mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
4605c5ab47
Fixes #12627 Changed security check for DSA verification to match SP800-131Ar2 when the security strength is < 112. Fixed compilation error when using config opt 'no-fips-securitychecks' Removed TODO's from 20-test_cli_fips.t - there is no longer an TODO error. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13387)
268 lines
11 KiB
YAML
268 lines
11 KiB
YAML
dist: bionic
|
|
|
|
osx_image: xcode9.3
|
|
|
|
language: c
|
|
cache: ccache
|
|
git:
|
|
submodules: false
|
|
quiet: true
|
|
|
|
before_install:
|
|
- if [ -n "$COVERALLS" ]; then
|
|
travis_retry pip install --user cpp-coveralls;
|
|
fi;
|
|
- if expr "$CONFIG_OPTS" ":" ".*enable-external-tests" > /dev/null; then
|
|
travis_retry git submodule update --init --recursive;
|
|
fi;
|
|
- eval "${MATRIX_EVAL}"
|
|
|
|
arch:
|
|
- amd64
|
|
|
|
os:
|
|
- linux
|
|
- osx
|
|
|
|
compiler:
|
|
- clang
|
|
- gcc
|
|
|
|
env:
|
|
# Note: env entry here must exactly match the value in the exclude: table below that contains env:, otherwise it will not find a match.
|
|
- CONFIG_OPTS="" DESTDIR="_install"
|
|
- CONFIG_OPTS="no-asm --debug --strict-warnings no-afalgeng no-shared enable-rc5 enable-md2 -fsanitize=address" LSAN_OPTIONS="report_objects=1"
|
|
- CONFIG_OPTS="no-asm no-makedepend enable-buildtest-c++ --strict-warnings -D_DEFAULT_SOURCE" BUILDONLY="yes" CHECKDOCS="yes" CPPFLAGS="-ansi"
|
|
|
|
jobs:
|
|
exclude:
|
|
- os: linux
|
|
compiler: clang
|
|
env: CONFIG_OPTS="" DESTDIR="_install"
|
|
- os: linux
|
|
compiler: clang
|
|
env: CONFIG_OPTS="no-asm no-makedepend enable-buildtest-c++ --strict-warnings --with-rand-seed=rdcpu,os -D_DEFAULT_SOURCE" BUILDONLY="yes" CHECKDOCS="yes" CPPFLAGS="-ansi"
|
|
- os: osx
|
|
compiler: gcc
|
|
- os: osx
|
|
env: CONFIG_OPTS="no-asm --debug --strict-warnings no-afalgeng no-shared enable-rc5 enable-md2 -fsanitize=address" LSAN_OPTIONS="report_objects=1"
|
|
include:
|
|
- os: linux
|
|
arch: arm64
|
|
compiler: gcc
|
|
env: CONFIG_OPTS="--strict-warnings" MAKEVERBOSE="yes"
|
|
- os: linux
|
|
arch: arm64
|
|
compiler: gcc
|
|
env: CONFIG_OPTS="no-asm no-makedepend no-deprecated enable-buildtest-c++ --strict-warnings -D_DEFAULT_SOURCE" BUILDONLY="yes" CHECKDOCS="yes" GENERATE="yes" CPPFLAGS="-ansi"
|
|
- os: linux
|
|
arch: s390x
|
|
compiler: gcc
|
|
env: CONFIG_OPTS="--strict-warnings"
|
|
- os: linux-ppc64le
|
|
compiler: gcc
|
|
env: CONFIG_OPTS="--strict-warnings"
|
|
- os: linux
|
|
compiler: gcc
|
|
env: CONFIG_OPTS="--strict-warnings no-ec enable-trace enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd" COMMENT="Move to the BORINGTEST build when interoperable"
|
|
- os: linux
|
|
dist: trusty
|
|
compiler: clang
|
|
env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES"
|
|
- os: linux
|
|
dist: xenial
|
|
compiler: gcc
|
|
env: CONFIG_OPTS="--strict-warnings no-deprecated enable-rc5 enable-md2"
|
|
- os: linux
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- binutils-mingw-w64
|
|
- gcc-mingw-w64
|
|
compiler: i686-w64-mingw32-gcc
|
|
env: CONFIG_OPTS="no-stdio" BUILDONLY="yes"
|
|
- os: linux
