2008-03-06 16:06:59 +00:00
dnl -*- mode: m4; -*-
2021-03-30 02:21:23 +00:00
AC_PREREQ(2.68)
2008-03-06 16:06:59 +00:00
2014-04-29 14:56:15 +00:00
define([PRODUCT_NAME], [OpenSC])
define([PRODUCT_TARNAME], [opensc])
2015-09-14 20:11:49 +00:00
define([PRODUCT_BUGREPORT], [https://github.com/OpenSC/OpenSC/issues])
2018-05-13 11:33:57 +00:00
define([PRODUCT_URL], [https://github.com/OpenSC/OpenSC])
2008-03-06 16:06:59 +00:00
define([PACKAGE_VERSION_MAJOR], [0])
2021-04-06 11:42:50 +00:00
define([PACKAGE_VERSION_MINOR], [22])
2014-05-31 18:02:42 +00:00
define([PACKAGE_VERSION_FIX], [0])
2021-04-06 11:42:50 +00:00
define([PACKAGE_SUFFIX], [-rc1])
2008-03-06 16:06:59 +00:00
2014-04-29 14:56:15 +00:00
define([VS_FF_LEGAL_COPYRIGHT], [OpenSC Project])
define([VS_FF_LEGAL_COMPANY_NAME], [OpenSC Project])
2015-09-14 20:11:49 +00:00
define([VS_FF_LEGAL_COMPANY_URL], [https://github.com/OpenSC])
2014-04-29 14:56:15 +00:00
define([VS_FF_COMMENTS], [Provided under the terms of the GNU Lesser General Public License (LGPLv2.1+).])
define([VS_FF_PRODUCT_NAME], [OpenSC smartcard framework])
2015-09-14 20:11:49 +00:00
define([VS_FF_PRODUCT_UPDATES], [https://github.com/OpenSC/OpenSC/releases])
define([VS_FF_PRODUCT_URL], [https://github.com/OpenSC/OpenSC])
2014-04-29 14:56:15 +00:00
2014-05-05 06:46:29 +00:00
m4_sinclude(version.m4.ci)
2014-04-29 14:56:15 +00:00
2019-07-30 17:09:44 +00:00
m4_define([openssl_minimum_version], [1.0.1])
2018-05-13 11:33:57 +00:00
AC_INIT([PRODUCT_NAME],[PACKAGE_VERSION_MAJOR.PACKAGE_VERSION_MINOR.PACKAGE_VERSION_FIX[]PACKAGE_SUFFIX],[PRODUCT_BUGREPORT],[PRODUCT_TARNAME],[PRODUCT_URL])
2008-03-06 16:06:59 +00:00
AC_CONFIG_AUX_DIR([.])
2008-06-05 17:03:47 +00:00
AC_CONFIG_HEADERS([config.h])
2008-06-05 17:06:27 +00:00
AC_CONFIG_MACRO_DIR([m4])
2020-03-26 18:51:33 +00:00
AM_INIT_AUTOMAKE(foreign 1.10 [subdir-objects])
2008-03-06 16:06:59 +00:00
OPENSC_VERSION_MAJOR="PACKAGE_VERSION_MAJOR"
OPENSC_VERSION_MINOR="PACKAGE_VERSION_MINOR"
OPENSC_VERSION_FIX="PACKAGE_VERSION_FIX"
2014-04-29 14:56:15 +00:00
OPENSC_VS_FF_LEGAL_COPYRIGHT="VS_FF_LEGAL_COPYRIGHT"
OPENSC_VS_FF_COMPANY_NAME="VS_FF_LEGAL_COMPANY_NAME"
2015-09-14 20:11:49 +00:00
OPENSC_VS_FF_COMPANY_URL="VS_FF_LEGAL_COMPANY_URL"
2014-04-29 14:56:15 +00:00
OPENSC_VS_FF_COMMENTS="VS_FF_COMMENTS"
OPENSC_VS_FF_PRODUCT_NAME="VS_FF_PRODUCT_NAME"
2015-09-14 20:11:49 +00:00
OPENSC_VS_FF_PRODUCT_UPDATES="VS_FF_PRODUCT_UPDATES"
OPENSC_VS_FF_PRODUCT_URL="VS_FF_PRODUCT_URL"
2013-12-29 18:07:31 +00:00
2008-03-06 16:06:59 +00:00
# LT Version numbers, remember to change them just *before* a release.
# (Code changed: REVISION++)
2020-11-20 20:08:47 +00:00
# (Oldest interface changed/removed: OLDEST++)
2008-03-15 11:05:26 +00:00
# (Interfaces added: CURRENT++, REVISION=0)
2021-04-06 11:42:50 +00:00
OPENSC_LT_CURRENT="8"
2020-11-20 20:08:47 +00:00
OPENSC_LT_OLDEST="7"
2008-03-06 16:06:59 +00:00
OPENSC_LT_REVISION="0"
OPENSC_LT_AGE="0"
2008-03-15 11:05:26 +00:00
OPENSC_LT_AGE="$((${OPENSC_LT_CURRENT}-${OPENSC_LT_OLDEST}))"
2008-03-06 16:06:59 +00:00
AC_CONFIG_SRCDIR([src/libopensc/sc.c])
2011-06-30 09:42:31 +00:00
# silent build by default
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
2008-03-06 16:06:59 +00:00
AC_CANONICAL_HOST
AC_PROG_CC
2015-04-25 13:03:39 +00:00
# AC_PROG_CXX is needed to built the win32 custom action. Indeed dutil.h use [extern "C"] definition which fails on pure c compiler
AC_PROG_CXX
2017-02-07 14:45:10 +00:00
AC_PROG_OBJC
2008-03-06 16:06:59 +00:00
PKG_PROG_PKG_CONFIG
AC_C_BIGENDIAN
2014-02-02 17:49:57 +00:00
AC_ARG_ENABLE(
[optimization],
[AS_HELP_STRING([--disable-optimization],[disable compile optimization @<:@enabled@:>@])],
,
[enable_optimization="yes"]
)
2008-03-06 16:06:59 +00:00
AC_ARG_WITH(
[cygwin-native],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--with-cygwin-native],[compile native win32])],
2008-03-06 16:06:59 +00:00
,
[with_cygwin_native="no"]
)
2014-02-02 17:49:57 +00:00
if test "${enable_optimization}" = "no"; then
2020-04-20 19:04:09 +00:00
CFLAGS="${CFLAGS} -O0 -g"
2014-02-02 17:49:57 +00:00
fi
2008-03-06 16:06:59 +00:00
dnl Check for some target-specific stuff
test -z "${WIN32}" && WIN32="no"
test -z "${CYGWIN}" && CYGWIN="no"
2014-02-02 17:49:57 +00:00
2008-03-06 16:06:59 +00:00
case "${host}" in
*-*-solaris*)
CPPFLAGS="${CPPFLAGS} -I/usr/local/include"
LDFLAGS="${LDFLAGS} -L/usr/local/lib -R/usr/local/lib"
;;
2008-10-27 19:17:36 +00:00
*-mingw*|*-winnt*)
2008-03-06 16:06:59 +00:00
WIN32="yes"
CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
2008-03-15 11:05:26 +00:00
WIN_LIBPREFIX="lib"
2008-03-06 16:06:59 +00:00
;;
*-cygwin*)
AC_MSG_CHECKING([cygwin mode to use])
CYGWIN="yes"
if test "${with_cygwin_native}" = "yes"; then
AC_MSG_RESULT([Using native win32])
CPPFLAGS="${CPPFLAGS} -DWIN32_LEAN_AND_MEAN"
CFLAGS="${CFLAGS} -mno-cygwin"
WIN32="yes"
else
AC_MSG_RESULT([Using cygwin])
2008-03-15 11:05:26 +00:00
WIN_LIBPREFIX="cyg"
2008-03-06 16:06:59 +00:00
AC_DEFINE([USE_CYGWIN], [1], [Define if you are on Cygwin])
fi
;;
esac
2012-06-04 07:26:56 +00:00
case "${host}" in
*-mingw*|*-winnt*|*-cygwin*)
2015-09-30 06:20:19 +00:00
DEBUG_FILE="%TEMP%\\\opensc-debug.log"
PROFILE_DIR_DEFAULT="obtained from windows registers"
PROFILE_DIR="\"\""
2012-06-04 07:26:56 +00:00
;;
*)
DEBUG_FILE="/tmp/opensc-debug.log"
2015-09-30 06:20:19 +00:00
PROFILE_DIR="\$(pkgdatadir)"
PROFILE_DIR_DEFAULT="\$(pkgdatadir)"
2012-06-04 07:26:56 +00:00
;;
esac
2017-03-14 19:39:29 +00:00
case "${host}" in
*-mingw*)
CPPFLAGS="${CPPFLAGS} -D__USE_MINGW_ANSI_STDIO=1"
;;
esac
2019-11-06 17:34:52 +00:00
AX_CODE_COVERAGE()
2019-06-03 05:56:56 +00:00
AX_CHECK_COMPILE_FLAG([-Wunknown-warning-option], [have_unknown_warning_option="yes"], [have_unknown_warning_option="no"], [-Werror])
2017-08-02 21:12:58 +00:00
AM_CONDITIONAL([HAVE_UNKNOWN_WARNING_OPTION], [test "${have_unknown_warning_option}" = "yes"])
2017-06-19 09:57:18 +00:00
2019-06-03 05:56:56 +00:00
AC_ARG_ENABLE(
[fuzzing],
2020-08-29 08:34:51 +00:00
[AS_HELP_STRING([--enable-fuzzing],[enable compile of fuzzing tests @<:@disabled@:>@, note that CFLAGS and FUZZING_LIBS should be set accordingly, e.g. to something like CFLAGS="-fsanitize=address,fuzzer" FUZZING_LIBS="-fsanitize=fuzzer"])],
2019-06-03 05:56:56 +00:00
,
