2008-03-06 16:06:59 +00:00
dnl -*- mode: m4; -*-
2021-03-30 02:21:23 +00:00
AC_PREREQ(2.68)
2008-03-06 16:06:59 +00:00
2014-04-29 14:56:15 +00:00
define([PRODUCT_NAME], [OpenSC])
define([PRODUCT_TARNAME], [opensc])
2015-09-14 20:11:49 +00:00
define([PRODUCT_BUGREPORT], [https://github.com/OpenSC/OpenSC/issues])
2018-05-13 11:33:57 +00:00
define([PRODUCT_URL], [https://github.com/OpenSC/OpenSC])
2008-03-06 16:06:59 +00:00
define([PACKAGE_VERSION_MAJOR], [0])
2021-04-06 11:42:50 +00:00
define([PACKAGE_VERSION_MINOR], [22])
2014-05-31 18:02:42 +00:00
define([PACKAGE_VERSION_FIX], [0])
2021-08-09 19:16:08 +00:00
define([PACKAGE_SUFFIX], [])
2008-03-06 16:06:59 +00:00
2014-04-29 14:56:15 +00:00
define([VS_FF_LEGAL_COPYRIGHT], [OpenSC Project])
define([VS_FF_LEGAL_COMPANY_NAME], [OpenSC Project])
2015-09-14 20:11:49 +00:00
define([VS_FF_LEGAL_COMPANY_URL], [https://github.com/OpenSC])
2014-04-29 14:56:15 +00:00
define([VS_FF_COMMENTS], [Provided under the terms of the GNU Lesser General Public License (LGPLv2.1+).])
define([VS_FF_PRODUCT_NAME], [OpenSC smartcard framework])
2015-09-14 20:11:49 +00:00
define([VS_FF_PRODUCT_UPDATES], [https://github.com/OpenSC/OpenSC/releases])
define([VS_FF_PRODUCT_URL], [https://github.com/OpenSC/OpenSC])
2014-04-29 14:56:15 +00:00
2014-05-05 06:46:29 +00:00
m4_sinclude(version.m4.ci)
2014-04-29 14:56:15 +00:00
2019-07-30 17:09:44 +00:00
m4_define([openssl_minimum_version], [1.0.1])
2018-05-13 11:33:57 +00:00
AC_INIT([PRODUCT_NAME],[PACKAGE_VERSION_MAJOR.PACKAGE_VERSION_MINOR.PACKAGE_VERSION_FIX[]PACKAGE_SUFFIX],[PRODUCT_BUGREPORT],[PRODUCT_TARNAME],[PRODUCT_URL])
2008-03-06 16:06:59 +00:00
AC_CONFIG_AUX_DIR([.])
2008-06-05 17:03:47 +00:00
AC_CONFIG_HEADERS([config.h])
2008-06-05 17:06:27 +00:00
AC_CONFIG_MACRO_DIR([m4])
2020-03-26 18:51:33 +00:00
AM_INIT_AUTOMAKE(foreign 1.10 [subdir-objects])
2008-03-06 16:06:59 +00:00
OPENSC_VERSION_MAJOR="PACKAGE_VERSION_MAJOR"
OPENSC_VERSION_MINOR="PACKAGE_VERSION_MINOR"
OPENSC_VERSION_FIX="PACKAGE_VERSION_FIX"
2014-04-29 14:56:15 +00:00
OPENSC_VS_FF_LEGAL_COPYRIGHT="VS_FF_LEGAL_COPYRIGHT"
OPENSC_VS_FF_COMPANY_NAME="VS_FF_LEGAL_COMPANY_NAME"
2015-09-14 20:11:49 +00:00
OPENSC_VS_FF_COMPANY_URL="VS_FF_LEGAL_COMPANY_URL"
2014-04-29 14:56:15 +00:00
OPENSC_VS_FF_COMMENTS="VS_FF_COMMENTS"
OPENSC_VS_FF_PRODUCT_NAME="VS_FF_PRODUCT_NAME"
2015-09-14 20:11:49 +00:00
OPENSC_VS_FF_PRODUCT_UPDATES="VS_FF_PRODUCT_UPDATES"
OPENSC_VS_FF_PRODUCT_URL="VS_FF_PRODUCT_URL"
