Switch the ECDSA signature verification to OpenSSL. Do the signature
creation in the next step so we can verify the creation / verification
against the original TPM 2 code.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
OpenSSL's crypto library does not support all crypto functionality
we need in all versions. Elliptic curve support via EVP seems to
have been added much later than for example symmetric crypto support.
So, we move the USE_OPENSSL_FUNCTIONS out of Implementation.h
into configure.ac and let the build system detect what functionality
is available in the crypto library. In this patch we now also rename
USE_OPENSSL_FUNCTIONS to USE_OPENSSL_FUNCTIONS_SYMMETRIC to indicate
that we can use the symmetric crypto functions of the crypto lib.
Using the OpenSSL crypto support is enabled by default, so one has
to use --disable-use-openssl-functions, which we do for Travis now.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
There were a few issues with the oss-fuzz integration from commit
8373f09854 ("build-sys: add oss-fuzz
support").
When building on OSS-Fuzz, the projects should use the provided CFLAGS
and CXXFLAGS and don't append any extra sanitization / fuzzing flags.
$LIB_FUZZING_ENGINE is defined to set the library to link to, and it
is a c++ library, so we should build fuzzer with c++...
Now --enable-fuzzer is only used for -fsanitize=fuzzer.
Add a tests/fuzz-main.c as fallback, to run the corpus on other builds.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Allow the user to pass in the CFLAGS. Previously they were overwritten
with -O2 -g, which are the default CFLAGS if none are passed.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add support for --enable-test-coverage that sets additional CFLAGS
and LDFLAGS.
gcov creates files with suffixes .gcov, .gcno, and .gcda that we
need clean up in a few directories.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Older versions of gcc need some input file to compile so that
we learn whether -fstack-protector-strong is supported.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The linker on FreeBSD seems to be broken and fails for other reasons
when testing for support of the --version-script flag. The error
that is reported is:
local symbol 'environ' in /usr/lib/crt1.o is referenced by DSO.
Also __progname is needed.
To work around this problem we add a test.syms file that only has
these two symbols in it, which is enough for the test in
configure.ac and gives version script support in case of the
broken linker.
On FreeBSD TPM 1.2 related tests were failing due to test case 6
failures in case no linker script was used. (Very odd.) This patch
fixes this problem.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check whether the linker supports the linker flag --version-script.
The OS X linkwer does not seem to support it.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Now that patches for writing the state into files and extensions
to their headers have all been applied we can build the TPM 2
code into the library.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce --with-tpm2 for ./configure to enable building with
TPM 2 functionality. Delay the building of TPM 2 code until more
patches are applied and the vTPM state that's created has a chance
of being backwards compatible.
Extend the libtpms API to allow user to choose version of TPM.
Missing functionality at this point:
- TPM 2 needs to be extended to serialize and deserialize its volatile state
- Handling of the establishment bit
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The Travis build of swtpm now has a problem due to missing ltmain.sh. Add
AC_CONFIG_AUX_DIR to configure.ac to resolve the issue.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Some version of gcc fail with -Wstack-protector due to some functions
not being protectable. Disable this option.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Move all TPM1.2 code to src/tpm12 directory. Adapt the Makefile.am
to point to tpm12 directory for the TPM1.2 sources.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Disable the volatile storage debug for a debug build since this
causes the volatile state file to be written and this changes
the behavior upon a restart of the TPM. This may cause the TPM to
not work correctly then.
Print out some more build parameters.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check ld for availability of relro and now flags and add them to the
hardening cflags if available.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add a check for missing freebl header blapi.h (missing in Ubuntu)
and missing freebl static library that provides AES_CreateContext.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Ubuntu has different package names that need to be documented separtely.
Ubuntu requires exec_prefix in the libtpms.pc file for pkg-config to work.
Rework some of the configure.ac parts.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Set the version of the library to 0.5.2.
Synchronize the rpm spec with the one used in Fedora and set the release
version to 1.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use bootstrap.sh before running configure when building an rpm.
Reorder the tools in bootstrap.sh to avoid error messages.
Rename configure.in to configure.ac to quite down more recent autotools.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Joel Schopp <jschopp@linux.vnet.ibm.com>