[enable_fuzzing="no"]
)
2019-08-19 14:15:05 +00:00
AC_ARG_VAR([FUZZING_LIBS], [linker flags for fuzzing])
2008-03-06 16:06:59 +00:00
AC_ARG_ENABLE(
[strict],
2018-04-04 16:50:12 +00:00
[AS_HELP_STRING([--disable-strict],[disable strict compile mode @<:@enabled@:>@])],
2008-03-06 16:06:59 +00:00
,
2013-05-25 02:29:28 +00:00
[enable_strict="yes"]
2008-03-06 16:06:59 +00:00
)
AC_ARG_ENABLE(
[pedantic],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--enable-pedantic],[enable pedantic compile mode @<:@disabled@:>@])],
2008-03-06 16:06:59 +00:00
,
[enable_pedantic="no"]
)
2015-12-01 08:19:03 +00:00
AC_ARG_ENABLE(
[thread_locking],
[AS_HELP_STRING([--disable-thread-locking],[disable OS thread locking @<:@enabled@:>@])],
,
[enable_thread_locking="yes"]
)
2008-03-06 16:06:59 +00:00
AC_ARG_ENABLE(
[zlib],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--enable-zlib],[enable zlib linkage @<:@detect@:>@])],
2008-03-06 16:06:59 +00:00
,
[enable_zlib="detect"]
)
AC_ARG_ENABLE(
[readline],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--enable-readline],[enable readline linkage @<:@detect@:>@])],
2008-03-06 16:06:59 +00:00
,
[enable_readline="detect"]
)
AC_ARG_ENABLE(
[openssl],
2018-11-05 10:16:04 +00:00
[AS_HELP_STRING([--enable-openssl],[enable OpenSSL linkage @<:@detect@:>@])],
2008-03-06 16:06:59 +00:00
,
[enable_openssl="detect"]
)
2018-11-05 10:16:04 +00:00
AC_ARG_ENABLE([openssl-secure-malloc],
2021-03-30 02:21:23 +00:00
[AS_HELP_STRING([--openssl-secure-malloc=<SIZE_IN_BYTES>],
2018-11-05 10:16:04 +00:00
[Enable OpenSSL secure memory by specifying its size in bytes, must be a power of 2 @<:@disabled@:>@])],
[], [enable_openssl_secure_malloc=no])
AS_IF([test $enable_openssl_secure_malloc != no],
[AC_DEFINE_UNQUOTED([OPENSSL_SECURE_MALLOC_SIZE],[$enable_openssl_secure_malloc],[Size of OpenSSL secure memory in bytes, must be a power of 2])])
2015-11-06 07:24:16 +00:00
AC_ARG_ENABLE(
[openpace],
[AS_HELP_STRING([--enable-openpace],[enable OpenPACE linkage @<:@detect@:>@])],
,
[enable_openpace="detect"]
)
2008-03-06 16:06:59 +00:00
AC_ARG_ENABLE(
[openct],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--enable-openct],[enable openct linkage @<:@disabled@:>@])],
2008-03-06 16:06:59 +00:00
,
[enable_openct="no"]
)
AC_ARG_ENABLE(
[pcsc],
2009-11-05 18:27:56 +00:00
[AS_HELP_STRING([--disable-pcsc],[disable pcsc support @<:@enabled@:>@])],
2008-03-06 16:06:59 +00:00
,
2009-11-05 18:27:56 +00:00
[enable_pcsc="yes"]
2008-03-06 16:06:59 +00:00
)
2017-02-07 14:45:10 +00:00
AC_ARG_ENABLE(
[cryptotokenkit],
[AS_HELP_STRING([--disable-cryptotokenkit],[disable CryptoTokenKit support @<:@enabled@:>@])],
,
[enable_cryptotokenkit="no"]
)
2009-11-15 18:03:04 +00:00
AC_ARG_ENABLE(
[ctapi],
[AS_HELP_STRING([--enable-ctapi],[enable CT-API support @<:@disabled@:>@])],
,
[enable_ctapi="no"]
)
2010-02-05 21:39:28 +00:00
AC_ARG_ENABLE(
2011-04-12 07:40:12 +00:00
[minidriver],
[AS_HELP_STRING([--enable-minidriver],[enable minidriver on Windows @<:@disabled@:>@])],
2010-02-05 21:39:28 +00:00
,
2011-04-12 07:40:12 +00:00
[enable_minidriver="no"]
2010-02-05 21:39:28 +00:00
)
2012-06-04 07:26:56 +00:00
AC_ARG_ENABLE(
[sm],
2014-05-05 07:03:28 +00:00
[AS_HELP_STRING([--disable-sm],[disable secure messaging support and SM modules @<:@enabled@:>@])],
2012-06-04 07:26:56 +00:00
,
2014-05-05 07:03:28 +00:00
[enable_sm="yes"]
2012-06-04 07:26:56 +00:00
)
2008-03-06 16:06:59 +00:00
AC_ARG_ENABLE(
[man],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--disable-man],[disable installation of manuals @<:@enabled for none Windows@:>@])],
2008-03-06 16:06:59 +00:00
,
2010-10-05 20:34:58 +00:00
[enable_man="detect"]
2008-03-06 16:06:59 +00:00
)
AC_ARG_ENABLE(
[doc],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--enable-doc],[enable installation of documents @<:@disabled@:>@])],
2008-03-06 16:06:59 +00:00
,
[enable_doc="no"]
)
2013-06-13 15:12:07 +00:00
AC_ARG_ENABLE(
[dnie-ui],
[AS_HELP_STRING([--enable-dnie-ui],[enable use of external user interface program to request DNIe pin@<:@disabled@:>@])],
,
[enable_dnie_ui="no"]
)
2017-05-24 10:46:42 +00:00
AC_ARG_ENABLE(
[notify],
[AS_HELP_STRING([--enable-notify],[enable notifications @<:@detect@:>@])],
,
[enable_notify="detect"]
)
2019-03-18 22:08:58 +00:00
AC_ARG_ENABLE(
[autostart-items],
[AS_HELP_STRING([--enable-autostart-items],[enable autostart items @<:@enabled@:>@])],
,
[enable_autostart="yes"]
)
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
AC_ARG_ENABLE(
2019-06-03 05:56:56 +00:00
[cmocka],
[AS_HELP_STRING([--enable-cmocka],[Build tests in src/tests/p11test directory @<:@detect@:>@])],
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
,
2019-06-03 05:56:56 +00:00
[enable_cmocka="detect"]
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
)
2008-03-06 16:06:59 +00:00
AC_ARG_WITH(
2008-03-24 16:05:31 +00:00
[xsl-stylesheetsdir],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--with-xsl-stylesheetsdir=PATH],[docbook xsl-stylesheets for svn build @<:@detect@:>@])],
2008-03-06 16:06:59 +00:00
[xslstylesheetsdir="${withval}"],
[xslstylesheetsdir="detect"]
)
2018-07-11 19:55:05 +00:00
AC_ARG_WITH(
[completiondir],
[AS_HELP_STRING([--with-completiondir=PATH],[Directory of Bash completion @<:@detect@:>@])],
[completiondir="${withval}"],
[completiondir="detect"]
)
2008-04-01 20:10:43 +00:00
AC_ARG_WITH(
[pcsc-provider],
2008-06-05 17:03:47 +00:00
[AS_HELP_STRING([--with-pcsc-provider=PATH],[Path to system pcsc provider @<:@system default@:>@])],
2008-04-01 20:10:43 +00:00
,
[with_pcsc_provider="detect"]
)
2014-12-19 21:12:25 +00:00
AC_ARG_WITH(
[pkcs11-provider],
[AS_HELP_STRING([--with-pkcs11-provider=PATH],[Path to the default PKCS11 provider @<:@default=OpenSC@:>@])],
,
[with_pkcs11_provider="detect"]
)
2016-06-03 09:06:14 +00:00
2010-09-11 13:00:47 +00:00
dnl ./configure check
reader_count=""
2017-02-07 14:45:10 +00:00
for rdriver in "${enable_pcsc}" "${enable_cryptotokenkit}" "${enable_openct}" "${enable_ctapi}"; do
2010-09-11 13:00:47 +00:00
test "${rdriver}" = "yes" && reader_count="${reader_count}x"
done
if test "${reader_count}" != "x"; then
2017-02-07 14:45:10 +00:00
AC_MSG_ERROR([Only one of --enable-pcsc, --enable-cryptotokenkit, --enable-openct, --enable-ctapi can be specified!])