2013-12-29 18:07:31 +00:00
2008-03-06 16:06:59 +00:00
# LT Version numbers, remember to change them just *before* a release.
# (Code changed: REVISION++)
2020-11-20 20:08:47 +00:00
# (Oldest interface changed/removed: OLDEST++)
2008-03-15 11:05:26 +00:00
# (Interfaces added: CURRENT++, REVISION=0)
2021-04-06 11:42:50 +00:00
OPENSC_LT_CURRENT="8"
2021-08-09 19:16:08 +00:00
OPENSC_LT_OLDEST="8"
2008-03-06 16:06:59 +00:00
OPENSC_LT_REVISION="0"
OPENSC_LT_AGE="0"
2008-03-15 11:05:26 +00:00
OPENSC_LT_AGE="$((${OPENSC_LT_CURRENT}-${OPENSC_LT_OLDEST}))"
2008-03-06 16:06:59 +00:00
AC_CONFIG_SRCDIR([src/libopensc/sc.c])
2011-06-30 09:42:31 +00:00
# silent build by default
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
2008-03-06 16:06:59 +00:00
AC_CANONICAL_HOST
AC_PROG_CC
2015-04-25 13:03:39 +00:00
# AC_PROG_CXX is needed to built the win32 custom action. Indeed dutil.h use [extern "C"] definition which fails on pure c compiler
AC_PROG_CXX
2017-02-07 14:45:10 +00:00
AC_PROG_OBJC
2008-03-06 16:06:59 +00:00
PKG_PROG_PKG_CONFIG
AC_C_BIGENDIAN
2014-02-02 17:49:57 +00:00
AC_ARG_ENABLE(
[optimization],
[AS_HELP_STRING([--disable-optimization],[disable compile optimization @<:@enabled@:>@])],
,
[enable_optimization="yes"]
)
2008-03-06 16:06:59 +00:00
AC_ARG_WITH(
[cygwin-native],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--with-cygwin-native],[compile native win32])],
2008-03-06 16:06:59 +00:00
,
[with_cygwin_native="no"]
)
2014-02-02 17:49:57 +00:00
if test "${enable_optimization}" = "no"; then
2020-04-20 19:04:09 +00:00
CFLAGS="${CFLAGS} -O0 -g"
2014-02-02 17:49:57 +00:00
fi
2008-03-06 16:06:59 +00:00
dnl Check for some target-specific stuff
test -z "${WIN32}" && WIN32="no"
test -z "${CYGWIN}" && CYGWIN="no"
2014-02-02 17:49:57 +00:00
2008-03-06 16:06:59 +00:00
case "${host}" in
*-*-solaris*)
CPPFLAGS="${CPPFLAGS} -I/usr/local/include"
LDFLAGS="${LDFLAGS} -L/usr/local/lib -R/usr/local/lib"
;;
2008-10-27 19:17:36 +00:00
*-mingw*|*-winnt*)
2008-03-06 16:06:59 +00:00
WIN32="yes"
CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
2008-03-15 11:05:26 +00:00
WIN_LIBPREFIX="lib"
2008-03-06 16:06:59 +00:00
;;
*-cygwin*)
AC_MSG_CHECKING([cygwin mode to use])
CYGWIN="yes"
if test "${with_cygwin_native}" = "yes"; then
AC_MSG_RESULT([Using native win32])
CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
CFLAGS="${CFLAGS} -mno-cygwin"
WIN32="yes"
else
AC_MSG_RESULT([Using cygwin])
2008-03-15 11:05:26 +00:00
WIN_LIBPREFIX="cyg"
2008-03-06 16:06:59 +00:00
AC_DEFINE([USE_CYGWIN], [1], [Define if you are on Cygwin])
fi
;;
esac
2012-06-04 07:26:56 +00:00
case "${host}" in
*-mingw*|*-winnt*|*-cygwin*)
2015-09-30 06:20:19 +00:00
DEBUG_FILE="%TEMP%\\\opensc-debug.log"
PROFILE_DIR_DEFAULT="obtained from windows registers"
PROFILE_DIR="\"\""
2012-06-04 07:26:56 +00:00
;;
*)
DEBUG_FILE="/tmp/opensc-debug.log"
2015-09-30 06:20:19 +00:00
PROFILE_DIR="\$(pkgdatadir)"
PROFILE_DIR_DEFAULT="\$(pkgdatadir)"
2012-06-04 07:26:56 +00:00
;;
esac
2017-03-14 19:39:29 +00:00
case "${host}" in
*-mingw*)
CPPFLAGS="${CPPFLAGS} -D__USE_MINGW_ANSI_STDIO=1"
;;
esac
2019-11-06 17:34:52 +00:00
AX_CODE_COVERAGE()
2021-05-05 12:27:05 +00:00
AX_CHECK_COMPILE_FLAG([-Wunknown-warning-option], [have_unknown_warning_option="yes"], [have_unknown_warning_option="no"])
2017-08-02 21:12:58 +00:00
