diff options
| author | Andrey Marochko <andreyma@microsoft.com> | 2020-12-09 12:36:43 -0800 |
|---|---|---|
| committer | Andrey Marochko <andreyma@microsoft.com> | 2020-12-09 12:36:43 -0800 |
| commit | f640b4bdb3a0fe944628e9f7df1362e2b9aa647d (patch) | |
| tree | 731705db809be3aee51e4f657a58858ac4aac187 | |
| parent | 411239d6a4b3649fc63d4b14f3ce2c95c27e19d8 (diff) | |
| download | ms-tpm-20-ref-f640b4bdb3a0fe944628e9f7df1362e2b9aa647d.tar.gz | |
https://github.com/microsoft/ms-tpm-20-ref/issues/50: Disabled SM algorithms in TpmProfile.h by default, and updated Readme.md.
| -rw-r--r-- | README.md | 11 | ||||
| -rw-r--r-- | TPMCmd/tpm/include/TpmProfile.h | 6 |
2 files changed, 7 insertions, 10 deletions
@@ -8,9 +8,9 @@ See the definition of the `SPEC_VERSION`, `SPEC_YEAR` and `SPEC_DAY_OF_YEAR` val The reference implementation can be directly used via the [TPM 2.0 simulator](TPMCmd/Simulator) that emulates a TPM 2.0 device and can be accessed via a custom TCP based protocol. The simplest way to work with the simulator is to use a [TSS library](https://github.com/Microsoft/TSS.MSR) for the programming language of your choice - C#/.Net, C++, Java, Python, JavaScript/Node.js are currently supported. The C language TSS implementing the TCG's TSS API specifiaction is available [here](https://github.com/tpm2-software/tpm2-tss).
-## Visual Studio build ##
+## Windows build ##
-Before building the Visual Studio solution:
+Windows build is implemented as a Visual Studio 2017 solution. Before building it:
* Setup one or both of the following underlying cryptographic libraries:
@@ -24,7 +24,7 @@ Before building the Visual Studio solution: 2. Create `TPMCmd/OsslInclude/openssl` folder and copy there the contents of the `openssl/include/openssl` folder in the OpenSSL source tree used to build the OpenSSL library.
- If you do not disable SM{2,3,4} algorithms support either while building OpenSSL or in the simulator (see the Linux section below), the build may fail because of missing SM{2,3,4}.h headers, which is the result of an apparent bug/misconfiguration in the OpenSSL build tree/scrips. In this case you may also need to copy over the SM{2,3,4}.h headers from OpenSSL’s `include/crypt` folder.
+ If you enable SM{2,3,4} algorithms in `TpmProfile.h`, the build may fail because of missing `SM{2,3,4}.h` headers. In this case you will need to manually copy them over from OpenSSL’s `include/crypt` folder.
3. Build the solution with either Debug or Release as the active configuration.
@@ -49,7 +49,4 @@ Follows the common `./bootstrap && ./configure && make` convention. Note that autotools scripts require the following prerequisite packages: `autoconf-archive`, `pkg-config`, and sometimes `build-essential` and `automake`. Their absence is not automatically detected. The build also needs `gcc` and `libssl-dev` packages.
-In some Linux configurations linking may fail because of SM{2,3,4} routines missing in the the OpenSSL library. This is a bug in the OpenSSL configuration, as it is supposed to support SM algs since its initial 1.1.1 revision, and when it is built without them, its `opensslconf.h` has to define OPENSSL_NO_SM{2,3,4} macros. However, these macros are (or were) not defined in many official OpenSSL packages (such as libssl-dev). If you have this issue then several options exist:
-- Disable SM algorithms in `TpmProfile.h` (set `ALG_SM2`, `ALG_SM3_256`, `ALG_SM4` to `ALG_NO`);
-- Manually define `OPENSSL_NO_SM2`, `OPENSSL_NO_SM3`, `OPENSSL_NO_SM4` in `opensslconf.h`;
-- Use a custom buit OpenSSL library.
+Similarly to the Windows build, if you enable SM{2,3,4} algorithms in `TpmProfile.h`, the build may fail because of missing `SM{2,3,4}.h` headers. In this case you will need to manually copy them over from OpenSSL’s `include/crypt` folder.
diff --git a/TPMCmd/tpm/include/TpmProfile.h b/TPMCmd/tpm/include/TpmProfile.h index 077f1f8..b8cfe41 100644 --- a/TPMCmd/tpm/include/TpmProfile.h +++ b/TPMCmd/tpm/include/TpmProfile.h @@ -343,13 +343,13 @@ #define ALG_SHA512 ALG_NO
#endif
#ifndef ALG_SM2
-#define ALG_SM2 (ALG_YES && ALG_ECC)
+#define ALG_SM2 (ALG_NO && ALG_ECC)
#endif
#ifndef ALG_SM3_256
-#define ALG_SM3_256 ALG_YES
+#define ALG_SM3_256 ALG_NO
#endif
#ifndef ALG_SM4
-#define ALG_SM4 ALG_YES
+#define ALG_SM4 ALG_NO
#endif
#ifndef ALG_SYMCIPHER
#define ALG_SYMCIPHER ALG_YES
|