2010-09-11 13:00:47 +00:00
fi
2014-04-29 14:56:15 +00:00
2008-03-06 16:06:59 +00:00
dnl Checks for programs.
AC_PROG_CPP
AC_PROG_INSTALL
AC_PROG_LN_S
2008-03-09 11:48:03 +00:00
AC_PROG_MKDIR_P
AC_PROG_SED
2008-03-06 16:06:59 +00:00
AC_PROG_MAKE_SET
dnl Add libtool support.
2008-06-11 10:14:43 +00:00
ifdef(
[LT_INIT],
[
LT_INIT([win32-dll])
LT_LANG([Windows Resource])
],
[
AC_LIBTOOL_WIN32_DLL
AC_LIBTOOL_RC
AC_PROG_LIBTOOL
]
)
2008-03-06 16:06:59 +00:00
2011-06-07 09:28:25 +00:00
dnl These required for repository checkout
2010-09-26 21:30:44 +00:00
AC_ARG_VAR([XSLTPROC], [xsltproc utility])
2011-06-07 09:28:25 +00:00
AC_ARG_VAR([git], [git])
2010-09-26 21:30:44 +00:00
AC_CHECK_PROGS([XSLTPROC],[xsltproc])
2011-06-07 09:28:25 +00:00
AC_CHECK_PROGS([GIT],[git])
2008-03-06 16:06:59 +00:00
2010-10-05 20:34:58 +00:00
AC_MSG_CHECKING([xsl-stylesheets])
2008-03-06 16:06:59 +00:00
if test "${xslstylesheetsdir}" = "detect"; then
xslstylesheetsdir="no"
for f in \
/usr/share/xml/docbook/stylesheet/nwalsh \
2010-10-21 13:53:58 +00:00
/usr/share/xml/docbook/stylesheet/nwalsh/current \
2010-07-27 08:05:31 +00:00
/opt/local/share/xsl/docbook-xsl \
/sw/share/xml/xsl/docbook-xsl \
2008-03-06 16:06:59 +00:00
/usr/share/sgml/docbook/*; do
test -e "${f}/html/docbook.xsl" && xslstylesheetsdir="${f}"
done
elif test "${xslstylesheetsdir}" != "no"; then
test -e "${xslstylesheetsdir}/html/docbook.xsl" || AC_MSG_ERROR([invalid])
fi
2010-10-05 20:34:58 +00:00
AC_MSG_RESULT([${xslstylesheetsdir}])
2008-03-06 16:06:59 +00:00
2014-04-29 14:56:15 +00:00
AC_MSG_CHECKING([git checkout])
GIT_CHECKOUT="no"
if test -n "${GIT}" -a -d "${srcdir}/.git"; then
2016-03-01 10:41:00 +00:00
GIT_CHECKOUT="yes"
2014-04-29 14:56:15 +00:00
fi
AC_MSG_RESULT([${GIT_CHECKOUT}])
2016-03-01 10:41:00 +00:00
if test "${GIT_CHECKOUT}" = "yes"; then
REVISION_DESCRIPTION="$(${GIT} describe || echo '<version not available>' )"
if test "${REVISION_DESCRIPTION}" = "<version not available>"; then
REVISION_DESCRIPTION="$(${GIT} describe --tags || echo '<version not available>')"
fi
HASH_COMMIT_DATE="$(${GIT} log -1 --pretty=format:'rev: %h, commit-time: %ci')"
GIT_TAG_COMMIT="$(${GIT} rev-list --tags --no-walk --max-count=1)"
OPENSC_SCM_REVISION="OpenSC-${REVISION_DESCRIPTION}, ${HASH_COMMIT_DATE}"
OPENSC_VERSION_REVISION="$(${GIT} rev-list ${GIT_TAG_COMMIT}..HEAD --count || echo 0)"
else
OPENSC_SCM_REVISION="No Git revision info available"
OPENSC_VERSION_REVISION="0"
fi
2014-04-29 14:56:15 +00:00
2008-03-06 16:06:59 +00:00
dnl C Compiler features
AC_C_INLINE
dnl Checks for header files.
AC_HEADER_SYS_WAIT
2010-09-14 08:17:48 +00:00
AC_HEADER_ASSERT
2008-03-06 16:06:59 +00:00
AC_CHECK_HEADERS([ \
2013-03-15 20:12:25 +00:00
errno.h fcntl.h stdlib.h \
2008-03-06 16:06:59 +00:00
inttypes.h string.h strings.h \
2020-04-02 23:23:57 +00:00
sys/time.h unistd.h sys/mman.h \
sys/endian.h endian.h
2008-03-06 16:06:59 +00:00
])
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_TYPE_UID_T
AC_TYPE_SIZE_T
dnl Checks for library functions.
AC_FUNC_ERROR_AT_LINE
AC_FUNC_STAT
AC_FUNC_VPRINTF
AC_CHECK_FUNCS([ \
2015-11-06 07:24:16 +00:00
getpass gettimeofday getline memset mkdir \
2020-03-06 11:23:16 +00:00
strdup strerror memset_s explicit_bzero \
2020-04-09 15:20:54 +00:00
strnlen sigaction
2008-03-06 16:06:59 +00:00
])
2020-05-18 15:43:14 +00:00
# Do not check for strlcpy and strlcat in Linux because it is not implemented
# and autotools can not detect it in AC_CHECK_DECLS because build does not fail
# in this test.
# https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22192
case "${host_os}" in
linux*)
;;
*)
AC_CHECK_DECLS([strlcpy, strlcat], [], [], [[#include <string.h>]])
;;
esac
2010-02-05 21:39:28 +00:00
AC_CHECK_SIZEOF(void *)
if test "${ac_cv_sizeof_void_p}" = 8; then
LIBRARY_BITNESS="64"
else
LIBRARY_BITNESS="32"
fi
2008-03-06 16:06:59 +00:00
dnl See if socket() is found from libsocket
AC_CHECK_LIB(
[socket],
[socket],
[
LIBS="${LIBS} -lsocket"
AC_CHECK_LIB(
[resolv],
[res_query],
[LIBS="${LIBS} -lresolv"]
)
]
)
2011-12-09 20:46:45 +00:00
if test "${WIN32}" = "no"; then
dnl dl support
2013-03-15 22:30:11 +00:00
AC_SEARCH_LIBS([dlopen], [dl dld], [], [
AC_MSG_ERROR([unable to find the dlopen() function])
])
2011-02-16 19:02:11 +00:00
2008-03-06 16:06:59 +00:00
dnl Special check for pthread support.
2012-09-25 15:56:55 +00:00
AX_PTHREAD(
2008-03-06 16:06:59 +00:00
[AC_DEFINE(
[HAVE_PTHREAD],
[1],
[Define if you have POSIX threads libraries and header files.]