AM_CONDITIONAL([HAVE_UNKNOWN_WARNING_OPTION], [test "${have_unknown_warning_option}" = "yes"])
2017-06-19 09:57:18 +00:00
2019-06-03 05:56:56 +00:00
AC_ARG_ENABLE(
[fuzzing],
2020-08-29 08:34:51 +00:00
[AS_HELP_STRING([--enable-fuzzing],[enable compile of fuzzing tests @<:@disabled@:>@, note that CFLAGS and FUZZING_LIBS should be set accordingly, e.g. to something like CFLAGS="-fsanitize=address,fuzzer" FUZZING_LIBS="-fsanitize=fuzzer"])],
2019-06-03 05:56:56 +00:00
,
[enable_fuzzing="no"]
)
2019-08-19 14:15:05 +00:00
AC_ARG_VAR([FUZZING_LIBS], [linker flags for fuzzing])
2008-03-06 16:06:59 +00:00
AC_ARG_ENABLE(
[strict],
2018-04-04 16:50:12 +00:00
[AS_HELP_STRING([--disable-strict],[disable strict compile mode @<:@enabled@:>@])],
2008-03-06 16:06:59 +00:00
,
2013-05-25 02:29:28 +00:00
[enable_strict="yes"]
2008-03-06 16:06:59 +00:00
)
AC_ARG_ENABLE(
[pedantic],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--enable-pedantic],[enable pedantic compile mode @<:@disabled@:>@])],
2008-03-06 16:06:59 +00:00
,
[enable_pedantic="no"]
)
2015-12-01 08:19:03 +00:00
AC_ARG_ENABLE(
[thread_locking],
[AS_HELP_STRING([--disable-thread-locking],[disable OS thread locking @<:@enabled@:>@])],
,
[enable_thread_locking="yes"]
)
2008-03-06 16:06:59 +00:00
AC_ARG_ENABLE(
[zlib],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--enable-zlib],[enable zlib linkage @<:@detect@:>@])],
2008-03-06 16:06:59 +00:00
,
[enable_zlib="detect"]
)
AC_ARG_ENABLE(
[readline],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--enable-readline],[enable readline linkage @<:@detect@:>@])],
2008-03-06 16:06:59 +00:00
,
[enable_readline="detect"]
)
AC_ARG_ENABLE(
[openssl],
2018-11-05 10:16:04 +00:00
[AS_HELP_STRING([--enable-openssl],[enable OpenSSL linkage @<:@detect@:>@])],
2008-03-06 16:06:59 +00:00
,
[enable_openssl="detect"]
)
2018-11-05 10:16:04 +00:00
AC_ARG_ENABLE([openssl-secure-malloc],
2021-03-30 02:21:23 +00:00
[AS_HELP_STRING([--openssl-secure-malloc=<SIZE_IN_BYTES>],
2018-11-05 10:16:04 +00:00
[Enable OpenSSL secure memory by specifying its size in bytes, must be a power of 2 @<:@disabled@:>@])],
[], [enable_openssl_secure_malloc=no])
AS_IF([test $enable_openssl_secure_malloc != no],
[AC_DEFINE_UNQUOTED([OPENSSL_SECURE_MALLOC_SIZE],[$enable_openssl_secure_malloc],[Size of OpenSSL secure memory in bytes, must be a power of 2])])
2015-11-06 07:24:16 +00:00
AC_ARG_ENABLE(
[openpace],
[AS_HELP_STRING([--enable-openpace],[enable OpenPACE linkage @<:@detect@:>@])],
,
[enable_openpace="detect"]
)
2008-03-06 16:06:59 +00:00
AC_ARG_ENABLE(
[openct],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--enable-openct],[enable openct linkage @<:@disabled@:>@])],
2008-03-06 16:06:59 +00:00
,
[enable_openct="no"]
)
AC_ARG_ENABLE(
[pcsc],
2009-11-05 18:27:56 +00:00
[AS_HELP_STRING([--disable-pcsc],[disable pcsc support @<:@enabled@:>@])],
2008-03-06 16:06:59 +00:00
,
2009-11-05 18:27:56 +00:00
[enable_pcsc="yes"]
2008-03-06 16:06:59 +00:00
)
2017-02-07 14:45:10 +00:00
AC_ARG_ENABLE(
[cryptotokenkit],
[AS_HELP_STRING([--disable-cryptotokenkit],[disable CryptoTokenKit support @<:@enabled@:>@])],
,
[enable_cryptotokenkit="no"]
)
2009-11-15 18:03:04 +00:00
AC_ARG_ENABLE(
[ctapi],
[AS_HELP_STRING([--enable-ctapi],[enable CT-API support @<:@disabled@:>@])],
,
[enable_ctapi="no"]
)
2010-02-05 21:39:28 +00:00
AC_ARG_ENABLE(
2011-04-12 07:40:12 +00:00
[minidriver],
