2015-09-15 06:57:03 +00:00
|
|
|
language: c
|
2015-01-21 15:57:02 +00:00
|
|
|
|
2015-09-15 06:57:03 +00:00
|
|
|
addons:
|
|
|
|
apt_packages:
|
|
|
|
- binutils-mingw-w64-i686
|
|
|
|
- binutils-mingw-w64-x86-64
|
|
|
|
- docbook-xsl
|
|
|
|
- gcc-mingw-w64-i686
|
|
|
|
- gcc-mingw-w64-x86-64
|
|
|
|
- libpcsclite-dev
|
|
|
|
- mingw-w64
|
|
|
|
- wine
|
|
|
|
- xsltproc
|
2015-11-06 07:24:16 +00:00
|
|
|
- gengetopt
|
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
|
|
|
- libcmocka-dev
|
2015-09-14 20:45:13 +00:00
|
|
|
|
2015-01-21 15:57:02 +00:00
|
|
|
env:
|
|
|
|
global:
|
2018-05-24 09:55:25 +00:00
|
|
|
# The next declaration are encrypted envirnmet variables, created via the
|
|
|
|
# "travis encrypt" command using the project repo's public key
|
|
|
|
# COVERITY_SCAN_TOKEN
|
2015-09-14 20:45:13 +00:00
|
|
|
- secure: "UkHn7wy4im8V1nebCWbAetnDSOLRUbOlF6++ovk/7Bnso1/lnhXHelyzgRxfD/oI68wm9nnRV+RQEZ9+72Ug1CyvHxyyxxkwal/tPeHH4B/L+aGdPi0id+5OZSKIm77VP3m5s102sJMJgH7DFd03+nUd0K26p0tk8ad4j1geV4c="
|
2018-05-24 09:55:25 +00:00
|
|
|
# GH_TOKEN
|
|
|
|
- secure: "cUAvpN/XUPMIN5cgWAbIOhghRoLXyw7SCydzGaJ1Ucqb9Ml2v5iuLLuN57YbZHTiWw03vy6rYVzzwMDrHX8r3oUALsv7ViJHG4PzIe7fAFZsZpHECmGsp6SEnue7m7BNy3FT8KYbiXxnxDO0SxmFXlrPAYR0WMZCWx2TENYcafs="
|
2018-04-07 10:08:08 +00:00
|
|
|
- COVERITY_SCAN_BRANCH_PATTERN="(master|coverity.*)"
|
|
|
|
- COVERITY_SCAN_NOTIFICATION_EMAIL="viktor.tarasov@gmail.com"
|
|
|
|
- COVERITY_SCAN_BUILD_COMMAND="make -j 4"
|
|
|
|
- COVERITY_SCAN_PROJECT_NAME="$TRAVIS_REPO_SLUG"
|
|
|
|
- SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)
|
2015-01-21 15:57:02 +00:00
|
|
|
|
|
|
|
matrix:
|
2016-11-23 18:14:24 +00:00
|
|
|
fast_finish: true
|
2015-01-21 15:57:02 +00:00
|
|
|
include:
|
|
|
|
- compiler: clang
|
2015-03-31 22:13:19 +00:00
|
|
|
os: osx
|
2018-05-24 09:55:25 +00:00
|
|
|
env: DO_PUSH_ARTIFACT=yes
|
2015-01-21 15:57:02 +00:00
|
|
|
- compiler: gcc
|
2015-03-31 22:13:19 +00:00
|
|
|
os: osx
|
|
|
|
- compiler: clang
|
|
|
|
os: linux
|
|
|
|
env: ENABLE_DOC=--enable-doc
|
|
|
|
- compiler: gcc
|
|
|
|
os: linux
|
|
|
|
env: ENABLE_DOC=--enable-doc
|
2015-09-13 08:56:28 +00:00
|
|
|
- os: linux
|
2018-05-24 09:55:25 +00:00
|
|
|
env:
|
|
|
|
- HOST=x86_64-w64-mingw32
|
|
|
|
- DO_PUSH_ARTIFACT=yes
|
2015-09-13 08:56:28 +00:00
|
|
|
- os: linux
|
2018-05-24 09:55:25 +00:00
|
|
|
env:
|
|
|
|
- HOST=i686-w64-mingw32
|
|
|
|
- DO_PUSH_ARTIFACT=yes
|
2018-04-07 10:08:08 +00:00
|
|
|
- os: linux
|
|
|
|
env: DO_COVERITY_SCAN=yes
|
2015-01-21 15:57:02 +00:00
|
|
|
|
2015-11-06 07:24:16 +00:00
|
|
|
before_install:
|
|
|
|
- if [ "$TRAVIS_OS_NAME" == "osx" ]; then
|
|
|
|
brew update;
|
|
|
|
brew uninstall libtool;
|
|
|
|
brew install libtool;
|
2018-06-01 19:11:02 +00:00
|
|
|
brew install gengetopt help2man cmocka;
|
2015-11-06 07:24:16 +00:00
|
|
|
fi
|
|
|
|
|
2015-01-21 15:57:02 +00:00
|
|
|
before_script:
|
|
|
|
