Age | Commit message (Collapse) | Author |
|
Instead of forcing CC to be clang it's better to
check and error out if it is not, and fuzzing is enabled.
This reverts commit 55eba78b399fe470035ac5da18a0768ea3722b71.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
… so that Makefile is not generated, if ./configure aborts with an error.
Signed-Off-By: Дилян Палаузов <git-dpa@aegee.org>
|
|
In all Autoconf projects is expected that:
• calling “./configure” implies passing -O2 -g to the compiler, while
• calling “CFLAGS=–flto ./configure” implies passing -flto to the compiler
but omiting “-O2 -g”.
This patch restores the expected behaviour.
Signed-Off-By: Дилян Палаузов <git-dpa@aegee.org>
|
|
Signed-Off-By: Дилян Палаузов <git-dpa@aegee.org>
|
|
Signed-Off-By: Дилян Палаузов <git-dpa@aegee.org>
|
|
default
Users assume, unless otherwise stated, that for each ./configure feature
there are two states. Printing --enable-X on ./configure --help implies
that the feature is disabled by default.
Signed-Off-By: Дилян Палаузов <git-dpa@aegee.org>
|
|
Signed-Off-By: Дилян Палаузов <git-dpa@aegee.org>
|
|
For AC_ARG_ENABLE/AC_ARG_WITH the default ACTION-IF-FOUND is to set
$enable_feature to $enableval. This does not have to be done explicitly.
After applying this change, the differences between the old and new configure
look so:
--- /old/configure 2019-03-08 13:06:18.842421251 +0000
+++ /new/configure 2019-03-08 13:29:32.808020085 +0000
@@ -15943,7 +15943,7 @@
# Check whether --enable-unit was given.
if test "${enable_unit+set}" = set; then :
- enableval=$enable_unit; enable_unit=$enableval
+ enableval=$enable_unit;
else
enable_unit=no
fi
@@…
Signed-Off-By: Дилян Палаузов <git-dpa@aegee.org>
|
|
For features/options enabled by default, the output of “./configure --help”
shall state, how to disable them, not how to enable them.
Printing --disable-X implies, that by default feature X is enabled.
Signed-Off-By: Дилян Палаузов <git-dpa@aegee.org>
|
|
* The flag -fsanitize=fuzzer-no-link is required per clang's
documentation. However, the link stage -fsanitize=address (and others)
seem to provide the same effect.
* The flag -fsanitize=fuzzer-no-link when combined with building under
Google's OSS-Fuzz with AFL as the fuzzing engine, results in discarded
.text sections, breaking the build during linking.
Signed-off-by: John Andersen <john.s.andersen@intel.com>
|
|
Core Infrastructure best practices require usage of strong
cryptographic algorithms only. To comply with this requirement
we need to have a way to disable usage of algorithms that are
considered weak. The disable mechanism will validate the
TPM2_PUBLIC template of an object and will not allow
to create or load object which the public template will
contain references to the not allowed algorithms.
Additionally it will validate the nameAlg of inPublic and
NV_PUBLIC, hashAlg of the different signing schemes, and
hashAlg of PCR selection for relevant commands.
Algorithms that will be disabled by this are as follows:
- RSA with key size < 2048 bits
- Symmetric ciphers with key size < 128 bits
- SHA1
The new configure flag is called --disable-weakcrypto
Fixes: #1223
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
Make sure that GEN_FUZZ variable is set to one if with_fuzzing
is enabled.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
Fuzzing is clang only so set CC to be clang.
This has an effect only if CC is not set manually to something elase,
For instance to gcc.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
* Added python script gen_fuzz.py which reads include/tss2/tss2_sys.h
and generates a fuzz target for all _Prepare and _Complete calls. It
also generates Makefile-fuzz-generated.am for building each fuzz test.
* Modified Makefile-fuzz.am to include Makefile-fuzz-generated.am
* Added test/fuzz/main-sapi.cpp which defines a libfuzzer target used to
fuzz SAPI calls.
Signed-off-by: John Andersen <john.s.andersen@intel.com>
|
|
* Created a test/fuzz/tcti/ directory which contains a TCTI to be used
for fuzz testing.
* Added ifdefs to sapi helpers and test-options in integration tests to
enable static linking to a single TCTI.
* Added configure.ac options to build fuzzing TCTI.
* Added Makefile-fuzz.am used to build fuzzing TCTI.
Signed-off-by: John Andersen <john.s.andersen@intel.com>
|
|
By adding these two autoconf-archive macros we can easily enable
valgrind checks for our unit and integration tests.
If valgrind is installed on the system during configure, a few new make
targets are added automatically
make check-valgrind
make check-valgrind-<toolname>
Normal testflow is not altered by these new targets.
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
|
|
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
This way the flag is included in the config.h file
instead of being passed in the compile command line,
and it makes it consistent with all the other configure
flags.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
This has number of benefits as described in the GNU autoconf manual.