[AS_HELP_STRING([--enable-minidriver],[enable minidriver on Windows @<:@disabled@:>@])],
2010-02-05 21:39:28 +00:00
,
2011-04-12 07:40:12 +00:00
[enable_minidriver="no"]
2010-02-05 21:39:28 +00:00
)
2012-06-04 07:26:56 +00:00
AC_ARG_ENABLE(
[sm],
2014-05-05 07:03:28 +00:00
[AS_HELP_STRING([--disable-sm],[disable secure messaging support and SM modules @<:@enabled@:>@])],
2012-06-04 07:26:56 +00:00
,
2014-05-05 07:03:28 +00:00
[enable_sm="yes"]
2012-06-04 07:26:56 +00:00
)
2008-03-06 16:06:59 +00:00
AC_ARG_ENABLE(
[man],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--disable-man],[disable installation of manuals @<:@enabled for none Windows@:>@])],
2008-03-06 16:06:59 +00:00
,
2010-10-05 20:34:58 +00:00
[enable_man="detect"]
2008-03-06 16:06:59 +00:00
)
AC_ARG_ENABLE(
[doc],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--enable-doc],[enable installation of documents @<:@disabled@:>@])],
2008-03-06 16:06:59 +00:00
,
[enable_doc="no"]
)
2013-06-13 15:12:07 +00:00
AC_ARG_ENABLE(
[dnie-ui],
[AS_HELP_STRING([--enable-dnie-ui],[enable use of external user interface program to request DNIe pin@<:@disabled@:>@])],
,
[enable_dnie_ui="no"]
)
2017-05-24 10:46:42 +00:00
AC_ARG_ENABLE(
[notify],
[AS_HELP_STRING([--enable-notify],[enable notifications @<:@detect@:>@])],
,
[enable_notify="detect"]
)
2019-03-18 22:08:58 +00:00
AC_ARG_ENABLE(
[autostart-items],
[AS_HELP_STRING([--enable-autostart-items],[enable autostart items @<:@enabled@:>@])],
,
[enable_autostart="yes"]
)
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
AC_ARG_ENABLE(
2019-06-03 05:56:56 +00:00
[cmocka],
[AS_HELP_STRING([--enable-cmocka],[Build tests in src/tests/p11test directory @<:@detect@:>@])],
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
,
2019-06-03 05:56:56 +00:00
[enable_cmocka="detect"]
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
)
2008-03-06 16:06:59 +00:00
AC_ARG_WITH(
2008-03-24 16:05:31 +00:00
[xsl-stylesheetsdir],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--with-xsl-stylesheetsdir=PATH],[docbook xsl-stylesheets for svn build @<:@detect@:>@])],
2008-03-06 16:06:59 +00:00
[xslstylesheetsdir="${withval}"],
[xslstylesheetsdir="detect"]
)
2018-07-11 19:55:05 +00:00
AC_ARG_WITH(
[completiondir],
[AS_HELP_STRING([--with-completiondir=PATH],[Directory of Bash completion @<:@detect@:>@])],
[completiondir="${withval}"],
[completiondir="detect"]
)
2008-04-01 20:10:43 +00:00
AC_ARG_WITH(
[pcsc-provider],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--with-pcsc-provider=PATH],[Path to system pcsc provider @<:@system default@:>@])],
2008-04-01 20:10:43 +00:00
,
[with_pcsc_provider="detect"]
)
2014-12-19 21:12:25 +00:00
AC_ARG_WITH(
[pkcs11-provider],
[AS_HELP_STRING([--with-pkcs11-provider=PATH],[Path to the default PKCS11 provider @<:@default=OpenSC@:>@])],
,
[with_pkcs11_provider="detect"]
)
2016-06-03 09:06:14 +00:00
2010-09-11 13:00:47 +00:00
dnl ./configure check
reader_count=""
2017-02-07 14:45:10 +00:00
for rdriver in "${enable_pcsc}" "${enable_cryptotokenkit}" "${enable_openct}" "${enable_ctapi}"; do
2010-09-11 13:00:47 +00:00
test "${rdriver}" = "yes" && reader_count="${reader_count}x"
done
if test "${reader_count}" != "x"; then
2017-02-07 14:45:10 +00:00
AC_MSG_ERROR([Only one of --enable-pcsc, --enable-cryptotokenkit, --enable-openct, --enable-ctapi can be specified!])
