lib: unconditionally enable the self-check functions

These functions were previously made available only in FIPS140-2 mode. Enabling them unconditionally allows applications to directly utilize that functionality for testing the gnutls library. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

lib: unconditionally enable the self-check functions
These functions were previously made available only in FIPS140-2 mode. Enabling them unconditionally allows applications to directly utilize that functionality for testing the gnutls library. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1f246c38 · Nikos Mavrogiannopoulos · Nikos Mavrogiannopoulos · 96476f5d · 1f246c38 · 1f246c38
Commit 1f246c38 authored Mar 12, 2017 by Nikos Mavrogiannopoulos Committed by Nikos Mavrogiannopoulos Mar 13, 2017
--- a/configure.ac
+++ b/configure.ac
@@ -431,20 +431,14 @@ LT_INIT([disable-static,win32-dll,shared])



-AC_ARG_ENABLE(self-checks,
-  AS_HELP_STRING([--enable-self-checks], [enable self checking functionality]),
-    enable_self_checks=$enableval, enable_self_checks=no)
-
 AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])

 AC_ARG_ENABLE(fips140-mode,
-  AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode (implies self checks)]),
+  AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode]),
    enable_fips=$enableval, enable_fips=no)
 AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes")
 if [ test "$enable_fips" = "yes" ];then
  if test "x$HAVE_LIBDL" = "xyes";then
-    enable_self_checks=yes
-
    AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode])
    AC_SUBST([FIPS140_LIBS], $LIBDL)
    AC_ARG_WITH(fips140-key, AS_HELP_STRING([--with-fips140-key],
@@ -550,11 +544,6 @@ if test "$enable_non_suiteb" = "yes";then
 fi
 AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes")

-AM_CONDITIONAL(ENABLE_SELF_CHECKS, test "$enable_self_checks" = "yes")
-if [ test "$enable_self_checks" = "yes" ];then
-   AC_DEFINE([ENABLE_SELF_CHECKS], 1, [Self checks are included in the library])
-fi
-
 AC_MSG_CHECKING([whether to build libdane])
 AC_ARG_ENABLE(libdane,
    AS_HELP_STRING([--disable-libdane],
@@ -1066,7 +1055,6 @@ if features are disabled)
  Anon auth support:    $ac_enable_anon
  Heartbeat support:    $ac_enable_heartbeat
  IDNA support:         $idna_support
-  Self checks:          $enable_self_checks
  Non-SuiteB curves:    $enable_non_suiteb
  FIPS140 mode:         $enable_fips
 ])

--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -84,7 +84,8 @@ COBJECTS = range.c record.c compress.c debug.c cipher.c			\
 	system_override.c crypto-backend.c verify-tofu.c pin.c tpm.c fips.c	\
 	safe-memfuncs.c system/inet_pton.c atfork.c atfork.h randomart.c \
 	system-keys.h urls.c urls.h prf.c auto-verify.c dh-session.c \
-	cert-session.c handshake-checks.c dtls-sw.c dh-primes.c openpgp_compat.c
+	cert-session.c handshake-checks.c dtls-sw.c dh-primes.c openpgp_compat.c \
+	crypto-selftests.c crypto-selftests-pk.c

 if WINDOWS
 COBJECTS += system/keys-win.c
@@ -92,9 +93,6 @@ else
 COBJECTS += system/keys-dummy.c
 endif

-if ENABLE_SELF_CHECKS
-COBJECTS += crypto-selftests.c crypto-selftests-pk.c
-endif

 if ENABLE_PKCS11
 COBJECTS += pkcs11.c pkcs11x.c pkcs11_privkey.c pkcs11_write.c pkcs11_secret.c \

--- a/lib/includes/gnutls/self-test.h
+++ b/lib/includes/gnutls/self-test.h
@@ -27,9 +27,6 @@

 /* Self checking functions */
 
- /* The functions are not part of the main API, and are conditionally
-  * enabled. */
-
 int gnutls_cipher_self_test(unsigned all, gnutls_cipher_algorithm_t cipher);
 int gnutls_mac_self_test(unsigned all, gnutls_mac_algorithm_t mac);
 int gnutls_digest_self_test(unsigned all, gnutls_digest_algorithm_t digest);

--- a/tests/slow/Makefile.am
+++ b/tests/slow/Makefile.am
@@ -34,13 +34,8 @@ LDADD = ../libutils.la \
 	../../gl/libgnu.la \
 	$(top_builddir)/lib/libgnutls.la $(LIBSOCKET)

-if !ENABLE_SELF_CHECKS
-cipher_test_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) -I$(top_builddir)/lib/
-cipher_override2_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) -I$(top_builddir)/lib/
-else
 cipher_test_CPPFLAGS = $(AM_CPPFLAGS)
 cipher_override2_CPPFLAGS = $(AM_CPPFLAGS)
-endif

 ctests = gendh


--- a/tests/slow/cipher-override.c
+++ b/tests/slow/cipher-override.c
@@ -28,11 +28,6 @@ static void tls_log_func(int level, const char *str)
 	fprintf(stderr, "<%d>| %s", level, str);
 }

-#ifndef ENABLE_SELF_CHECKS
-# define AVOID_INTERNALS
-# include "../../lib/crypto-selftests.c"
-#endif
-
 struct myaes_ctx {
 	struct aes_ctx aes;
 	unsigned char iv[16];

--- a/tests/slow/cipher-override2.c
+++ b/tests/slow/cipher-override2.c
@@ -16,11 +16,6 @@ static void tls_log_func(int level, const char *str)
 	fprintf(stderr, "<%d>| %s", level, str);
 }

-#ifndef ENABLE_SELF_CHECKS
-# define AVOID_INTERNALS
-# include "../../lib/crypto-selftests.c"
-#endif
-
 struct myaes_ctx {
 	unsigned char iv[16];
 };

--- a/tests/slow/cipher-test.c
+++ b/tests/slow/cipher-test.c
@@ -32,12 +32,6 @@ static void tls_log_func(int level, const char *str)
 	fprintf(stderr, "<%d>| %s", level, str);
 }

-#ifndef ENABLE_SELF_CHECKS
-# define AVOID_INTERNALS
-# include "../../lib/crypto-selftests.c"
-# include "../../lib/crypto-selftests-pk.c"
-#endif
-
 int main(int argc, char **argv)
 {
 	gnutls_global_set_log_function(tls_log_func);

--- a/tests/slow/mac-override.c
+++ b/tests/slow/mac-override.c
@@ -29,11 +29,6 @@ static void tls_log_func(int level, const char *str)
 	fprintf(stderr, "<%d>| %s", level, str);
 }

-#ifndef ENABLE_SELF_CHECKS
-# define AVOID_INTERNALS
-# include "../../lib/crypto-selftests.c"
-#endif
-
 struct myhash_ctx {
 	struct sha1_ctx sha1;
 };