Commit 1f246c38 authored by Nikos Mavrogiannopoulos's avatar Nikos Mavrogiannopoulos Committed by Nikos Mavrogiannopoulos
Browse files

lib: unconditionally enable the self-check functions



These functions were previously made available only in FIPS140-2
mode. Enabling them unconditionally allows applications to directly
utilize that functionality for testing the gnutls library.
Signed-off-by: Nikos Mavrogiannopoulos's avatarNikos Mavrogiannopoulos <nmav@gnutls.org>
parent 96476f5d
Pipeline #6979535 passed with stages
in 89 minutes
......@@ -431,20 +431,14 @@ LT_INIT([disable-static,win32-dll,shared])
AC_ARG_ENABLE(self-checks,
AS_HELP_STRING([--enable-self-checks], [enable self checking functionality]),
enable_self_checks=$enableval, enable_self_checks=no)
AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
AC_ARG_ENABLE(fips140-mode,
AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode (implies self checks)]),
AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode]),
enable_fips=$enableval, enable_fips=no)
AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes")
if [ test "$enable_fips" = "yes" ];then
if test "x$HAVE_LIBDL" = "xyes";then
enable_self_checks=yes
AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode])
AC_SUBST([FIPS140_LIBS], $LIBDL)
AC_ARG_WITH(fips140-key, AS_HELP_STRING([--with-fips140-key],
......@@ -550,11 +544,6 @@ if test "$enable_non_suiteb" = "yes";then
fi
AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes")
AM_CONDITIONAL(ENABLE_SELF_CHECKS, test "$enable_self_checks" = "yes")
if [ test "$enable_self_checks" = "yes" ];then
AC_DEFINE([ENABLE_SELF_CHECKS], 1, [Self checks are included in the library])
fi
AC_MSG_CHECKING([whether to build libdane])
AC_ARG_ENABLE(libdane,
AS_HELP_STRING([--disable-libdane],
......@@ -1066,7 +1055,6 @@ if features are disabled)
Anon auth support: $ac_enable_anon
Heartbeat support: $ac_enable_heartbeat
IDNA support: $idna_support
Self checks: $enable_self_checks
Non-SuiteB curves: $enable_non_suiteb
FIPS140 mode: $enable_fips
])
......
......@@ -84,7 +84,8 @@ COBJECTS = range.c record.c compress.c debug.c cipher.c \
system_override.c crypto-backend.c verify-tofu.c pin.c tpm.c fips.c \
safe-memfuncs.c system/inet_pton.c atfork.c atfork.h randomart.c \
system-keys.h urls.c urls.h prf.c auto-verify.c dh-session.c \
cert-session.c handshake-checks.c dtls-sw.c dh-primes.c openpgp_compat.c
cert-session.c handshake-checks.c dtls-sw.c dh-primes.c openpgp_compat.c \
crypto-selftests.c crypto-selftests-pk.c
if WINDOWS
COBJECTS += system/keys-win.c
......@@ -92,9 +93,6 @@ else
COBJECTS += system/keys-dummy.c
endif
if ENABLE_SELF_CHECKS
COBJECTS += crypto-selftests.c crypto-selftests-pk.c
endif
if ENABLE_PKCS11
COBJECTS += pkcs11.c pkcs11x.c pkcs11_privkey.c pkcs11_write.c pkcs11_secret.c \
......
......@@ -27,9 +27,6 @@
/* Self checking functions */
/* The functions are not part of the main API, and are conditionally
* enabled. */
int gnutls_cipher_self_test(unsigned all, gnutls_cipher_algorithm_t cipher);
int gnutls_mac_self_test(unsigned all, gnutls_mac_algorithm_t mac);
int gnutls_digest_self_test(unsigned all, gnutls_digest_algorithm_t digest);
......
......@@ -34,13 +34,8 @@ LDADD = ../libutils.la \
../../gl/libgnu.la \
$(top_builddir)/lib/libgnutls.la $(LIBSOCKET)
if !ENABLE_SELF_CHECKS
cipher_test_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) -I$(top_builddir)/lib/
cipher_override2_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) -I$(top_builddir)/lib/
else
cipher_test_CPPFLAGS = $(AM_CPPFLAGS)
cipher_override2_CPPFLAGS = $(AM_CPPFLAGS)
endif
ctests = gendh
......
......@@ -28,11 +28,6 @@ static void tls_log_func(int level, const char *str)
fprintf(stderr, "<%d>| %s", level, str);
}
#ifndef ENABLE_SELF_CHECKS
# define AVOID_INTERNALS
# include "../../lib/crypto-selftests.c"
#endif
struct myaes_ctx {
struct aes_ctx aes;
unsigned char iv[16];
......
......@@ -16,11 +16,6 @@ static void tls_log_func(int level, const char *str)
fprintf(stderr, "<%d>| %s", level, str);
}
#ifndef ENABLE_SELF_CHECKS
# define AVOID_INTERNALS
# include "../../lib/crypto-selftests.c"
#endif
struct myaes_ctx {
unsigned char iv[16];
};
......
......@@ -32,12 +32,6 @@ static void tls_log_func(int level, const char *str)
fprintf(stderr, "<%d>| %s", level, str);
}
#ifndef ENABLE_SELF_CHECKS
# define AVOID_INTERNALS
# include "../../lib/crypto-selftests.c"
# include "../../lib/crypto-selftests-pk.c"
#endif
int main(int argc, char **argv)
{
gnutls_global_set_log_function(tls_log_func);
......
......@@ -29,11 +29,6 @@ static void tls_log_func(int level, const char *str)
fprintf(stderr, "<%d>| %s", level, str);
}
#ifndef ENABLE_SELF_CHECKS
# define AVOID_INTERNALS
# include "../../lib/crypto-selftests.c"
#endif
struct myhash_ctx {
struct sha1_ctx sha1;
};
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment