Fix incorrect RSA verify data length check (#182) #904
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI Checks | |
env: | |
bashPass: \033[32;1mPASSED - | |
bashInfo: \033[33;1mINFO - | |
bashFail: \033[31;1mFAILED - | |
bashEnd: \033[0m | |
on: | |
push: | |
branches: ["**"] | |
pull_request: | |
branches: [main] | |
workflow_dispatch: | |
jobs: | |
system-tests: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone This Repo | |
uses: actions/checkout@v3 | |
- name: Build | |
run: | | |
CFLAGS="-Wall -Wextra -DNDEBUG -DLIBRARY_LOG_LEVEL=LOG_DEBUG" | |
CFLAGS+=" -fsanitize=address,undefined" | |
cmake -S test -B build/ \ | |
-G "Unix Makefiles" \ | |
-DCMAKE_BUILD_TYPE=Debug \ | |
-DSYSTEM_TESTS=1 \ | |
-DUNIT_TESTS=0 \ | |
-DCMAKE_C_FLAGS="${CFLAGS}" | |
make -C build/ all | |
- name: Integration Tests | |
run: ctest --test-dir build --output-on-failure | tee -a $GITHUB_STEP_SUMMARY | |
- name: Archive Test Results | |
if: success() || failure() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: system_test_results | |
path: | | |
build/Testing/Temporary/LastTest.log | |
unit-tests-with-sanitizer: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone This Repo | |
uses: actions/checkout@v3 | |
- env: | |
stepName: Build corePKCS11 Sanitizer Unit Tests | |
run: | | |
# ${{ env.stepName }} | |
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" | |
CFLAGS="-Wall -Wextra -DNDEBUG" | |
CFLAGS+=" -fsanitize=address,undefined" | |
cmake -S test -B build/ \ | |
-G "Unix Makefiles" \ | |
-DCMAKE_BUILD_TYPE=Debug \ | |
-DUNIT_TESTS=1 \ | |
-DSYSTEM_TESTS=0 \ | |
-DCMAKE_C_FLAGS="${CFLAGS}" | |
make -C build/ all | |
echo "::endgroup::" | |
echo -e "${{ env.bashPass }} ${{env.stepName}} ${{ env.bashEnd }}" | |
- name: Run Unit Tests | |
run: ctest --test-dir build --output-on-failure | tee -a $GITHUB_STEP_SUMMARY | |
unit-tests: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone This Repo | |
uses: actions/checkout@v3 | |
- env: | |
stepName: Build corePKCS11 Unit Tests | |
run: | | |
# ${{ env.stepName }} | |
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" | |
sudo apt-get install -y lcov | |
CFLAGS="--coverage -Wall -Wextra -DNDEBUG" | |
cmake -S test -B build/ \ | |
-G "Unix Makefiles" \ | |
-DCMAKE_BUILD_TYPE=Debug \ | |
-DUNIT_TESTS=1 \ | |
-DSYSTEM_TESTS=0 \ | |
-DCMAKE_C_FLAGS="${CFLAGS}" | |
make -C build/ all | |
echo "::endgroup::" | |
echo -e "${{ env.bashPass }} ${{env.stepName}} ${{ env.bashEnd }}" | |
- name: Run Unit Tests | |
run: ctest --test-dir build --output-on-failure | tee -a $GITHUB_STEP_SUMMARY | |
- env: | |
stepName: Line and Branch Coverage Build | |
run: | | |
# ${{ env.stepName }} | |
echo -e "::group::${{ env.bashInfo }} Build Coverage Target ${{ env.bashEnd }}" | |
# Build the coverage target | |
make -C build/ coverage | |
# Generate coverage report, excluding extra directories | |
lcov --rc lcov_branch_coverage=1 -r build/coverage.info -o build/coverage.info '*test*' '*CMakeCCompilerId*' '*mocks*' | |
echo "::endgroup::" | |
lcov --list build/coverage.info | |
echo -e "${{ env.bashPass }} ${{env.stepName}} ${{ env.bashEnd }}" | |
- name: Archive Test Results | |
if: success() || failure() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: unit_test_results | |
path: | | |
build/utest_report.txt | |
build/*_out.txt | |
build/coverage.info | |
build/report.xml | |
build/Testing/Temporary/LastTest.log | |
- name: Upload coverage data to Codecov | |
if: success() | |
uses: codecov/codecov-action@v3 | |
with: | |
files: build/coverage.info | |
flags: unit_tests | |
fail_ci_if_error: false | |
verbose: false | |
complexity: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check complexity | |
uses: FreeRTOS/CI-CD-Github-Actions/complexity@main | |
with: | |
path: ./ | |
horrid_threshold: 20 | |
doxygen: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check doxygen build | |
uses: FreeRTOS/CI-CD-Github-Actions/doxygen@main | |
with: | |
path: ./ | |
spell-check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone This Repo | |
uses: actions/checkout@v3 | |
- name: Run spellings check | |
uses: FreeRTOS/CI-CD-Github-Actions/spellings@main | |
with: | |
path: ./ | |
formatting: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check formatting | |
uses: FreeRTOS/CI-CD-Github-Actions/formatting@main | |
with: | |
path: ./ | |
exclude-dirs: .git | |
link-verifier: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check Links | |
uses: FreeRTOS/CI-CD-Github-Actions/link-verifier@main | |
with: | |
path: ./ | |
verify-manifest: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
fetch-depth: 0 | |
- name: Run manifest verifier | |
uses: FreeRTOS/CI-CD-GitHub-Actions/manifest-verifier@main | |
with: | |
path: ./ | |
fail-on-incorrect-version: true | |
git-secrets: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Checkout awslabs/git-secrets | |
uses: actions/checkout@v3 | |
with: | |
repository: awslabs/git-secrets | |
ref: master | |
path: git-secrets | |
- name: Install git-secrets | |
run: cd git-secrets && sudo make install && cd .. | |
- name: Run git-secrets | |
run: | | |
git-secrets --register-aws | |
git-secrets --scan | |
memory_statistics: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- run: git submodule update --init --recursive --checkout | |
- name: Fetch dependencies (mbedtls) | |
run: | | |
cmake -S test -B build/ \ | |
-G "Unix Makefiles" \ | |
-DUNIT_TESTS=0 \ | |
-DSYSTEM_TESTS=0 \ | |
-DCMAKE_C_FLAGS="${CFLAGS}" | |
- name: Install Python3 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11.0" | |
- name: Measure sizes | |
uses: FreeRTOS/CI-CD-Github-Actions/memory_statistics@main | |
with: | |
config: .github/memory_statistics_config.json | |
check_against: docs/doxygen/include/size_table.md | |
proof_ci: | |
if: ${{ github.event.pull_request }} | |
runs-on: cbmc_ubuntu-latest_16-core | |
steps: | |
- name: Set up CBMC runner | |
uses: FreeRTOS/CI-CD-Github-Actions/set_up_cbmc_runner@main | |
with: | |
cbmc_version: "5.61.0" | |
cbmc_viewer_version: "3.5" | |
- name: Install cmake | |
run: | | |
sudo apt-get install -y cmake | |
- name: Fetch Mbedtls | |
run: | | |
cd test && cmake -B build | |
- name: check for mbedtls header file | |
run: | | |
cat test/build/_deps/mbedtls_2-src/include/mbedtls/pk.h | |
- name: Run CBMC | |
uses: FreeRTOS/CI-CD-Github-Actions/run_cbmc@main | |
with: | |
proofs_dir: test/cbmc/proofs |