
  # unoptimized routines. See https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_ia32cap.html
  - OPENSSL_ia32cap="~0x200000200000000" BUILD_S2N=true TESTS=integration
  - LATEST_CLANG=true TESTS=fuzz
  - TESTS=sawHMAC SAW_HMAC_TEST=md5 SAW=true
  - TESTS=sawHMAC SAW_HMAC_TEST=none SAW=true
  - TESTS=sawHMAC SAW_HMAC_TEST=sha1 SAW=true
  - TESTS=sawHMAC SAW_HMAC_TEST=sha224 SAW=true
  - TESTS=sawHMAC SAW_HMAC_TEST=sha256 SAW=true
  - TESTS=sawHMAC SAW_HMAC_TEST=sha384 SAW=true
  - TESTS=sawHMAC SAW_HMAC_TEST=sha512 SAW=true
  - TESTS=sawDRBG SAW=true
  - TESTS=sawHMACFailure SAW=true

matrix:
  exclude:
  - os: osx
    env: TESTS=sawHMAC SAW_HMAC_TEST=md5 SAW=true
  - os: osx
    env: TESTS=sawHMAC SAW_HMAC_TEST=none SAW=true
  - os: osx
    env: TESTS=sawHMAC SAW_HMAC_TEST=sha1 SAW=true
  - os: osx
    env: TESTS=sawHMAC SAW_HMAC_TEST=sha224 SAW=true
  - os: osx
    env: TESTS=sawHMAC SAW_HMAC_TEST=sha256 SAW=true
  - os: osx
    env: TESTS=sawHMAC SAW_HMAC_TEST=sha384 SAW=true
  - os: osx
    env: TESTS=sawHMAC SAW_HMAC_TEST=sha512 SAW=true
  - os: osx
    env: LATEST_CLANG=true TESTS=fuzz
  - os: osx
    env: TESTS=sawDRBG SAW=true
  - os: osx
    env: TESTS=sawHMACFailure SAW=true
  #This exception is because the test isn't finished yet, remove to turn on DRBG Saw tests
  - env: TESTS=sawDRBG SAW=true
  allow_failures:
    - os: osx
  fast_finish: true

before_install:
  # Setup the cache directory paths
  - if [[ ! -d test-deps ]]; then mkdir test-deps ; fi
  - export PYTHON_INSTALL_DIR=`pwd`/test-deps/python
  - export GNUTLS_INSTALL_DIR=`pwd`/test-deps/gnutls
  - export PRLIMIT_INSTALL_DIR=`pwd`/test-deps/prlimit
  - export SAW_INSTALL_DIR=`pwd`/test-deps/saw
  - export Z3_INSTALL_DIR=`pwd`/test-deps/z3
  - export LIBFUZZER_INSTALL_DIR=`pwd`/test-deps/libfuzzer
  - export LATEST_CLANG_INSTALL_DIR=`pwd`/test-deps/clang
  - export SCAN_BUILD_INSTALL_DIR=`pwd`/test-deps/scan-build
  - export OPENSSL_1_1_0_INSTALL_DIR=`pwd`/test-deps/openssl-1.1.0
  - export OPENSSL_1_0_2_INSTALL_DIR=`pwd`/test-deps/openssl-1.0.2
  - export LIBRESSL_INSTALL_DIR=`pwd`/test-deps/libressl
  # Install GCC 6 if on OSX
  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then   .travis/install_osx_dependencies.sh ; fi
  # Set GCC 6 as Default on both Ubuntu and OSX
  - alias gcc=$(which gcc-6)
  # Install latest version of clang, clang++, and llvm-symbolizer. Needed for fuzzing.
  - if [[ ! -d "$LATEST_CLANG_INSTALL_DIR" ]]; then .travis/install_clang.sh `mktemp -d` $LATEST_CLANG_INSTALL_DIR $TRAVIS_OS_NAME > /dev/null ; fi

