Mercurial > dropbear

view .travis.yml @ 1790:42745af83b7d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Introduce extra delay before closing unauthenticated sessions To make it harder for attackers, introduce a delay to keep an unauthenticated session open a bit longer, thus blocking a connection slot until after the delay. Without this, while there is a limit on the amount of attempts an attacker can make at the same time (MAX_UNAUTH_PER_IP), the time taken by dropbear to handle one attempt is still short and thus for each of the allowed parallel attempts many attempts can be chained one after the other. The attempt rate is then: "MAX_UNAUTH_PER_IP / <process time of one attempt>". With the delay, this rate becomes: "MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
author Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
date Wed, 15 Feb 2017 13:53:04 +0100
parents 32307118bc26
children f78e67527731
line wrap: on
line source

language: c

git:
  depth: 3

# use focal which provides libtommath 1.20
dist: focal

matrix:
  include:
    - name: "plain linux"
      compiler: gcc
      env: WEXTRAFLAGS=-Werror
    - name: "multi binary"
      env: MULTI=1 WEXTRAFLAGS=-Werror
    - name: "bundled libtom, xenial, no writev()"
      # NOWRITEV is unrelated to libtom/xenial, test here to save a job
      env: CONFIGURE_FLAGS=--enable-bundled-libtom WEXTRAFLAGS=-Werror NOWRITEV=1 
      # can use an older distro with bundled libtom
      dist: xenial
    - name: "linux clang"
      os: linux
      compiler: clang
      env: WEXTRAFLAGS=-Werror
    - name: "osx"
      os: osx
      compiler: clang
      # OS X says daemon() and utmp are deprecated
      env: WEXTRAFLAGS="-Wno-deprecated-declarations -Werror"
    # Note: the fuzzing malloc wrapper doesn't replace free() in system libtomcrypt, so need bundled.
    # Address sanitizer
    - name: "fuzz-asan"
      env: DO_FUZZ=1 CONFIGURE_FLAGS="--enable-fuzz --disable-harden --enable-bundled-libtom" WEXTRAFLAGS=-Werror LDFLAGS=-fsanitize=address EXTRACFLAGS=-fsanitize=address CXX=clang++
      compiler: clang
    # Undefined Behaviour sanitizer
    - name: "fuzz-ubsan"
      # don't fail with alignment due to https://github.com/libtom/libtomcrypt/issues/549
      env: DO_FUZZ=1 CONFIGURE_FLAGS="--enable-fuzz --disable-harden --enable-bundled-libtom" WEXTRAFLAGS=-Werror LDFLAGS=-fsanitize=undefined EXTRACFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-recover=alignment" CXX=clang++
      compiler: clang

# container-based builds
addons:
  apt:
    packages:
    # packages list: https://github.com/travis-ci/apt-package-whitelist/blob/master/ubuntu-precise
    - zlib1g-dev
    - libtomcrypt-dev
    - libtommath-dev
    - mercurial

before_install:
  - if [ "$CC" = "clang" ]; then WEXTRAFLAGS="$WEXTRAFLAGS -Wno-error=incompatible-library-redeclaration" ; fi  # workaround

install:
  - autoconf 
  - autoheader 
  - ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1)
  - if [ "$NOWRITEV" = "1" ]; then sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h ; fi
  - make lint
  - make -j3 
  - test -z $DO_FUZZ || make fuzzstandalone
  # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093)
  - make install 

script:
  - ~/inst/bin/dropbearkey -t rsa -f testrsa
  - ~/inst/bin/dropbearkey -t dss -f testdss
  - ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256
  - ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384
  - ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521
  - ~/inst/bin/dropbearkey -t ed25519 -f tested25519
  - test -z $DO_FUZZ || ./fuzzers_test.sh

branches:
  only:
    - master
    - coverity