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- golang-1.10
|
|
compiler: gcc
|
|
env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-weak-ssl-ciphers no-shared enable-buildtest-c++ -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" COVERALLS="yes" BORINGSSL_TESTS="yes" CXX="g++"
|
|
- os: linux
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- golang-1.10
|
|
- cmake
|
|
- libtest2-suite-perl
|
|
compiler: gcc
|
|
# External test pyca-cryptography temporarily disabled due to long term travis failures
|
|
env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-external-tests enable-buildtest-c++" BORINGSSL_TESTS="yes" CXX="g++" TESTS="test_external_boringssl test_external_krb5 test_external_gost_engine"
|
|
- os: linux
|
|
compiler: clang
|
|
env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan disable-afalgeng -Wno-unused-command-line-argument"
|
|
- os: linux
|
|
compiler: clang
|
|
env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared enable-buildtest-c++ -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -Wno-unused-command-line-argument" CXX="clang++"
|
|
- os: linux
|
|
compiler: gcc
|
|
env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-buildtest-c++" OPENSSL_TEST_RAND_ORDER=0
|
|
- os: linux
|
|
dist: xenial
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- binutils-mingw-w64
|
|
- gcc-mingw-w64
|
|
compiler: i686-w64-mingw32-gcc
|
|
env: EXTENDED_TEST="yes" CONFIG_OPTS="no-pic"
|
|
- os: linux
|
|
dist: xenial
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- binutils-mingw-w64
|
|
- gcc-mingw-w64
|
|
compiler: x86_64-w64-mingw32-gcc
|
|
env: EXTENDED_TEST="yes" CONFIG_OPTS="no-pic"
|
|
- os: linux
|
|
language: python
|
|
python: 3.7
|
|
install: pip install flake8
|
|
before_script:
|
|
# stop the build if there are Python syntax errors or undefined names
|
|
- flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics
|
|
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
|
|
- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
|
|
script: true
|
|
- os: linux
|
|
compiler: gcc
|
|
env: CONFIGURE_TARGET="linux-generic32" MARKDOWNLINT="yes" CONFIG_OPTS="--strict-warnings no-shared no-dso no-pic no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-cmp no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-ktls no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-siv no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-fips-securitychecks no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT"
|
|
|
|
|
|
before_script:
|
|
- env
|
|
- if [ "$TRAVIS_PULL_REQUEST" != "false" -a -n "$EXTENDED_TEST" ]; then
|
|
(git log -1 $TRAVIS_COMMIT_RANGE | grep '\[extended tests\]' > /dev/null) || travis_terminate 0;
|
|
fi
|
|
- if [ -n "$DESTDIR" ]; then
|
|
sh .travis-create-release.sh $TRAVIS_OS_NAME;
|
|
tar -xzf _srcdist.tar.gz;
|
|
mkdir -p _build/tree;
|
|
cd _build/tree;
|
|
srcdir=../../_srcdist;
|
|
top=../..;
|
|
else
|
|
srcdir=.;
|
|
top=.;
|
|
fi
|
|
- if [ "$CC" = i686-w64-mingw32-gcc ]; then
|
|
export CROSS_COMPILE=${CC%%gcc}; unset CC;
|
|
$srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
|
|
elif [ "$CC" = x86_64-w64-mingw32-gcc ]; then