)],
[AC_MSG_ERROR([POSIX thread support required])]
)
CC="${PTHREAD_CC}"
2010-02-05 21:39:28 +00:00
fi
2015-12-01 08:19:03 +00:00
if test "${enable_thread_locking}" = "yes"; then
2017-02-24 21:41:06 +00:00
OPENSC_PKCS11_PTHREAD_CFLAGS="${PTHREAD_CFLAGS} -DPKCS11_THREAD_LOCKING"
else
OPENSC_PKCS11_PTHREAD_CFLAGS=""
2015-12-01 08:19:03 +00:00
fi
2017-02-24 21:41:06 +00:00
AC_SUBST(OPENSC_PKCS11_PTHREAD_CFLAGS)
2015-12-01 08:19:03 +00:00
2011-04-12 07:40:12 +00:00
if test "${enable_minidriver}" = "yes"; then
2010-02-05 13:05:25 +00:00
dnl win32 special test for minidriver
2010-02-05 21:39:28 +00:00
AC_CHECK_HEADER(
[cardmod.h],
,
2017-01-25 22:01:18 +00:00
[AC_MSG_ERROR([cardmod.h from CNG is required for minidriver])],
[#if defined(__MINGW32__)
#include "${srcdir}/src/minidriver/cardmod-mingw-compat.h"
#endif
])
2011-04-12 07:40:12 +00:00
AC_DEFINE([ENABLE_MINIDRIVER], [1], [Enable minidriver support])
2008-03-06 16:06:59 +00:00
fi
2013-06-13 15:12:07 +00:00
if test "${enable_dnie_ui}" = "yes"; then
AC_DEFINE([ENABLE_DNIE_UI], [1], [Enable the use of external user interface program to request DNIe user pin])
case "${host}" in
2018-03-09 13:37:38 +00:00
*-*-darwin*)
LDFLAGS="${LDFLAGS} -framework Carbon"
;;
esac
case "${host}" in
*-apple-*)
LDFLAGS="${LDFLAGS} -framework CoreFoundation"
2013-06-13 15:12:07 +00:00
;;
esac
fi
2017-05-24 10:46:42 +00:00
case "${host}" in
*-*-darwin*)
have_notify="yes"
;;
*)
2017-11-07 15:10:28 +00:00
PKG_CHECK_MODULES( [GIO2], [gio-2.0],
[ have_notify="yes"
have_gio2="yes" ],
[ have_notify="no"
have_gio2="no" ])
saved_CFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} ${GIO2_CFLAGS}"
AC_CHECK_HEADERS(gio/gio.h, [],
[ AC_MSG_WARN([glib2 headers not found])
have_notify="no"
have_gio2="no" ])
CFLAGS="${saved_CFLAGS}"
saved_LIBS="$LIBS"
LIBS="$LIBS ${GIO2_LIBS}"
AC_MSG_CHECKING([for g_application_send_notification])
AC_TRY_LINK_FUNC(g_application_send_notification, [ AC_MSG_RESULT([yes]) ],
[ AC_MSG_WARN([Cannot link against glib2])
have_notify="no"
have_gio2="no" ])
LIBS="$saved_LIBS"
2017-05-24 10:46:42 +00:00
;;
esac
case "${enable_notify}" in
no)
have_notify="no"
;;
detect)
if test "${have_notify}" = "yes"; then
enable_notify="yes"
else
enable_notify="no"
fi
;;
esac
if test "${enable_notify}" = "yes"; then
if test "${have_notify}" = "yes"; then
AC_DEFINE([ENABLE_NOTIFY], [1], [Use notification libraries and header files])
2017-06-08 14:10:43 +00:00
if test "${have_gio2}" = "yes"; then
AC_DEFINE([ENABLE_GIO2], [1], [Use glib2 libraries and header files])
OPTIONAL_NOTIFY_CFLAGS="${GIO2_CFLAGS}"
OPTIONAL_NOTIFY_LIBS="${GIO2_LIBS}"
fi
2017-05-24 10:46:42 +00:00
else
AC_MSG_ERROR([notification linkage required, but no notification provider was found])
fi
fi
2018-06-11 16:33:59 +00:00
have_cmocka="yes"
2018-08-30 07:35:04 +00:00
PKG_CHECK_MODULES([CMOCKA], [cmocka >= 1.0.1],,[have_cmocka="no"])
2018-06-11 16:33:59 +00:00
AC_CHECK_HEADER([setjmp.h])
AC_CHECK_HEADER([cmocka.h],, [have_cmocka="no"],
[#include <stdarg.h>
#include <stddef.h>
#include <setjmp.h>
])
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
2008-03-06 16:06:59 +00:00
AC_ARG_VAR([ZLIB_CFLAGS], [C compiler flags for zlib])
AC_ARG_VAR([ZLIB_LIBS], [linker flags for zlib])
if test -z "${ZLIB_LIBS}"; then
AC_CHECK_LIB(
[z],
[inflate],
[ZLIB_LIBS="-lz"]
)
fi
saved_CFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} ${ZLIB_CFLAGS}"
AC_CHECK_HEADERS([zlib.h])
CFLAGS="${saved_CFLAGS}"
test -n "${ZLIB_LIBS}" -a "${ac_cv_header_zlib_h}" = "yes" && have_zlib="yes"
2008-03-15 13:24:05 +00:00
case "${enable_zlib}" in
no)
have_zlib="no"
;;
detect)
if test "${have_zlib}" = "yes"; then
enable_zlib="yes"
else
enable_zlib="no"
fi
;;
esac
2008-03-06 16:06:59 +00:00
if test "${enable_zlib}" = "yes"; then
if test "${have_zlib}" = "yes"; then
AC_DEFINE([ENABLE_ZLIB], [1], [Use zlib libraries and header files])
else
AC_MSG_ERROR([zlib linkage required, but no zlib was found])
fi
fi
AC_ARG_VAR([READLINE_CFLAGS], [C compiler flags for readline])
AC_ARG_VAR([READLINE_LIBS], [linker flags for readline])
if test -z "${READLINE_LIBS}"; then
for l in "" -lncurses -ltermcap; do
unset ac_cv_lib_readline_readline
AC_CHECK_LIB(
[readline],
[readline],
[READLINE_LIBS="-lreadline ${l}"],
,
["${l}"]
)
test -n "${READLINE_LIBS}" && break;
done
fi
saved_CFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} ${READLINE_CFLAGS}"
AC_CHECK_HEADERS([readline/readline.h])
CFLAGS="${saved_CFLAGS}"
test -n "${READLINE_LIBS}" -a "${ac_cv_header_readline_readline_h}" = "yes" && have_readline="yes"
2008-03-15 13:24:05 +00:00
case "${enable_readline}" in
no)
have_readline="no"
;;
detect)
if test "${have_readline}" = "yes"; then
enable_readline="yes"
else
enable_readline="no"
fi
;;
esac
2008-03-06 16:06:59 +00:00
if test "${enable_readline}" = "yes"; then
if test "${have_readline}" = "yes"; then
AC_DEFINE([ENABLE_READLINE], [1], [Use readline libraries and header files])
else
AC_MSG_ERROR([readline linkage required, but no readline was found])
fi
fi
PKG_CHECK_MODULES(
[OPENSSL],
2019-07-30 17:09:44 +00:00
[libcrypto >= openssl_minimum_version],
2008-03-06 16:06:59 +00:00
[have_openssl="yes"],
2018-08-22 17:04:29 +00:00
[AC_CHECK_LIB(
[crypto],
[RSA_version],
[