See the manual for details.
Fixes: #1232
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
Since #1238 landed I'm seeing:
$ ./bootstrap -I /usr/share/gnulib/m4/
Generating file lists: src_vars.mk
automake: error: cannot open < aminclude_static.am: No such file or directory
autoreconf: automake failed with exit status: 1
This is because Automake supports an include directive[1] while generating
the Makefile. The preprocessing step of running automake over the
Makefile.am is trying to include the file (regardless of the conditional,
because this isn't make which is running) and dies because the
aminclude_static.am doesn't exist.
Therefore call AX_ADD_AM_MACRO_STATIC with an empty argument in
configure.ac to ensure the file is always present.
Thanks to Jonas Witschel for the pointer to AX_ADD_AM_MACRO_STATIC
Fixes #1255
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
@CODE_COVERAGE_RULES@ doesn't exist any more and needs to be replaced.
Also includes a compatibility switch for older versions of the file.
Signed-off-by: Jonas Witschel <diabonas@gmx.de>
|
|
If the daemon is killed before the buffer is flushed, the log file
can be incomplete.
Signed-off-by: Jonas Witschel <diabonas@gmx.de>
|
|
netstat is deprecated in favour of ss, see the netstat man page.
Signed-off-by: Jonas Witschel <diabonas@gmx.de>
|
|
Enable signed integer overflow detection since signed integer
overflow is undefined.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
|
|
This enables partial reads in tcti-device.
The feature has dependecy on the same being enable in the driver
so it is disabled by default. It can be enabled by a new configure
time option --enable-tcti-partial-reads=yes
By enabling this the Tss_ExecuteFinish function will call
Tss2_Tcti_Receive() twice. First with a NULL receive buffer, which
will cause the TCTI device to read only 10 bytes response header,
and return the actuall response size. Then the second call to
Tss2_Tcti_Receive() will read the remaining of the response.
NOTE: If this feature is not enabled in the driver then the first
read will cause the response by dropped after the first read and
the subsequent read will cause the connection to be closed and an
IO error returned.
Fixes: #1102
The driver support for partial reads has been added with commit:
8f82ffbc5b0b5e9a4546a2c8ab3366758ef76c62
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
Signed-off-by: Philip Tricca <philip.b.tricca@intel.com>
|
|
Fixes #1204
Signed-off-by: Jonas Witschel <diabonas@gmx.de>
|
|
Previously, the output directory was specified in Doxyfile.in as
"doc", while in configure.ac it was given as "doc/doxygen". This
commit sets it to "doxygen-doc" in both files.
Signed-off-by: Jonas Witschel <diabonas@gmx.de>
|
|
The preprocessor, compiler, and linker flags that we chose as the
default were chosen for a reason. But we can't possibly know that they
make sense for every possible user or environment. This commit adds a
new flag to the configure script that allows users to disable / omit
all of these flags if they choose to (--disable-defaultflags).
Signed-off-by: Philip Tricca <philip.b.tricca@intel.com>
|
|
Fixes: #1179
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
Signed-off-by: Philip Tricca <philip.b.tricca@intel.com>
|
|
QNX-specific quirks:
* Certain "netdb.h" API is only available if __EXT_POSIX1_200112 is
defined. __EXT_POSIX1_200112 is defined if "_QNX_SOURCE" is set.
http://www.qnx.com/developers/docs/7.0.0/#com.qnx.doc.neutrino.prog/topic/devel_ConformingToStandards.html
* Socket api is provided through separate library called "libsocket".
* Dynamic-library API (e.g. dl_open) is a part of libc. There is no
"libdl".
Makefile.am: Replaced hard-coded LDFLAGS, "-ldl" and "-lsocket"
with variables, LIBDL_LDFLAGS, and LIBSOCKET_LDFLAGS.
configure.ac: Added "$host_os" case statement to detect QNX targets
and modify CFLAGS and set the XXX_LDFLAGS as required.
tss2_tcti.h: Added "__QNXNTO__" to the list of OS-specific flags.
Signed-off-by: Safayet Ahmed <safayet.ahmed@ge.com>
|
|
This fixes a bug introduced in 3980bad87fe18ad9d32914e9d21dba145eba973f.
That patch references the documentation for AC_PROG_CC but it misread
the recommended workaround. The leading colon (aka `:`) in the
documentation is significant.
The `:` is a shell 'builtin' command that is equivalent to invoking the
'true' command. By placing the conditional substitution of the CFLAGS
after this, the result of the substitution will be ignored and the
script won't fail. Without this the contents of the CFLAGS variable set
in the environment will be interpreted as a command and since they're
not commands the configure script will abort.
Signed-off-by: Philip Tricca <flihp@twobit.org>
|
|
No functional changes in this commit, just using more of the available
tools to save a few characters.
Signed-off-by: Philip Tricca <flihp@twobit.org>
|
|
The 'AX_' prefix is the namespace for the autoconf archive macros. We
shouldn't be using a namespace belonging to another project.