2010-09-11 13:00:47 +00:00
fi
2014-04-29 14:56:15 +00:00
2008-03-06 16:06:59 +00:00
dnl Checks for programs.
AC_PROG_CPP
AC_PROG_INSTALL
AC_PROG_LN_S
2008-03-09 11:48:03 +00:00
AC_PROG_MKDIR_P
AC_PROG_SED
2008-03-06 16:06:59 +00:00
AC_PROG_MAKE_SET
dnl Add libtool support.
2008-06-11 10:14:43 +00:00
ifdef(
[LT_INIT],
[
LT_INIT([win32-dll])
LT_LANG([Windows Resource])
],
[
AC_LIBTOOL_WIN32_DLL
AC_LIBTOOL_RC
AC_PROG_LIBTOOL
]
)
2008-03-06 16:06:59 +00:00
2011-06-07 09:28:25 +00:00
dnl These required for repository checkout
2010-09-26 21:30:44 +00:00
AC_ARG_VAR([XSLTPROC], [xsltproc utility])
2011-06-07 09:28:25 +00:00
AC_ARG_VAR([git], [git])
2010-09-26 21:30:44 +00:00
AC_CHECK_PROGS([XSLTPROC],[xsltproc])
2011-06-07 09:28:25 +00:00
AC_CHECK_PROGS([GIT],[git])
2008-03-06 16:06:59 +00:00
2010-10-05 20:34:58 +00:00
AC_MSG_CHECKING([xsl-stylesheets])
2008-03-06 16:06:59 +00:00
if test "${xslstylesheetsdir}" = "detect"; then
xslstylesheetsdir="no"
for f in \
/usr/share/xml/docbook/stylesheet/nwalsh \
2010-10-21 13:53:58 +00:00
/usr/share/xml/docbook/stylesheet/nwalsh/current \
2010-07-27 08:05:31 +00:00
/opt/local/share/xsl/docbook-xsl \
/sw/share/xml/xsl/docbook-xsl \
2008-03-06 16:06:59 +00:00
/usr/share/sgml/docbook/*; do
test -e "${f}/html/docbook.xsl" && xslstylesheetsdir="${f}"
done
elif test "${xslstylesheetsdir}" != "no"; then
test -e "${xslstylesheetsdir}/html/docbook.xsl" || AC_MSG_ERROR([invalid])
fi
2010-10-05 20:34:58 +00:00
AC_MSG_RESULT([${xslstylesheetsdir}])
2008-03-06 16:06:59 +00:00
2014-04-29 14:56:15 +00:00
AC_MSG_CHECKING([git checkout])
GIT_CHECKOUT="no"
if test -n "${GIT}" -a -d "${srcdir}/.git"; then
2016-03-01 10:41:00 +00:00
GIT_CHECKOUT="yes"
2014-04-29 14:56:15 +00:00
fi
AC_MSG_RESULT([${GIT_CHECKOUT}])
2016-03-01 10:41:00 +00:00
if test "${GIT_CHECKOUT}" = "yes"; then
REVISION_DESCRIPTION="$(${GIT} describe || echo '<version not available>' )"
if test "${REVISION_DESCRIPTION}" = "<version not available>"; then
REVISION_DESCRIPTION="$(${GIT} describe --tags || echo '<version not available>')"
fi
HASH_COMMIT_DATE="$(${GIT} log -1 --pretty=format:'rev: %h, commit-time: %ci')"
GIT_TAG_COMMIT="$(${GIT} rev-list --tags --no-walk --max-count=1)"
OPENSC_SCM_REVISION="OpenSC-${REVISION_DESCRIPTION}, ${HASH_COMMIT_DATE}"
OPENSC_VERSION_REVISION="$(${GIT} rev-list ${GIT_TAG_COMMIT}..HEAD --count || echo 0)"
else
OPENSC_SCM_REVISION="No Git revision info available"
OPENSC_VERSION_REVISION="0"
fi
2014-04-29 14:56:15 +00:00
2008-03-06 16:06:59 +00:00
dnl C Compiler features
AC_C_INLINE
dnl Checks for header files.
AC_HEADER_SYS_WAIT
2010-09-14 08:17:48 +00:00
AC_HEADER_ASSERT