have_openssl="yes"
OPENSSL_LIBS="-lcrypto"
],
[have_openssl="no"]
2008-03-06 16:06:59 +00:00
)]
)
2008-03-15 13:24:05 +00:00
case "${enable_openssl}" in
no)
have_openssl="no"
;;
detect)
2015-10-14 07:16:23 +00:00
saved_CFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
AC_CHECK_HEADERS([openssl/crypto.h],,[have_openssl="no"])
CFLAGS="${saved_CFLAGS}"
2008-03-15 13:24:05 +00:00
if test "${have_openssl}" = "yes"; then
enable_openssl="yes"
else
enable_openssl="no"
fi
;;
esac
2008-03-06 16:06:59 +00:00
if test "${enable_openssl}" = "yes"; then
if test "${have_openssl}" = "yes"; then
AC_DEFINE([ENABLE_OPENSSL], [1], [Have OpenSSL libraries and header files])
else
AC_MSG_ERROR([OpenSSL linkage required, but no OpenSSL was found])
fi
2015-09-23 06:32:58 +00:00
else
OPENSSL_CFLAGS=""
OPENSSL_LIBS=""
2008-03-06 16:06:59 +00:00
fi
2019-06-03 05:56:56 +00:00
if test "${enable_cmocka}" = "detect"; then
2018-06-28 11:40:27 +00:00
if test "${have_cmocka}" = "yes" -a "${have_openssl}" = "yes"; then
2019-06-03 05:56:56 +00:00
enable_cmocka="yes"
2018-06-28 11:40:27 +00:00
else
2019-06-03 05:56:56 +00:00
enable_cmocka="no"
2018-06-28 11:40:27 +00:00
fi
fi
2019-06-03 05:56:56 +00:00
if test "${enable_cmocka}" = "yes"; then
2018-06-28 11:40:27 +00:00
if test "${have_cmocka}" != "yes"; then
AC_MSG_ERROR([Tests required, but cmocka is not available])
fi
fi
2015-11-06 07:24:16 +00:00
PKG_CHECK_EXISTS([libeac], [PKG_CHECK_MODULES([OPENPACE], [libeac >= 0.9])],
[AC_MSG_WARN([libeac not found by pkg-config])])
saved_CPPFLAGS="$CPPFLAGS"
saved_LIBS="$LIBS"
CPPFLAGS="$CPPFLAGS $OPENPACE_CFLAGS"
LIBS="$LDFLAGS $OPENPACE_LIBS"
have_openpace="yes"
AC_CHECK_HEADERS(eac/eac.h, [],
[ AC_MSG_WARN([OpenPACE headers not found])
have_openpace="no" ])
AC_MSG_CHECKING([for EAC_CTX_init_pace])
AC_TRY_LINK_FUNC(EAC_CTX_init_pace, [ AC_MSG_RESULT([yes]) ],
[ AC_MSG_WARN([Cannot link against libeac])
have_openpace="no" ])
CPPFLAGS="$saved_CPPFLAGS"
LIBS="$saved_LIBS"
AC_ARG_ENABLE(cvcdir,
2021-03-30 02:21:23 +00:00
AS_HELP_STRING([--enable-cvcdir=DIR],
2015-11-06 07:24:16 +00:00
[directory containing CV certificates (default is determined by libeac)]),
[cvcdir="${enableval}"],
[cvcdir=false])
if test "${cvcdir}" = false ; then
cvcdir="`$PKG_CONFIG libeac --variable=cvcdir`"
fi
if test "${cvcdir}" = "" ; then
2017-03-23 15:45:31 +00:00
case "${host}" in
*-mingw*|*-winnt*|*-cygwin*)
cvcdir="%PROGRAMFILES%\\\OpenSC Project\\\OpenSC\\\cvc"
;;
*)
AC_MSG_WARN([use --enable-cvcdir=DIR])
;;
esac
2015-11-06 07:24:16 +00:00
fi
CVCDIR="${cvcdir}"
AC_SUBST(CVCDIR)
2017-03-23 15:45:31 +00:00
AC_DEFINE_UNQUOTED([CVCDIR], ["${CVCDIR}"], [CVC directory])
2015-11-06 07:24:16 +00:00
AC_ARG_ENABLE(x509dir,
2021-03-30 02:21:23 +00:00
AS_HELP_STRING([--enable-x509dir=DIR],
2015-11-06 07:24:16 +00:00
[directory containing X.509 certificates (default is determined by libeac)]),
[x509dir="${enableval}"],
[x509dir=false])
if test "${x509dir}" = false ; then
x509dir="`$PKG_CONFIG libeac --variable=x509dir`"
fi
if test -z "${x509dir}"
then
x509dir="`$PKG_CONFIG libeac --variable=x509dir`"
fi
if test -z "${x509dir}"
then
2017-03-23 15:45:31 +00:00
case "${host}" in
*-mingw*|*-winnt*|*-cygwin*)
x509dir="%PROGRAMFILES%\\\OpenSC Project\\\OpenSC\\\x509"
;;
*)
AC_MSG_WARN([use --enable-x509dir=DIR])
;;
esac
2015-11-06 07:24:16 +00:00
fi
X509DIR="${x509dir}"
AC_SUBST(X509DIR)
2017-03-23 15:45:31 +00:00
AC_DEFINE_UNQUOTED([X509DIR], ["${X509DIR}"], [CVC directory])
2015-11-06 07:24:16 +00:00
case "${enable_openpace}" in
no)
have_openpace="no"
;;
detect)
if test "${have_openpace}" = "yes"; then
enable_openpace="yes"
else
enable_openpace="no"
fi
;;
esac
if test "${enable_openpace}" = "yes"; then
if test "${have_openpace}" = "yes"; then
AC_DEFINE([ENABLE_OPENPACE], [1], [Use OpenPACE libraries and header files])
else
AC_MSG_ERROR([OpenPACE linkage required, but no OpenPACE was found])
fi
else
OPENPACE_CFLAGS=""
OPENPACE_LIBS=""
fi
2008-03-06 16:06:59 +00:00
if test "${enable_openct}" = "yes"; then
PKG_CHECK_MODULES(
[OPENCT],
[libopenct],
[AC_DEFINE([ENABLE_OPENCT], [1], [Have OpenCT libraries and header files])],
[AC_MSG_ERROR([openct requested but not available])]
)
fi
2009-11-15 18:03:04 +00:00
if test "${enable_ctapi}" = "yes"; then
AC_DEFINE([ENABLE_CTAPI], [1], [Enable CT-API support])
fi
2008-03-06 16:06:59 +00:00
if test "${enable_pcsc}" = "yes"; then
2008-10-27 19:16:28 +00:00
if test "${WIN32}" != "yes"; then
2009-02-03 20:11:30 +00:00
PKG_CHECK_EXISTS(
[libpcsclite],
2017-06-15 21:38:57 +00:00
[PKG_CHECK_MODULES([PCSC], [libpcsclite >= 1.8.22],
2016-11-10 15:29:47 +00:00
[AC_DEFINE([PCSCLITE_GOOD], [1], [Sufficient version of PCSC-Lite with all the required features])],
[:]
)]
2009-02-03 20:11:30 +00:00
)
if test -z "${PCSC_CFLAGS}"; then
case "${host}" in
*-*-darwin*)
2014-10-25 17:01:38 +00:00
# Locate the latest SDK.
2017-02-28 22:30:43 +00:00
SDK_PATH=$(xcrun --sdk macosx --show-sdk-path)
PCSC_CFLAGS="-I$SDK_PATH/System/Library/Frameworks/PCSC.framework/Versions/Current/Headers"
2009-02-03 20:11:30 +00:00
;;
*)
PCSC_CFLAGS="-I/usr/include/PCSC"
;;
esac
fi
2008-10-27 19:16:28 +00:00
fi
2009-01-16 17:13:32 +00:00
saved_CFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} ${PCSC_CFLAGS}"