|
|
export CROSS_COMPILE=${CC%%gcc}; unset CC;
|
|
$srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
|
|
else
|
|
if which ccache >/dev/null && test "$BORINGSSL_TESTS" != yes; then
|
|
CC="ccache $CC";
|
|
fi;
|
|
if [ -n "$CONFIGURE_TARGET" ]; then
|
|
$srcdir/Configure $CONFIGURE_TARGET $CONFIG_OPTS;
|
|
else
|
|
$srcdir/config -v $CONFIG_OPTS;
|
|
fi;
|
|
fi
|
|
- ./configdata.pm --dump
|
|
- export HARNESS_JOBS=${HARNESS_JOBS:-4}
|
|
- cd $top
|
|
|
|
script:
|
|
- if [ -z "$BUILDONLY" ] && [ -z "$MAKEVERBOSE" ] ; then
|
|
make="make -s";
|
|
else
|
|
make="make";
|
|
fi
|
|
- if [ -n "$GENERATE" ]; then
|
|
make2="$make PERL=no-perl";
|
|
else
|
|
make2="$make";
|
|
fi
|
|
- top=${PWD}
|
|
- if [ -n "$DESTDIR" ]; then
|
|
cd _build/tree;
|
|
fi
|
|
- if ! $make update; then
|
|
echo -e '\052\052 FAILED -- MAKE UPDATE';
|
|
travis_terminate 1;
|
|
fi
|
|
- if ! git diff --exit-code; then
|
|
echo -e '\052\052 FAILED -- UPDATED FILES NOT COMMITTED';
|
|
travis_terminate 1;
|
|
fi
|
|
- if test -n "$GENERATE" && ! $make build_all_generated; then
|
|
echo -e '\052\052 FAILED -- MAKE BUILD_ALL_GENERATED';
|
|
travis_terminate 1;
|
|
fi
|
|
- if test -n "$CHECKDOCS" && ! $make doc-nits; then
|
|
echo -e '\052\052 FAILED -- MAKE DOC-NITS';
|
|
travis_terminate 1;
|
|
fi
|
|
- if test -n "$MARKDOWNLINT" ; then
|
|
if ! gem install mdl ; then
|
|
echo -e '\052\052 FAILED -- GEM INSTALL MDL';
|
|
travis_terminate 1;
|
|
fi;
|
|
if ! $make md-nits ; then
|
|
echo -e '\052\052 FAILED -- MAKE MD-NITS';
|
|
travis_terminate 1;
|
|
fi;
|
|
fi
|
|
- if ! $make2; then
|
|
echo -e '\052\052 FAILED -- MAKE';
|
|
travis_terminate 1;
|
|
fi;
|
|
- if test -n "$CHECKDOCS" && ! $make cmd-nits; then
|
|
echo -e '\052\052 FAILED -- MAKE CMD-NITS';
|
|
travis_terminate 1;
|
|
fi
|
|
- if [ -z "$BUILDONLY" ]; then
|
|
if [ -n "$CROSS_COMPILE" ]; then
|
|
sudo dpkg --add-architecture i386;
|
|
sudo apt-get update;
|
|
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install wine;
|
|
export EXE_SHELL="wine" WINEPREFIX=`pwd`;
|
|
fi;
|
|
if [ -e krb5/src ]; then
|
|
sudo apt-get -yq install bison dejagnu gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python-cjson python-paste python-pyrad slapd tcl-dev tcsh;
|
|
fi;
|
|
if ! HARNESS_VERBOSE_FAILURE=yes BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner travis_wait 60 make _tests; then
|
|
echo -e '\052\052 FAILED -- MAKE TEST';
|
|
travis_terminate 1;
|
|
fi;
|
|
else
|
|
if ! $make build_tests >~/build.log 2>&1; then
|
|
echo -e '\052\052 FAILED -- MAKE BUILD_TESTS';
|
|
cat ~/build.log
|
|
travis_terminate 1;
|
|
fi;
|
|
fi
|
|
- if [ -n "$DESTDIR" ]; then
|
|
mkdir "$top/$DESTDIR";
|
|
if ! $make install DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then
|
|
echo -e '\052\052 FAILED -- MAKE INSTALL';
|
|
cat ~/install.log;
|
|
travis_terminate 1;
|
|
fi;
|
|
fi
|
|
- cd $top
|
|
- echo -e '\052\052 DONE'
|
|
|
|
after_success:
|
|
- if [ -n "$COVERALLS" ]; then
|
|
coveralls -b . --gcov gcov --gcov-options '\-lpbc';
|
|
fi;
|
|
|
|
notifications:
|
|
email:
|
|
secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4="
|