mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-03 23:43:40 +00:00
796bc2b8f9
Document mbedtls_calloc zeroization
190 lines
7.0 KiB
YAML
190 lines
7.0 KiB
YAML
# Declare python as our language. This way we get our chosen Python version,
|
|
# and pip is available. Gcc and clang are available anyway.
|
|
language: python
|
|
python: 3.5
|
|
sudo: false
|
|
cache: ccache
|
|
|
|
jobs:
|
|
include:
|
|
- name: basic checks and reference configurations
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- gnutls-bin
|
|
- doxygen
|
|
- graphviz
|
|
- gcc-arm-none-eabi
|
|
- libnewlib-arm-none-eabi
|
|
- gcc-arm-linux-gnueabi
|
|
- libc6-dev-armel-cross
|
|
script:
|
|
- tests/scripts/all.sh -k 'check_*'
|
|
- tests/scripts/all.sh -k test_default_out_of_box
|
|
- tests/scripts/all.sh -k test_ref_configs
|
|
- tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
|
|
|
|
- name: full configuration
|
|
os: linux
|
|
dist: focal
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- clang-10
|
|
- gnutls-bin
|
|
env:
|
|
# Platform tests have an allocation that returns null
|
|
- ASAN_OPTIONS="allocator_may_return_null=1"
|
|
- MSAN_OPTIONS="allocator_may_return_null=1"
|
|
script:
|
|
# Do a manual build+test sequence rather than using all.sh,
|
|
# because there's no all.sh component that does what we want,
|
|
# which is a build with Clang >= 10 and ASan, running all the SSL
|
|
# testing.
|
|
# - The clang executable in the default PATH is Clang 7 on
|
|
# Travis's focal instances, but we want Clang >= 10.
|
|
# - Running all the SSL testing requires a specific set of
|
|
# OpenSSL and GnuTLS versions and we don't want to bother
|
|
# with those on Travis.
|
|
# So we explicitly select clang-10 as the compiler, and we
|
|
# have ad hoc restrictions on SSL testing based on what is
|
|
# passing at the time of writing. We will remove these limitations
|
|
# gradually.
|
|
- make generated_files
|
|
- make CC=clang-10 CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all -O2' LDFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all'
|
|
- make test
|
|
- programs/test/selftest
|
|
- tests/scripts/test_psa_constant_names.py
|
|
- tests/ssl-opt.sh
|
|
# Modern OpenSSL does not support null ciphers.
|
|
- tests/compat.sh -p OpenSSL -e 'NULL'
|
|
- tests/scripts/travis-log-failure.sh
|
|
# GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it.
|
|
- tests/compat.sh -p GnuTLS -e 'CAMELLIA'
|
|
- tests/scripts/travis-log-failure.sh
|
|
- tests/context-info.sh
|
|
|
|
- name: Windows
|
|
os: windows
|
|
# The language 'python' is currently unsupported on the
|
|
# Windows Build Environment. And 'generic' causes the job to get stuck
|
|
# on "Booting virtual machine".
|
|
language: c
|
|
before_install:
|
|
- choco install python --version=3.5.4
|
|
env:
|
|
# Add the directory where the Choco packages go
|
|
- PATH=/c/Python35:/c/Python35/Scripts:$PATH
|
|
- PYTHON=python.exe
|
|
script:
|
|
- type perl; perl --version
|
|
- type python; python --version
|
|
- scripts/make_generated_files.bat
|
|
# Logs appear out of sequence on Windows. Give time to catch up.
|
|
- sleep 5
|
|
- scripts/windows_msbuild.bat v141 # Visual Studio 2017
|
|
- visualc/VS2013/x64/Release/selftest.exe
|
|
|
|
- name: full configuration on arm64
|
|
os: linux
|
|
dist: focal
|
|
arch: arm64
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- gcc
|
|
env:
|
|
# Platform tests have an allocation that returns null
|
|
- ASAN_OPTIONS="allocator_may_return_null=1"
|
|
- MSAN_OPTIONS="allocator_may_return_null=1"
|
|
script:
|
|
# Do a manual build+test sequence rather than using all.sh.
|
|
#
|
|
# On Arm64 host of Travis CI, the time of `test_full_cmake_*` exceeds
|
|
# limitation of Travis CI. Base on `test_full_cmake_*`, we removed
|
|
# `ssl-opt.sh` and GnuTLS compat.sh here to meet the time limitation.
|
|
- scripts/config.py full
|
|
- make generated_files
|
|
- make CFLAGS='-O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
|
|
- make test
|
|
- programs/test/selftest
|
|
- tests/scripts/test_psa_constant_names.py
|
|
# Modern OpenSSL does not support fixed ECDH or null ciphers.
|
|
- tests/compat.sh -p OpenSSL -e 'NULL\|ECDH_'
|
|
- tests/scripts/travis-log-failure.sh
|
|
- tests/context-info.sh
|
|
|
|
- name: full configuration(GnuTLS compat tests) on arm64
|
|
os: linux
|
|
dist: focal
|
|
arch: arm64
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- clang
|
|
- gnutls-bin
|
|
env:
|
|
# Platform tests have an allocation that returns null
|
|
- ASAN_OPTIONS="allocator_may_return_null=1"
|
|
- MSAN_OPTIONS="allocator_may_return_null=1"
|
|
script:
|
|
# Do a manual build+test sequence rather than using all.sh.
|
|
#
|
|
# On Arm64 host of Travis CI, the time of `test_full_cmake_*` exceeds
|
|
# limitation of Travis CI. Base on `test_full_cmake_*`, we removed
|
|
# `ssl-opt.sh` and OpenSSl compat.sh here to meet the time limitation.
|
|
- scripts/config.py full
|
|
- make generated_files
|
|
- make CC=clang CFLAGS='-O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
|
|
# GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it.
|
|
- tests/compat.sh -p GnuTLS -e 'CAMELLIA'
|
|
- tests/scripts/travis-log-failure.sh
|
|
- tests/context-info.sh
|
|
|
|
- name: Arm64 accelerators tests on arm64 host
|
|
os: linux
|
|
dist: focal
|
|
arch: arm64
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- gcc
|
|
script:
|
|
# Do a manual build+test sequence rather than using all.sh.
|
|
#
|
|
# This is arm64 host only test for no runtime detection case. Internal
|
|
# and Open CI do not include Arm64 host, and they check if components
|
|
# are be tested. As result, it will always fail on `pre-test-check` in
|
|
# them.
|
|
- scripts/config.py unset MBEDTLS_AESNI_C
|
|
- scripts/config.py unset MBEDTLS_PADLOCK_C
|
|
- scripts/config.py set MBEDTLS_AESCE_C
|
|
- scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
|
|
- make generated_files
|
|
- make
|
|
- programs/test/selftest aes | grep "using AESCE"
|
|
- tests/context-info.sh
|
|
|
|
after_failure:
|
|
- tests/scripts/travis-log-failure.sh
|
|
|
|
env:
|
|
global:
|
|
- SEED=1
|
|
- secure: "JECCru6HASpKZ0OLfHh8f/KXhKkdrCwjquZghd/qbA4ksxsWImjR7KEPERcaPndXEilzhDbKwuFvJiQX2duVgTGoq745YGhLZIjzo1i8tySkceCVd48P8WceYGz+F/bmY7r+m6fFNuxDSoGGSVeA4Lnjvmm8PFUP45YodDV9no4="
|
|
|
|
install:
|
|
- $PYTHON scripts/min_requirements.py
|
|
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- gnutls-bin
|
|
coverity_scan:
|
|
project:
|
|
name: "ARMmbed/mbedtls"
|
|
notification_email: support-mbedtls@arm.com
|
|
build_command_prepend:
|
|
build_command: make
|
|
branch_pattern: coverity_scan
|