2008-10-27 19:16:28 +00:00
# We must cope with mingw32 that does not have winscard.h mingw64 has it.
AC_CHECK_HEADERS([winscard.h],,[test "${WIN32}" != "yes" && AC_MSG_ERROR([winscard.h is required for pcsc])])
2015-10-03 10:48:56 +00:00
AC_CHECK_HEADERS([pcsclite.h])
2009-01-16 17:13:32 +00:00
CFLAGS="${saved_CFLAGS}"
2008-10-27 19:16:28 +00:00
2008-04-01 20:10:43 +00:00
if test "${with_pcsc_provider}" = "detect"; then
case "${host}" in
*-*-darwin*)
2008-04-02 19:48:12 +00:00
DEFAULT_PCSC_PROVIDER="/System/Library/Frameworks/PCSC.framework/PCSC"
2008-04-01 20:10:43 +00:00
;;
2008-10-27 19:17:36 +00:00
*-mingw*|*-winnt*|*-cygwin*)
2008-04-02 05:44:12 +00:00
DEFAULT_PCSC_PROVIDER="winscard.dll"
2008-04-01 20:10:43 +00:00
;;
*)
2009-11-05 18:27:56 +00:00
DEFAULT_PCSC_PROVIDER="libpcsclite.so.1"
2008-04-01 20:10:43 +00:00
;;
esac
2008-04-02 05:44:12 +00:00
else
DEFAULT_PCSC_PROVIDER="${with_pcsc_provider}"
2008-04-01 20:10:43 +00:00
fi
2008-04-02 05:44:12 +00:00
AC_DEFINE_UNQUOTED([DEFAULT_PCSC_PROVIDER], ["${DEFAULT_PCSC_PROVIDER}"], [Default PC/SC provider])
2008-10-27 19:16:28 +00:00
AC_DEFINE([ENABLE_PCSC], [1], [Define if PC/SC is to be enabled])
2008-03-06 16:06:59 +00:00
fi
2017-02-07 14:45:10 +00:00
if test "${enable_cryptotokenkit}" = "yes"; then
if test -z "${CRYPTOTOKENKIT_CFLAGS}"; then
case "${host}" in
*-apple-*)
CRYPTOTOKENKIT_CFLAGS="-framework CryptoTokenKit -framework Foundation"
LDFLAGS="${LDFLAGS} -framework CryptoTokenKit -framework Foundation"
;;
*)
AC_MSG_ERROR([CryptoTokenKit only supported on Darwin])
;;
esac
fi
AC_DEFINE([ENABLE_CRYPTOTOKENKIT], [1], [Define if CryptoTokenKit is to be enabled])
fi
2018-07-11 19:55:05 +00:00
if test "${completiondir}" = "detect"; then
echo completion ${completiondir}
PKG_CHECK_MODULES([BASH_COMPLETION], [bash-completion >= 2.0],
[completiondir="`pkg-config --variable=completionsdir bash-completion`"],
[completiondir="${sysconfdir}/bash_completion.d"])
fi
2018-06-22 14:38:38 +00:00
AC_SUBST([completiondir])
2017-02-07 14:45:10 +00:00
2015-11-12 16:49:35 +00:00
AC_SUBST(DYN_LIB_EXT)
2015-11-12 19:57:04 +00:00
AC_SUBST(LIBDIR)
AC_SUBST(LIB_PRE)
2015-11-12 16:49:35 +00:00
case "${host}" in
*-mingw*|*-winnt*|*-cygwin*)
DYN_LIB_EXT=".dll"
2015-11-12 19:57:04 +00:00
LIBDIR=""
LIB_PRE=""
2014-12-19 21:12:25 +00:00
;;
2015-11-12 16:49:35 +00:00
*)
DYN_LIB_EXT=".so"
2015-11-12 19:57:04 +00:00
LIBDIR="\$(libdir)/"
LIB_PRE="lib"
2014-12-19 21:12:25 +00:00
;;
2015-11-12 16:49:35 +00:00
esac
2016-10-22 21:49:04 +00:00
if test "${enable_sm}" = "yes"; then
AC_DEFINE([ENABLE_SM], [1], [Enable secure messaging support])
DEFAULT_SM_MODULE="${LIB_PRE}smm-local${DYN_LIB_EXT}"
case "${host}" in
*-mingw*|*-winnt*|*-cygwin*)
2018-07-14 02:16:39 +00:00
DEFAULT_SM_MODULE_PATH="%PROGRAMFILES%\\\OpenSC Project\\\OpenSC\\\tools"
2016-10-22 21:49:04 +00:00
;;
*)
2018-07-14 02:16:39 +00:00
DEFAULT_SM_MODULE_PATH="${libdir}"
2016-10-22 21:49:04 +00:00
;;
esac
fi
2015-11-12 16:49:35 +00:00
if test "${with_pkcs11_provider}" = "detect"; then
2017-07-17 20:53:07 +00:00
if test "${WIN32}" != "yes"; then
2018-07-14 02:16:39 +00:00
DEFAULT_PKCS11_PROVIDER="${libdir}/opensc-pkcs11${DYN_LIB_EXT}"
2019-03-18 22:08:58 +00:00
DEFAULT_ONEPIN_PKCS11_PROVIDER="${libdir}/onepin-opensc-pkcs11${DYN_LIB_EXT}"
2017-07-17 20:53:07 +00:00
else
DEFAULT_PKCS11_PROVIDER="%PROGRAMFILES%\\\OpenSC Project\\\OpenSC\\\pkcs11\\\opensc-pkcs11.dll"
2019-03-18 22:08:58 +00:00
DEFAULT_ONEPIN_PKCS11_PROVIDER="%PROGRAMFILES%\\\OpenSC Project\\\OpenSC\\\pkcs11\\\onepin-opensc-pkcs11.dll"
2017-07-17 20:53:07 +00:00
fi
2014-12-19 21:12:25 +00:00
else
DEFAULT_PKCS11_PROVIDER="${with_pkcs11_provider}"
2019-03-18 22:08:58 +00:00
DEFAULT_ONEPIN_PKCS11_PROVIDER="${with_pkcs11_provider}"
2014-12-19 21:12:25 +00:00
fi
2010-10-05 20:34:58 +00:00
if test "${enable_man}" = "detect"; then
if test "${WIN32}" = "yes"; then
enable_man="no"
2010-10-21 12:17:51 +00:00
elif test -n "${XSLTPROC}" -a "${xslstylesheetsdir}" != "no"; then
2010-10-05 20:34:58 +00:00
enable_man="yes"
else
enable_man="no"
fi
fi
if test "${enable_man}" = "yes" -o "${enable_doc}" = "yes"; then
AC_MSG_CHECKING([XSLTPROC requirement])
2011-06-07 09:28:25 +00:00
test -n "${XSLTPROC}" || AC_MSG_ERROR([Missing XSLTPROC])
2010-10-21 04:28:01 +00:00
test "${xslstylesheetsdir}" != "no" || AC_MSG_ERROR([Missing xslstylesheetsdir])
2010-10-05 20:34:58 +00:00
AC_MSG_RESULT([ok])
fi
2015-11-06 07:24:16 +00:00
AC_ARG_VAR([GENGETOPT],
[absolute path to gengetopt used for command line parsing of npa-tool])
AC_PATH_PROG(GENGETOPT, gengetopt, not found)
2019-05-03 23:53:55 +00:00
AC_ARG_VAR([CLANGTIDY],
[absolute path to clang-tidy used for static code analysis])
AC_PATH_PROG(CLANGTIDY, clang-tidy, not found)
2020-12-11 19:18:36 +00:00
TIDY_CHECKS="-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling"
2015-11-06 07:24:16 +00:00
2019-03-14 22:24:23 +00:00
AX_FUNC_GETOPT_LONG
#AH_BOTTOM([#include "common/compat_getopt.h"])
2008-03-06 16:06:59 +00:00
OPENSC_FEATURES=""
2015-12-01 08:19:03 +00:00
if test "${enable_thread_locking}" = "yes"; then
OPENSC_FEATURES="${OPENSC_FEATURES} locking"
fi
2008-03-06 16:06:59 +00:00
if test "${enable_zlib}" = "yes"; then
OPENSC_FEATURES="${OPENSC_FEATURES} zlib"
OPTIONAL_ZLIB_CFLAGS="${ZLIB_CFLAGS}"
OPTIONAL_ZLIB_LIBS="${ZLIB_LIBS}"
fi
if test "${enable_readline}" = "yes"; then
OPENSC_FEATURES="${OPENSC_FEATURES} readline"
OPTIONAL_READLINE_CFLAGS="${READLINE_CFLAGS}"
OPTIONAL_READLINE_LIBS="${READLINE_LIBS}"
fi
if test "${enable_openssl}" = "yes"; then
OPENSC_FEATURES="${OPENSC_FEATURES} openssl"
OPTIONAL_OPENSSL_CFLAGS="${OPENSSL_CFLAGS}"
OPTIONAL_OPENSSL_LIBS="${OPENSSL_LIBS}"
fi
if test "${enable_openct}" = "yes"; then
OPENSC_FEATURES="${OPENSC_FEATURES} openct"
OPTIONAL_OPENCT_CFLAGS="${OPENCT_CFLAGS}"
OPTIONAL_OPENCT_LIBS="${OPENCT_LIBS}"
fi
2008-10-27 19:16:28 +00:00
if test "${enable_pcsc}" = "yes"; then
