[gnutls-devel] GnuTLS | New CI runner with clang combined ubsan+asan (!1151)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Jan 23 18:40:30 CET 2020
Tim Rühsen commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/merge_requests/1151#note_276106819
> + - ./bootstrap
> + - export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1:suppressions=$(pwd)/devel/ubsan.supp
> + - export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp
> + - export ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer
> + - export CC=clang
> + - export CXX=clang++
> +
> +# This makes several tests fail, needs discussion if helpful
> +# - export CFLAGS="-std=c99 -O1 -g -Werror -fno-omit-frame-pointer -fsanitize=undefined,integer,nullability,bool,alignment,null,enum,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-recover=unsigned-integer-overflow -fsanitize-address-use-after-scope"
> +
> +# This is from OSS-Fuzz (20.12.2019)
> + - export CFLAGS="-std=c99 -O1 -g -Werror -fno-omit-frame-pointer -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr,address,leak,alignment -fno-sanitize-recover=all -fsanitize-recover=unsigned-integer-overflow -fsanitize-address-use-after-scope"
> +
> + - export CXXFLAGS="$CFLAGS"
> +
> +# --disable-tls13-interop because tests/suite/testcompat-tls13-openssl.sh fails with clang sanitizers
I can't tell. You get
```
$ cat tests/suite/testcompat-tls13-openssl.log
Compatibility checks using OpenSSL
#################################################
# Client mode tests (gnutls cli-openssl server) #
#################################################
Checking TLS 1.3 with AES-128-GCM...
Checking TLS 1.3 with AES-256-GCM...
Checking TLS 1.3 with CHACHA20-POLY1305...
Checking TLS 1.3 with AES-128-CCM...
Checking TLS 1.3 with AES-128-CCM-8...
Checking TLS 1.3 with GROUP-X25519...
Checking TLS 1.3 with GROUP-SECP256R1...
Checking TLS 1.3 with GROUP-SECP384R1...
Checking TLS 1.3 with GROUP-SECP521R1...
Checking TLS 1.3 with double rekey...
Checking TLS 1.3 with HRR...
Checking TLS 1.3 with DHE-PSK with AES-128-GCM...
Checking TLS 1.3 with RSA client cert and GROUP-SECP256R1...
Checking TLS 1.3 with secp256r1 client cert and GROUP-SECP256R1...
Checking TLS 1.3 with Ed25519 client cert and GROUP-SECP256R1...
Checking TLS 1.3 with RSA-PSS client cert and GROUP-SECP256R1...
Checking TLS 1.3 with Ed25519 certificate...
Checking TLS 1.3 with secp256r1 certificate...
Checking TLS 1.3 with RSA-PSS certificate...
Checking TLS 1.3 with resumption...
*** This is a resumed session
Checking TLS 1.3 with resumption and HRR...
*** This is a resumed session
Checking TLS 1.3 with resumption with early data...
*** Fatal error: The TLS connection was non-properly terminated.
*** Server has terminated the connection abnormally.
Failure: Failed
FAIL testcompat-tls13-openssl.sh (exit status: 1)
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1151#note_276106819
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200123/17978b7e/attachment.html>
More information about the Gnutls-devel
mailing list