Signed-off-by: Philip Tricca <flihp@twobit.org>
|
|
Switch the default ESAPI crypto backend to openSSL.
This should also fix the problem with forcing applications to
link against libgcrypt.
Fixes: #1169
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
* The misleading help string for --disable-esapi is deleted.
* --disable-FEATURE explained in the help output already describes how to
deactivate ESAPI.
Signed-off-by: Juergen Repp <Juergen.Repp@sit.fraunhofer.de>
|
|
Pass the default tcti module and config as
strings into C.
Signed-off-by: Andreas Fuchs <andreas.fuchs@sit.fraunhofer.de>
|
|
Enable non-blocking mode on tcti-device. This new feature
requires the TPM driver to support asynchronous mode of operation.
(As of kernel v3.18 the driver doesn't support it)
It is therefor configure time enabled by a new flag called
enable-tcti-device-async (off by default)
There are two places where the new flag changes the behavior:
1. In tcti_device_get_poll_handles(), where if the flag is enabled,
the function will populate handles with the tcti_dev->fd,
set num_handles to 1, and return TSS2_RC_SUCCESS.
If the flag is not enabled the function returns
TSS2_TCTI_RC_NOT_IMPLEMENTED.
2. In tcti_device_receive(), where if the flag is not enabled
the only acceptable timeout value is TSS2_TCTI_TIMEOUT_BLOCK,
to enforce synchronous mode. If the flag is enabled the valid
timeout values are: -1 to block forever, 0 for nonblocking,
and any positive value as the actual timeout value in milliseconds.
The device interface will always be open in non-blocking mode
as the flag is ignored by the driver and invoking poll() currently
always returns with the POLLIN flag set.
When this feature will be supported by the driver and the
enable-tcti-device-async flag is not enabled the behavior
doesn't change because it it enforced to be synchronous
in tcti_device_get_poll_handles(), but if the flag is enabled
it will enable the asynchronous behavior of the tcti-device module.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
There is a typo in AS_HELP_STRING for --with-ptpm.
One parenthesis is in wrong place.
While fixing that also clean up two white space issues,
which are not worth a separate commit.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
* To enable tests with a physical TPM the configure options:
--with-ptpm=[device]
--with-ptpmtests=[test cases]
were added. To compile the integration tests --enable-integration has
to be used. The test cases are a comma separated list of:
mandatory, optional and destructive. The default is mandatory.
To avoid parallel usage of the TPM the tests should be executed with:
make check-ptpm
or with:
make check -j 1.
The compiled integration tests for a simulator test can be used for
tests with a physical TPM without re-compilation.
* A second int_log compiler script was added to execute these tests.
* Split policy regression tests into two parts. Optional commands are
moved to the test policy-regression-opt.
* The test policy-ticket will return success if the PolicyTicket command
is not available, but all other commands in this tests were
successful.
* Exponent 0 will be used in the ESAPI integration tests.
Exponent 65537 for RSA keys is optional in TPM spec while exponent
is mandatory:
A TPM compatible with this specification and supporting RSA shall
support two primes and an exponent of zero. Support for other values
is optional. (Spec Part2 12.2.3.5 TPMS_RSA_PARMS).
* The check whether optional commands are available are adapted for the
usage with a resource manager TPM.
Signed-off-by: Juergen Repp <Juergen.Repp@sit.fraunhofer.de>
|
|
Fixes: #1101
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
This is an exhaustive check for all executables required by the
int-log-compiler.sh script. We only omit shell built-ins.
Signed-off-by: Philip Tricca <philip.b.tricca@intel.com>
|
|
As we implement more checks for required programs (generally used by the
test harness) we're going to end up with a long list of repetative uses of
the AC_CHECK_PROG, AS_IF, AC_MSG_ERROR macros. For the sake of sanity
and efficiency we can keep this from getting unmanageable by using a
simple macro.
Since there isn't a clear place where this macro should live this commit
adds a new file called 'misc.m4' to the 'm4/' directory.
Signed-off-by: Philip Tricca <philip.b.tricca@intel.com>
|
|
* The crypto backend can be selected with the option
--with-crypto={ossl,gcrypt}.The default is gcrypt.
* Only the crypto provider independent code will remain in esys_crypto.{c,h}
The provider dependent code can be found in:
esys_crypto_{ossl,cgrypt}.{c,h}
* The provider dependent source files are removed from the lists
generated in the bootstrap script and are added explicitly
to the makefile variables in Makefile.am
Signed-off-by: Juergen Repp <Juergen.Repp@sit.fraunhofer.de>
|
|
Signed-off-by: Philip Tricca <philip.b.tricca@intel.com>
|
|
Signed-off-by: Philip Tricca <philip.b.tricca@intel.com>
|
|
Signed-off-by: Philip Tricca <philip.b.tricca@intel.com>
|