OPENSC_FEATURES="${OPENSC_FEATURES} pcsc(${DEFAULT_PCSC_PROVIDER})"
OPTIONAL_PCSC_CFLAGS="${PCSC_CFLAGS}"
fi
2017-02-07 14:45:10 +00:00
if test "${enable_cryptotokenkit}" = "yes"; then
OPTIONAL_CRYPTOTOKENKIT_CFLAGS="${CRYPTOTOKENKIT_CFLAGS}"
fi
2009-11-15 18:03:04 +00:00
if test "${enable_ctapi}" = "yes"; then
OPENSC_FEATURES="${OPENSC_FEATURES} ctapi"
fi
2016-08-25 16:11:01 +00:00
if test "${enable_minidriver}" = "yes"; then
AC_MSG_CHECKING([WiX SDK])
AC_CHECK_HEADERS([wcautil.h],[enable_minidriver_ca="yes"],[enable_minidriver_ca="no"])
if test "${enable_minidriver_ca}" = "yes"; then
AC_MSG_RESULT([found, minidriver setup custom action will be built])
else
AC_MSG_RESULT([not found, minidriver setup custom action will be skipped])
fi
else
enable_minidriver_ca="no"
fi
2009-01-19 13:32:29 +00:00
AC_DEFINE_UNQUOTED([OPENSC_VERSION_MAJOR], [${OPENSC_VERSION_MAJOR}], [OpenSC version major component])
AC_DEFINE_UNQUOTED([OPENSC_VERSION_MINOR], [${OPENSC_VERSION_MINOR}], [OpenSC version minor component])
AC_DEFINE_UNQUOTED([OPENSC_VERSION_FIX], [${OPENSC_VERSION_FIX}], [OpenSC version fix component])
2016-03-01 10:41:00 +00:00
AC_DEFINE_UNQUOTED([OPENSC_VERSION_REVISION], [${OPENSC_VERSION_REVISION}], [OpenSC file version revision])
AC_DEFINE_UNQUOTED([OPENSC_SCM_REVISION], ["${OPENSC_SCM_REVISION}"], [OpenSC version Git describe revision])
2008-03-06 16:06:59 +00:00
AC_DEFINE_UNQUOTED([OPENSC_FEATURES], ["${OPENSC_FEATURES}"], [Enabled OpenSC features])
2015-12-08 23:57:28 +00:00
AC_DEFINE_UNQUOTED([OPENSC_VS_FF_LEGAL_COPYRIGHT], ["${OPENSC_VS_FF_LEGAL_COPYRIGHT}"], [OpenSC version-info LegalCopyright value])
AC_DEFINE_UNQUOTED([OPENSC_VS_FF_COMPANY_NAME], ["${OPENSC_VS_FF_COMPANY_NAME}"], [OpenSC version-info CompanyName value])
AC_DEFINE_UNQUOTED([OPENSC_VS_FF_COMMENTS], ["${OPENSC_VS_FF_COMMENTS}"], [OpenSC version-info Comments])
AC_DEFINE_UNQUOTED([OPENSC_VS_FF_PRODUCT_NAME], ["${OPENSC_VS_FF_PRODUCT_NAME}"], [OpenSC version-info ProductName])
AC_DEFINE_UNQUOTED([OPENSC_VS_FF_PRODUCT_UPDATES], ["${OPENSC_VS_FF_PRODUCT_UPDATES}"], [OpenSC version-info UpdateURL])
AC_DEFINE_UNQUOTED([OPENSC_VS_FF_PRODUCT_URL], ["${OPENSC_VS_FF_PRODUCT_URL}"], [OpenSC version-info ProductURL])
AC_DEFINE_UNQUOTED([OPENSC_VS_FF_COMPANY_URL], ["${OPENSC_VS_FF_COMPANY_URL}"], [OpenSC version-info UpdateURL])
2013-12-29 18:07:31 +00:00
2008-03-06 16:06:59 +00:00
pkcs11dir="\$(libdir)/pkcs11"
AC_SUBST([pkcs11dir])
AC_SUBST([xslstylesheetsdir])
AC_SUBST([OPENSC_VERSION_MAJOR])
AC_SUBST([OPENSC_VERSION_MINOR])
AC_SUBST([OPENSC_VERSION_FIX])
2013-12-29 17:33:34 +00:00
AC_SUBST([OPENSC_VERSION_REVISION])
2016-03-01 10:41:00 +00:00
AC_SUBST([OPENSC_SCM_REVISION])
2013-12-29 18:07:31 +00:00
AC_SUBST([OPENSC_VS_FF_LEGAL_COPYRIGHT])
AC_SUBST([OPENSC_VS_FF_COMPANY_NAME])
AC_SUBST([OPENSC_VS_FF_COMMENTS])
AC_SUBST([OPENSC_VS_FF_PRODUCT_NAME])
2015-09-14 20:11:49 +00:00
AC_SUBST([OPENSC_VS_FF_PRODUCT_UPDATES])
AC_SUBST([OPENSC_VS_FF_PRODUCT_URL])
AC_SUBST([OPENSC_VS_FF_COMPANY_URL])
2008-03-06 16:06:59 +00:00
AC_SUBST([OPENSC_LT_CURRENT])
AC_SUBST([OPENSC_LT_REVISION])
AC_SUBST([OPENSC_LT_AGE])
2008-03-15 13:24:44 +00:00
AC_SUBST([OPENSC_LT_OLDEST])
2008-03-15 11:05:26 +00:00
AC_SUBST([WIN_LIBPREFIX])
2008-04-02 05:44:12 +00:00
AC_SUBST([DEFAULT_PCSC_PROVIDER])
2014-12-19 21:12:25 +00:00
AC_SUBST([DEFAULT_PKCS11_PROVIDER])
2019-03-18 22:08:58 +00:00
AC_SUBST([DEFAULT_ONEPIN_PKCS11_PROVIDER])
2008-03-06 16:06:59 +00:00
AC_SUBST([OPTIONAL_ZLIB_CFLAGS])
AC_SUBST([OPTIONAL_ZLIB_LIBS])
AC_SUBST([OPTIONAL_READLINE_CFLAGS])
AC_SUBST([OPTIONAL_READLINE_LIBS])
AC_SUBST([OPTIONAL_OPENSSL_CFLAGS])
AC_SUBST([OPTIONAL_OPENSSL_LIBS])
AC_SUBST([OPTIONAL_OPENCT_CFLAGS])
AC_SUBST([OPTIONAL_OPENCT_LIBS])
2008-10-27 19:16:28 +00:00
AC_SUBST([OPTIONAL_PCSC_CFLAGS])
2010-02-05 21:39:28 +00:00
AC_SUBST([LIBRARY_BITNESS])
2012-06-04 07:26:56 +00:00
AC_SUBST([DEFAULT_SM_MODULE])
2015-09-30 06:20:19 +00:00
AC_SUBST([DEFAULT_SM_MODULE_PATH])
2012-06-04 07:26:56 +00:00
AC_SUBST([DEBUG_FILE])
2015-09-30 06:20:19 +00:00
AC_SUBST([PROFILE_DIR])
AC_SUBST([PROFILE_DIR_DEFAULT])
2017-05-24 10:46:42 +00:00
AC_SUBST([OPTIONAL_NOTIFY_CFLAGS])
AC_SUBST([OPTIONAL_NOTIFY_LIBS])
2020-12-11 19:18:36 +00:00
AC_SUBST([TIDY_CHECKS])
2008-03-06 16:06:59 +00:00
AM_CONDITIONAL([ENABLE_MAN], [test "${enable_man}" = "yes"])
2015-12-01 08:19:03 +00:00
AM_CONDITIONAL([ENABLE_THREAD_LOCKING], [test "${enable_thread_locking}" = "yes"])
2008-03-06 16:06:59 +00:00
AM_CONDITIONAL([ENABLE_ZLIB], [test "${enable_zlib}" = "yes"])
AM_CONDITIONAL([ENABLE_READLINE], [test "${enable_readline}" = "yes"])
AM_CONDITIONAL([ENABLE_OPENSSL], [test "${enable_openssl}" = "yes"])
2017-03-23 15:45:31 +00:00
AM_CONDITIONAL([ENABLE_OPENPACE], [test "${enable_openpace}" = "yes"])
2017-02-07 14:45:10 +00:00
AM_CONDITIONAL([ENABLE_CRYPTOTOKENKIT], [test "${enable_cryptotokenkit}" = "yes"])
2017-03-23 15:45:31 +00:00
AM_CONDITIONAL([ENABLE_OPENCT], [test "${enable_openct}" = "yes"])
2008-03-06 16:06:59 +00:00
AM_CONDITIONAL([ENABLE_DOC], [test "${enable_doc}" = "yes"])
AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
AM_CONDITIONAL([CYGWIN], [test "${CYGWIN}" = "yes"])
2011-04-12 07:40:12 +00:00
AM_CONDITIONAL([ENABLE_MINIDRIVER], [test "${enable_minidriver}" = "yes"])
2016-08-25 16:11:01 +00:00
AM_CONDITIONAL([ENABLE_MINIDRIVER_SETUP_CUSTOMACTION], [test "${enable_minidriver_ca}" = "yes"])
2012-06-04 07:26:56 +00:00
AM_CONDITIONAL([ENABLE_SM], [test "${enable_sm}" = "yes"])
2013-06-13 15:12:07 +00:00
AM_CONDITIONAL([ENABLE_DNIE_UI], [test "${enable_dnie_ui}" = "yes"])
2015-11-06 07:24:16 +00:00
AM_CONDITIONAL([ENABLE_NPATOOL], [test "${ENABLE_NPATOOL}" = "yes"])
2019-03-18 22:08:58 +00:00
AM_CONDITIONAL([ENABLE_AUTOSTART], [test "${enable_autostart}" = "yes"])
2019-06-03 05:56:56 +00:00
AM_CONDITIONAL([ENABLE_CMOCKA], [test "${enable_cmocka}" = "yes"])