# Install missing test dependencies. If the install directory already exists, cached artifacts will be used
# for that dependency.
install:
  # Download and Install LibFuzzer with latest clang
  - if [[ ! -d "$LIBFUZZER_INSTALL_DIR" ]]; then PATH=$LATEST_CLANG_INSTALL_DIR/bin:$PATH .travis/install_libFuzzer.sh `mktemp -d` $LIBFUZZER_INSTALL_DIR $TRAVIS_OS_NAME > /dev/null ; fi
  # Download and Install Openssl 1.1.0
  - if [[ ! -d "$OPENSSL_1_1_0_INSTALL_DIR" ]]; then .travis/install_openssl_1_1_0.sh `mktemp -d` $OPENSSL_1_1_0_INSTALL_DIR $TRAVIS_OS_NAME > /dev/null ; fi
  - if [[ ! -d "$OPENSSL_1_0_2_INSTALL_DIR" ]]; then .travis/install_openssl_1_0_2.sh `mktemp -d` $OPENSSL_1_0_2_INSTALL_DIR $TRAVIS_OS_NAME > /dev/null ; fi
  - if [[ ! -d "$LIBRESSL_INSTALL_DIR" ]]; then .travis/install_libressl.sh `mktemp -d` $LIBRESSL_INSTALL_DIR > /dev/null ; fi
  # Install python linked with the latest Openssl for integration tests
  - if [[ ! -d "$PYTHON_INSTALL_DIR" ]]; then mkdir -p $PYTHON_INSTALL_DIR && .travis/install_python.sh $OPENSSL_1_1_0_INSTALL_DIR `mktemp -d` $PYTHON_INSTALL_DIR > /dev/null ; fi
  # Download and Install GnuTLS for integration tests
  - if [[ ! -d "$GNUTLS_INSTALL_DIR" ]]; then mkdir -p $GNUTLS_INSTALL_DIR && .travis/install_gnutls.sh `mktemp -d` $GNUTLS_INSTALL_DIR $TRAVIS_OS_NAME > /dev/null ; fi
  - if [[ ! -d "$PRLIMIT_INSTALL_DIR" ]] && [[ "$TRAVIS_OS_NAME" == "linux" ]]; then mkdir -p $PRLIMIT_INSTALL_DIR && .travis/install_prlimit.sh `mktemp -d` $PRLIMIT_INSTALL_DIR > /dev/null ; fi
  - if [[ ! -d "$SCAN_BUILD_INSTALL_DIR" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then .travis/install_scan-build.sh $SCAN_BUILD_INSTALL_DIR; fi
  # Install SAW and Z3 for formal verification
  - if [[ ! -d "$SAW_INSTALL_DIR" ]]; then mkdir -p $SAW_INSTALL_DIR && .travis/install_saw.sh `mktemp -d` $SAW_INSTALL_DIR > /dev/null ; fi
  - if [[ ! -d "$Z3_INSTALL_DIR" ]]; then mkdir -p $Z3_INSTALL_DIR && .travis/install_z3.sh `mktemp -d` $Z3_INSTALL_DIR > /dev/null ; fi

before_script:
  # Add all of our test dependencies to the PATH. Use Openssl 1.1.0 so the latest openssl is used for s_client
  # integration tests.
  - export PATH=$PYTHON_INSTALL_DIR/bin:$OPENSSL_1_1_0_INSTALL_DIR/bin:$GNUTLS_INSTALL_DIR/bin:$SAW_INSTALL_DIR/bin:$Z3_INSTALL_DIR/bin:$SCAN_BUILD_INSTALL_DIR/bin:$PATH
  - export LD_LIBRARY_PATH=$OPENSSL_1_1_0_INSTALL_DIR/lib:$LD_LIBRARY_PATH; export DYLD_LIBRARY_PATH=$OPENSSL_1_1_0_INSTALL_DIR/lib:$LD_LIBRARY_PATH;
  # Select the libcrypto to build s2n against. If this is unset, default to the latest(Openssl 1.1.0)
  - if [[ -z $S2N_LIBCRYPTO ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_1_0_INSTALL_DIR ; fi
  - if [[ "$S2N_LIBCRYPTO" == "openssl-1.1.0" ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_1_0_INSTALL_DIR ; fi
  - if [[ "$S2N_LIBCRYPTO" == "openssl-1.0.2" ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_0_2_INSTALL_DIR ; fi
  - if [[ "$S2N_LIBCRYPTO" == "libressl" ]]; then export LIBCRYPTO_ROOT=$LIBRESSL_INSTALL_DIR ; fi
  # Set the libfuzzer to use for fuzz tests
  - export LIBFUZZER_ROOT=$LIBFUZZER_INSTALL_DIR
  # Create a link to the selected libcrypto. This shouldn't be needed when LIBCRYPTO_ROOT is set, but some tests
  # have the "libcrypto-root" directory path hardcoded.
  - rm -rf libcrypto-root && ln -s $LIBCRYPTO_ROOT libcrypto-root
  # Use prlimit to set the memlock limit to unlimited for linux. OSX is unlimited by default
  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo -E $PRLIMIT_INSTALL_DIR/bin/prlimit --pid "$$" --memlock=unlimited:unlimited ; fi

script:
  - if [[ "$BUILD_S2N" == "true" ]]; then .travis/run_cppcheck.sh ; fi
  - if [[ "$BUILD_S2N" == "true" && "$TRAVIS_OS_NAME" == "linux" ]]; then .travis/run_kwstyle.sh ; fi
  - if [[ "$TRAVIS_OS_NAME" == "linux" && "$TESTS" == "integration" ]]; then make -j 8   ; fi
  # Build and run unit tests with scan-build for osx. scan-build bundle isn't available for linux
  - if [[ "$TRAVIS_OS_NAME" == "osx" && "$TESTS" == "integration" ]]; then   scan-build --status-bugs -o /tmp/scan-build make -j8; STATUS=$?; test $STATUS -ne 0 && cat /tmp/scan-build/*/* ; [ "$STATUS" -eq "0" ] ; fi
  - if [[ "$TESTS" == "integration" ]]; then make clean; make integration ; fi
  - if [[ "$TESTS" == "fuzz" ]]; then export PATH=$LATEST_CLANG_INSTALL_DIR/bin:$PATH && make clean && make fuzz ; fi
  - if [[ "$TRAVIS_OS_NAME" == "linux" && "$TESTS" == "sawHMAC" ]]; then make -C tests/saw/ tmp/verify_s2n_hmac_$SAW_HMAC_TEST.log ; fi
  - if [[ "$TESTS" == "sawDRBG" ]]; then make -C tests/saw tmp/spec/DRBG/DRBG.log ; fi
  - if [[ "$TESTS" == "sawHMACFailure" ]]; then make -C tests/saw failure-tests ; fi