- ./bootstrap
|
|
|
|
- if [ -z "$HOST" ]; then
|
2017-08-02 20:04:17 +00:00
|
|
|
CFLAGS="-Werror" ./configure $ENABLE_DOC --enable-dnie-ui;
|
2015-01-21 15:57:02 +00:00
|
|
|
else
|
2015-09-15 06:57:03 +00:00
|
|
|
if [ ! -f "$(winepath 'C:/Program Files (x86)/Inno Setup 5/ISCC.exe')" ]; then
|
|
|
|
/sbin/start-stop-daemon --start --quiet --pidfile /tmp/custom_xvfb_99.pid --make-pidfile --background --exec /usr/bin/Xvfb -- :99 -ac -screen 0 1280x1024x16;
|
|
|
|
export DISPLAY=:99.0;
|
|
|
|
wget http://files.jrsoftware.org/is/5/isetup-5.5.6.exe;
|
|
|
|
wine isetup-5.5.6.exe /SILENT /VERYSILENT /SP- /SUPPRESSMSGBOXES /NORESTART;
|
|
|
|
fi;
|
2015-01-21 15:57:02 +00:00
|
|
|
unset CC;
|
|
|
|
unset CXX;
|
2017-08-02 20:04:17 +00:00
|
|
|
./configure --host=$HOST --disable-openssl --disable-readline --disable-zlib --disable-notify --prefix=${TRAVIS_BUILD_DIR}/win32/opensc || cat config.log;
|
2015-01-21 15:57:02 +00:00
|
|
|
fi
|
2018-04-07 11:09:29 +00:00
|
|
|
# Optionally try to upload to Coverity Scan
|
|
|
|
# On error (propably quota is exhausted), just continue
|
|
|
|
- if [ "${DO_COVERITY_SCAN}" = "yes" ]; then curl -s 'https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh' | bash || true; fi
|
2015-01-21 15:57:02 +00:00
|
|
|
|
|
|
|
script:
|
2018-04-07 10:08:08 +00:00
|
|
|
- if [ "${DO_COVERITY_SCAN}" != "yes" ]; then
|
2015-03-31 22:13:19 +00:00
|
|
|
if [ $TRAVIS_OS_NAME == osx ]; then
|
2016-02-29 19:47:09 +00:00
|
|
|
./MacOSX/build;
|
2015-03-31 22:13:19 +00:00
|
|
|
else
|
2018-04-07 11:04:27 +00:00
|
|
|
make;
|
2015-03-31 22:13:19 +00:00
|
|
|
fi;
|
2015-01-21 15:57:02 +00:00
|
|
|
fi
|
2018-04-07 10:08:08 +00:00
|
|
|
- if [ -z "$HOST" -a "${DO_COVERITY_SCAN}" != "yes" ]; then
|
2018-04-04 13:46:49 +00:00
|
|
|
make check && make dist;
|
2015-01-21 15:57:02 +00:00
|
|
|
fi
|
2018-04-07 10:08:08 +00:00
|
|
|
- if [ ! -z "$HOST" -a "${DO_COVERITY_SCAN}" != "yes" ]; then
|
2015-09-14 20:45:13 +00:00
|
|
|
make install;
|
|
|
|
wine "C:/Program Files (x86)/Inno Setup 5/ISCC.exe" win32/OpenSC.iss;
|
|
|
|
fi
|
2015-09-15 06:57:03 +00:00
|
|
|
|
2017-02-24 21:52:35 +00:00
|
|
|
after_script:
|
|
|
|
# kill process started during compilation to finish the build, see
|
|
|
|
# https://github.com/moodlerooms/moodle-plugin-ci/issues/33 for details
|
2017-03-03 10:03:32 +00:00
|
|
|
- if [ ! -z "$HOST" ]; then
|
2017-02-24 21:52:35 +00:00
|
|
|
killall services.exe;
|
|
|
|
fi
|
|
|
|
|
2018-05-24 09:55:25 +00:00
|
|
|
# keep in sync with appveyor.yml
|
2018-08-30 20:05:46 +00:00
|
|
|
- if [ "${DO_PUSH_ARTIFACT}" = "yes" -a "$TRAVIS_PULL_REQUEST" = "false" ]; then
|
2018-05-24 09:55:25 +00:00
|
|
|
git config --global user.email "builds@travis-ci.org";
|
|
|
|
git config --global user.name "Travis CI";
|
|
|
|
.github/push_artifacts.sh "Travis CI build ${TRAVIS_JOB_NUMBER}";
|
|
|
|
fi
|
|
|
|
|
2015-09-15 06:57:03 +00:00
|
|
|
cache: ccache
|