2014-04-29 14:56:15 +00:00
AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"])
2019-06-03 05:56:56 +00:00
AM_CONDITIONAL([ENABLE_FUZZING], [test "${enable_fuzzing}" = "yes"])
2019-01-18 15:13:57 +00:00
AM_CONDITIONAL([ENABLE_SHARED], [test "${enable_shared}" = "yes"])
AS_IF([test "${enable_shared}" = "yes"], [AC_DEFINE([ENABLE_SHARED], [1], [Enable shared libraries])])
2008-03-06 16:06:59 +00:00
if test "${enable_pedantic}" = "yes"; then
enable_strict="yes";
2020-02-05 10:08:00 +00:00
CFLAGS="-pedantic ${CFLAGS}"
2008-03-06 16:06:59 +00:00
fi
if test "${enable_strict}" = "yes"; then
2021-02-25 10:25:25 +00:00
CFLAGS="-Wall -Wextra -Wno-unused-parameter -Werror -Wstrict-aliasing=2 ${CFLAGS}"
2008-03-06 16:06:59 +00:00
fi
2013-05-07 13:27:23 +00:00
2008-06-05 17:03:47 +00:00
AC_CONFIG_FILES([
2008-03-06 16:06:59 +00:00
Makefile
doc/Makefile
2011-08-15 08:48:17 +00:00
doc/tools/Makefile
2018-05-31 17:06:17 +00:00
doc/files/Makefile
2008-03-06 16:06:59 +00:00
etc/Makefile
2018-11-29 14:27:02 +00:00
tests/Makefile
2008-03-06 16:06:59 +00:00
src/Makefile
src/common/Makefile
2017-05-24 10:46:42 +00:00
src/ui/Makefile
2008-03-06 16:06:59 +00:00
src/libopensc/Makefile
2015-11-06 07:24:16 +00:00
src/sm/Makefile
2008-03-06 16:06:59 +00:00
src/pkcs11/Makefile
2013-12-29 18:20:59 +00:00
src/pkcs11/versioninfo-pkcs11.rc
src/pkcs11/versioninfo-pkcs11-spy.rc
2016-08-02 06:37:33 +00:00
src/pkcs11/opensc-pkcs11.pc
2008-03-06 16:06:59 +00:00
src/pkcs15init/Makefile
src/scconf/Makefile
src/tests/Makefile
src/tests/regression/Makefile
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
src/tests/p11test/Makefile
2019-06-03 05:56:56 +00:00
src/tests/fuzzing/Makefile
2019-10-15 14:38:49 +00:00
src/tests/unittests/Makefile
2008-03-06 16:06:59 +00:00
src/tools/Makefile
2013-12-29 18:20:59 +00:00
src/tools/versioninfo-tools.rc
2017-08-02 15:14:26 +00:00
src/tools/versioninfo-opensc-notify.rc
2013-01-04 20:08:42 +00:00
src/smm/Makefile
2011-04-12 07:40:12 +00:00
src/minidriver/Makefile
2013-12-29 18:20:59 +00:00
src/minidriver/versioninfo-minidriver.rc
2011-04-12 07:40:12 +00:00
src/minidriver/opensc-minidriver.inf
2008-03-06 16:06:59 +00:00
win32/Makefile
2010-02-02 14:50:42 +00:00
win32/versioninfo.rc
2015-04-25 17:30:31 +00:00
win32/versioninfo-customactions.rc
2010-03-04 08:14:36 +00:00
win32/winconfig.h
2010-12-30 15:10:06 +00:00
win32/OpenSC.iss
2011-04-04 10:35:28 +00:00
win32/OpenSC.wxs
2011-04-20 12:14:44 +00:00
MacOSX/Makefile
MacOSX/build-package
2013-12-18 09:48:02 +00:00
MacOSX/Distribution.xml
MacOSX/resources/Welcome.html
2008-03-06 16:06:59 +00:00
])
2019-08-20 13:17:14 +00:00
2008-06-05 17:03:47 +00:00
AC_OUTPUT
2008-03-06 16:06:59 +00:00
cat <<EOF
OpenSC has been configured with the following options:
Version: ${PACKAGE_VERSION}
2015-09-14 20:11:49 +00:00
Version fix: ${OPENSC_VERSION_FIX}
Version revision: ${OPENSC_VERSION_REVISION}
2016-03-01 10:41:00 +00:00
Git revision: ${OPENSC_SCM_REVISION}
2013-12-29 17:33:34 +00:00
2014-04-29 14:56:15 +00:00
Copyright: ${OPENSC_VS_FF_LEGAL_COPYRIGHT}
Company: ${OPENSC_VS_FF_COMPANY_NAME}
2015-09-14 20:11:49 +00:00
Company URL: ${OPENSC_VS_FF_COMPANY_URL}
2014-04-29 14:56:15 +00:00
Comments: ${OPENSC_VS_FF_COMMENTS}
Product name: ${OPENSC_VS_FF_PRODUCT_NAME}
2015-09-14 20:11:49 +00:00
Product updates: ${OPENSC_VS_FF_PRODUCT_UPDATES}
Product URL: ${OPENSC_VS_FF_PRODUCT_URL}
2014-04-29 14:56:15 +00:00
2008-03-06 16:06:59 +00:00
User binaries: $(eval eval eval echo "${bindir}")
Configuration files: $(eval eval eval echo "${sysconfdir}")
2018-07-11 19:55:05 +00:00
Bash completion: ${completiondir}
2008-03-06 16:06:59 +00:00
XSL stylesheets: ${xslstylesheetsdir}
man support: ${enable_man}
doc support: ${enable_doc}
2015-12-01 08:19:03 +00:00
thread locking support: ${enable_thread_locking}
2008-03-06 16:06:59 +00:00
zlib support: ${enable_zlib}
readline support: ${enable_readline}
OpenSSL support: ${enable_openssl}
2018-11-05 10:16:04 +00:00
OpenSSL secure memory: ${enable_openssl_secure_malloc}
2008-03-06 16:06:59 +00:00
PC/SC support: ${enable_pcsc}
2017-02-07 14:45:10 +00:00
CryptoTokenKit support: ${enable_cryptotokenkit}
2008-03-06 16:06:59 +00:00
OpenCT support: ${enable_openct}
2009-11-15 18:03:04 +00:00
CT-API support: ${enable_ctapi}
2011-04-12 07:40:12 +00:00
minidriver support: ${enable_minidriver}
2012-06-04 07:26:56 +00:00
SM support: ${enable_sm}
SM default module: ${DEFAULT_SM_MODULE}
2018-07-14 02:16:39 +00:00
SM default path: $(eval eval eval echo "${DEFAULT_SM_MODULE_PATH}")
2013-06-13 15:12:07 +00:00
DNIe UI support: ${enable_dnie_ui}
2017-05-24 10:46:42 +00:00
Notification support: ${enable_notify}
2019-11-06 17:34:52 +00:00
Code coverage: ${enable_code_coverage}
2008-03-06 16:06:59 +00:00
2008-04-02 05:44:12 +00:00
PC/SC default provider: ${DEFAULT_PCSC_PROVIDER}
2018-07-14 02:16:39 +00:00
PKCS11 default provider: $(eval eval eval echo "${DEFAULT_PKCS11_PROVIDER}")
2019-03-18 22:08:58 +00:00
PKCS11 onepin provider: $(eval eval eval echo "${DEFAULT_ONEPIN_PKCS11_PROVIDER}")
2008-03-24 16:05:31 +00:00
2008-03-06 16:06:59 +00:00
Host: ${host}
Compiler: ${CC}
Preprocessor flags: ${CPPFLAGS}
Compiler flags: ${CFLAGS}
Linker flags: ${LDFLAGS}
Libraries: ${LIBS}
READLINE_CFLAGS: ${READLINE_CFLAGS}
READLINE_LIBS: ${READLINE_LIBS}
ZLIB_CFLAGS: ${ZLIB_CFLAGS}
ZLIB_LIBS: ${ZLIB_LIBS}
OPENSSL_CFLAGS: ${OPENSSL_CFLAGS}
OPENSSL_LIBS: ${OPENSSL_LIBS}
2015-11-06 07:24:16 +00:00
OPENPACE_CFLAGS: ${OPENPACE_CFLAGS}
OPENPACE_LIBS: ${OPENPACE_LIBS}
2008-03-06 16:06:59 +00:00
OPENCT_CFLAGS: ${OPENCT_CFLAGS}
OPENCT_LIBS: ${OPENCT_LIBS}
2008-10-27 19:16:28 +00:00
PCSC_CFLAGS: ${PCSC_CFLAGS}
2017-02-07 14:45:10 +00:00
CRYPTOTOKENKIT_CFLAGS: ${CRYPTOTOKENKIT_CFLAGS}
2017-06-08 14:10:43 +00:00
GIO2_CFLAGS: ${GIO2_CFLAGS}
GIO2_LIBS: ${GIO2_LIBS}
2019-08-19 14:15:05 +00:00
FUZZING_LIBS: ${FUZZING_LIBS}
2008-03-06 16:06:59 +00:00
EOF