diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-12 14:48:19 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-13 08:29:54 +0100 |
commit | 1f246c381e8a7449d84b143ffe50a0818622d2a3 (patch) | |
tree | 9f753dd6e32a678aef01247fbc3168930542b966 | |
parent | 96476f5da225b46d3ab17eb3494ae4a24cca9525 (diff) | |
download | gnutls-tmp-pkcs11-avoid-locks.tar.gz |
lib: unconditionally enable the self-check functionstmp-pkcs11-avoid-locks
These functions were previously made available only in FIPS140-2
mode. Enabling them unconditionally allows applications to directly
utilize that functionality for testing the gnutls library.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | configure.ac | 14 | ||||
-rw-r--r-- | lib/Makefile.am | 6 | ||||
-rw-r--r-- | lib/includes/gnutls/self-test.h | 3 | ||||
-rw-r--r-- | tests/slow/Makefile.am | 5 | ||||
-rw-r--r-- | tests/slow/cipher-override.c | 5 | ||||
-rw-r--r-- | tests/slow/cipher-override2.c | 5 | ||||
-rw-r--r-- | tests/slow/cipher-test.c | 6 | ||||
-rw-r--r-- | tests/slow/mac-override.c | 5 |
8 files changed, 3 insertions, 46 deletions
diff --git a/configure.ac b/configure.ac index e7e0a1492b..71f53a083a 100644 --- a/configure.ac +++ b/configure.ac @@ -431,20 +431,14 @@ LT_INIT([disable-static,win32-dll,shared]) -AC_ARG_ENABLE(self-checks, - AS_HELP_STRING([--enable-self-checks], [enable self checking functionality]), - enable_self_checks=$enableval, enable_self_checks=no) - AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);]) AC_ARG_ENABLE(fips140-mode, - AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode (implies self checks)]), + AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode]), enable_fips=$enableval, enable_fips=no) AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes") if [ test "$enable_fips" = "yes" ];then if test "x$HAVE_LIBDL" = "xyes";then - enable_self_checks=yes - AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode]) AC_SUBST([FIPS140_LIBS], $LIBDL) AC_ARG_WITH(fips140-key, AS_HELP_STRING([--with-fips140-key], @@ -550,11 +544,6 @@ if test "$enable_non_suiteb" = "yes";then fi AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes") -AM_CONDITIONAL(ENABLE_SELF_CHECKS, test "$enable_self_checks" = "yes") -if [ test "$enable_self_checks" = "yes" ];then - AC_DEFINE([ENABLE_SELF_CHECKS], 1, [Self checks are included in the library]) -fi - AC_MSG_CHECKING([whether to build libdane]) AC_ARG_ENABLE(libdane, AS_HELP_STRING([--disable-libdane], @@ -1066,7 +1055,6 @@ if features are disabled) Anon auth support: $ac_enable_anon Heartbeat support: $ac_enable_heartbeat IDNA support: $idna_support - Self checks: $enable_self_checks Non-SuiteB curves: $enable_non_suiteb FIPS140 mode: $enable_fips ]) diff --git a/lib/Makefile.am b/lib/Makefile.am index 575683f2e0..bf07ecf6f5 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -84,7 +84,8 @@ COBJECTS = range.c record.c compress.c debug.c cipher.c \ system_override.c crypto-backend.c verify-tofu.c pin.c tpm.c fips.c \ safe-memfuncs.c system/inet_pton.c atfork.c atfork.h randomart.c \ system-keys.h urls.c urls.h prf.c auto-verify.c dh-session.c \ - cert-session.c handshake-checks.c dtls-sw.c dh-primes.c openpgp_compat.c + cert-session.c handshake-checks.c dtls-sw.c dh-primes.c openpgp_compat.c \ + crypto-selftests.c crypto-selftests-pk.c if WINDOWS COBJECTS += system/keys-win.c @@ -92,9 +93,6 @@ else COBJECTS += system/keys-dummy.c endif -if ENABLE_SELF_CHECKS -COBJECTS += crypto-selftests.c crypto-selftests-pk.c -endif if ENABLE_PKCS11 COBJECTS += pkcs11.c pkcs11x.c pkcs11_privkey.c pkcs11_write.c pkcs11_secret.c \ diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h index b77ddde199..c3fd84cd06 100644 --- a/lib/includes/gnutls/self-test.h +++ b/lib/includes/gnutls/self-test.h @@ -27,9 +27,6 @@ /* Self checking functions */ - /* The functions are not part of the main API, and are conditionally - * enabled. */ - int gnutls_cipher_self_test(unsigned all, gnutls_cipher_algorithm_t cipher); int gnutls_mac_self_test(unsigned all, gnutls_mac_algorithm_t mac); int gnutls_digest_self_test(unsigned all, gnutls_digest_algorithm_t digest); diff --git a/tests/slow/Makefile.am b/tests/slow/Makefile.am index 7c9fc543cf..8f9c4e4db6 100644 --- a/tests/slow/Makefile.am +++ b/tests/slow/Makefile.am @@ -34,13 +34,8 @@ LDADD = ../libutils.la \ ../../gl/libgnu.la \ $(top_builddir)/lib/libgnutls.la $(LIBSOCKET) -if !ENABLE_SELF_CHECKS -cipher_test_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) -I$(top_builddir)/lib/ -cipher_override2_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) -I$(top_builddir)/lib/ -else cipher_test_CPPFLAGS = $(AM_CPPFLAGS) cipher_override2_CPPFLAGS = $(AM_CPPFLAGS) -endif ctests = gendh diff --git a/tests/slow/cipher-override.c b/tests/slow/cipher-override.c index fd5d0c990b..539a49fcdc 100644 --- a/tests/slow/cipher-override.c +++ b/tests/slow/cipher-override.c @@ -28,11 +28,6 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "<%d>| %s", level, str); } -#ifndef ENABLE_SELF_CHECKS -# define AVOID_INTERNALS -# include "../../lib/crypto-selftests.c" -#endif - struct myaes_ctx { struct aes_ctx aes; unsigned char iv[16]; diff --git a/tests/slow/cipher-override2.c b/tests/slow/cipher-override2.c index c7c2842eee..85c0b70417 100644 --- a/tests/slow/cipher-override2.c +++ b/tests/slow/cipher-override2.c @@ -16,11 +16,6 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "<%d>| %s", level, str); } -#ifndef ENABLE_SELF_CHECKS -# define AVOID_INTERNALS -# include "../../lib/crypto-selftests.c" -#endif - struct myaes_ctx { unsigned char iv[16]; }; diff --git a/tests/slow/cipher-test.c b/tests/slow/cipher-test.c index 6b66e678c9..da7e7e7673 100644 --- a/tests/slow/cipher-test.c +++ b/tests/slow/cipher-test.c @@ -32,12 +32,6 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "<%d>| %s", level, str); } -#ifndef ENABLE_SELF_CHECKS -# define AVOID_INTERNALS -# include "../../lib/crypto-selftests.c" -# include "../../lib/crypto-selftests-pk.c" -#endif - int main(int argc, char **argv) { gnutls_global_set_log_function(tls_log_func); diff --git a/tests/slow/mac-override.c b/tests/slow/mac-override.c index a2917bd946..1ef994217d 100644 --- a/tests/slow/mac-override.c +++ b/tests/slow/mac-override.c @@ -29,11 +29,6 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "<%d>| %s", level, str); } -#ifndef ENABLE_SELF_CHECKS -# define AVOID_INTERNALS -# include "../../lib/crypto-selftests.c" -#endif - struct myhash_ctx { struct sha1_ctx sha1; }; |