Add a script that uses openssl to create the test data we are using
in the TPM 2 code already. Extend this script with TDES 128 and 192 bit
key sizes and tests.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Restrict the number of command line parameters passed to the
fuzz program in order not to overstep command line parameter
size restrictions.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add some missing #define TPM_HAVE_TPM2_DECLARATIONS before the include
of "tpm_library_intern.h" in TPM 2 code so we don't run into compile
errors on RHEL 6 when data types are redefined in TPM 1.2 code.
Previous patch 73cad883ba seems to have missed those.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Remove some cruft that was useful when TPM 2 code was still in the
works but now that things have settled don't need it anymore.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
There were a few issues with the oss-fuzz integration from commit
8373f09854 ("build-sys: add oss-fuzz
support").
When building on OSS-Fuzz, the projects should use the provided CFLAGS
and CXXFLAGS and don't append any extra sanitization / fuzzing flags.
$LIB_FUZZING_ENGINE is defined to set the library to link to, and it
is a c++ library, so we should build fuzzer with c++...
Now --enable-fuzzer is only used for -fsanitize=fuzzer.
Add a tests/fuzz-main.c as fallback, to run the corpus on other builds.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Introduce TPM_NOMAINTENANCE_COMMANDS #define to build the TPM 1.2 code
without maintenance commands support. The state for the maintenance
commands has been written out so far, so we have to leave this part
alive even though nothing can be done with the maintenance key anymore.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
There are several functions in the code that do not have a caller.
Deactivate all of them to get higher coverage of the code.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add the option -b ./src for proper path creation. Exclude the test
dir to avoid malformed path creation. Also exclude the swtpm dir
since nothing interesting is to be found there.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This script will permit integration with Google OSS-FUZZ
https://github.com/google/oss-fuzz
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Leave a note in the TPMLIB_RegisterCallbacks() function about
the effects of leaving the store- and loaddata functions in the
interface unset.
Leave another not in TPMLIB_MainInit() to not use the library without
calling TPMLIB_RegiserCallbacks().
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend the existing test case with extending PCR 10 and reading back
the result, then storing the state blobs and setting them and checking
the value of PCR 10 again.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When no callbacks are set and the plain NVChip file is used it wasn't
possible to save the state of the TPM 2 after a TPMLIB_Terminate()
TPMLIB_MainInit() sequence with a cached state (TPMLIB_SetState) since
in this case the NVRAM was not initialized. We now initialize the NV
in case no callback for restoring the state is set.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Split off the part that was handling the NVChip file in _plat__NVEnable
and call this new function _plat__NVEnable_ChipFile so we can call it
separately in case the caller works with the plain NVChip file.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some OpenSSL EC API calls are deprecated starting in OpenSSL 1.2
and may fail the build due to the #warning they produce.
The affected functions have been renamed and consolidated with
other functions inside OpenSSL:
- EC_POINT_set_affine_coorindates_GFp
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/ec/ec_lib.c#L730
- EC_POINT_get_affine_coordinates_GFp
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/ec/ec_lib.c#L768
On both functions the suffix _GFp has been removed by the renaming.
We need to call the new functions if OPENSSL_API_COMPAT is defined
and is >= 0x10200000L.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some man pages were not installed due to a typo in the name of
the variable. This patch fixes the issue.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Set the version to 0.6.0-1 for a release. Cheat a bit on the previous
version by changing the suffix to ~dev from -dev.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix Architecture and Depends entries of libtpms-dev in control file.
Thanks to alex@strugee.net for pointing this out in PR#22.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix the lintian complaint about wrong package name for the shared library.
Thanks to alex@strugee.net for pointing this out in PR#22.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Also test-compile on OS X. The 'distcheck' target cannot be used
since it results in deplicate symbol errors while linking (no idea
why it happens only with distcheck).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Build libtpms with code coverage enabled and run the swtpm test
suite on it.
Unfortunately cpp-coveralls has a problem creating correct file paths when
collecting the results so that the coverage results are not correctly sub-
mitted to coveralls.io. The issue may stem from the fact that the
Makefile.am in src/ contains rules for source files in subdirs src/tmp12/
and src/tpm2/ etc. I hope that this issue can be fixed at some point.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Allow the user to pass in the CFLAGS. Previously they were overwritten
with -O2 -g, which are the default CFLAGS if none are passed.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add support for --enable-test-coverage that sets additional CFLAGS
and LDFLAGS.
gcov creates files with suffixes .gcov, .gcno, and .gcda that we
need clean up in a few directories.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a matrix: part so we can test on multiple systems concurrently and
make the script use environment variables.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Do not fail the entire test run in case of a failure but display an
error message instead and continue running tests.
Errors may happen in very rare cases and we just continue then while
assuming the output is logged.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
CryptRandStartup() did not propagate initialization errors to the caller
but always returned TRUE. We now return the initialization errors and
display an error message and some state variables.
This error should almost never occur, but the fuzzer was able to trigger
it with rev 146 when the random number generated returned 32 bit numbers only
and the same 32 bit number was returned as the one before it. With rev 150
the random number generating function now returns as many random numbers as
the caller requested and this error is not getting triggered anymore.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
