diff --git a/.github/scan-build.sh b/.github/scan-build.sh new file mode 100755 index 00000000..e98f618e --- /dev/null +++ b/.github/scan-build.sh @@ -0,0 +1,6 @@ +#!/bin/sh +scan-build --html-title="PKCS#11 Provider ($GITHUB_SHA)" \ + --keep-cc \ + --status-bugs \ + --keep-going \ + "$@" diff --git a/.github/workflows/address-sanitizer.yml b/.github/workflows/address-sanitizer.yml index 920275ff..340e787b 100644 --- a/.github/workflows/address-sanitizer.yml +++ b/.github/workflows/address-sanitizer.yml @@ -27,8 +27,8 @@ jobs: - name: Install Dependencies run: | if [ -f /etc/fedora-release ]; then - dnf -y install git clang gcc automake libtool pkgconf-pkg-config \ - autoconf-archive openssl-devel openssl diffutils expect \ + dnf -y install git clang gcc pkgconf-pkg-config meson \ + openssl-devel openssl diffutils expect \ softhsm opensc p11-kit-devel p11-kit-server gnutls-utils \ nss-softokn nss-tools nss-softokn-devel \ dnf-command\(debuginfo-install\) libasan @@ -36,8 +36,8 @@ jobs: elif [ -f /etc/debian_version ]; then cat .github/sid.debug.list > /etc/apt/sources.list.d/debug.list apt-get -q update - apt-get -yq install git gcc clang make automake \ - libtool pkg-config autoconf-archive libssl-dev openssl expect \ + apt-get -yq install git gcc clang meson \ + pkg-config libssl-dev openssl expect \ procps libnss3 libnss3-tools libnss3-dev softhsm2 opensc p11-kit \ libp11-kit-dev p11-kit-modules gnutls-bin \ openssl-dbgsym libssl3t64-dbgsym @@ -47,23 +47,23 @@ jobs: # that is not compabitlbe with LD_PRELOAD so we force the absolute path. run: | if [ -f /etc/fedora-release ]; then - autoreconf -fiv CC=gcc \ - ./configure --with-address-sanitizer=/usr/lib64/libasan.so.8.0.0 + meson setup builddir -Db_sanitize=address -Dpreload_libasan=/usr/lib64/libasan.so.8.0.0 elif [ -f /etc/debian_version ]; then - autoreconf -fiv CC=gcc \ - ./configure --with-address-sanitizer + meson setup builddir -Db_sanitize=address -Dpreload_libasan=/usr/lib/x86_64-linux-gnu/libasan.so.8.0.0 fi - name: Build and Test - run: make check + run: | + meson compile -C builddir + meson test --num-processes 1 -C builddir - uses: actions/upload-artifact@v3 if: failure() with: name: Address sanitizer logs on ${{ matrix.name }} path: | - tests/*.log - tests/openssl.cnf - tests/tmp.${{ matrix.token }}/p11prov-debug.log - tests/tmp.${{ matrix.token }}/testvars - config.log + builddir/meson-logs/ + builddir/tests/tmp.${{ matrix.token }}/p11prov-debug.log + builddir/tests/tmp.${{ matrix.token }}/testvars + builddir/tests/tmp.${{ matrix.token }}/openssl.cnf + diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 376b201a..b27a6dce 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,9 +28,13 @@ jobs: steps: - name: Install Dependencies run: | + if [ "${{ matrix.name }}" = centos ]; then + dnf_opts="--enablerepo=crb" + fi if [ -f /etc/redhat-release ]; then - dnf -y install git ${{ matrix.compiler }} automake libtool \ - pkgconf-pkg-config autoconf-archive openssl-devel openssl \ + dnf -y install $dnf_opts \ + git ${{ matrix.compiler }} meson \ + pkgconf-pkg-config openssl-devel openssl \ diffutils expect valgrind if [ "${{ matrix.token }}" = "softokn" ]; then dnf -y install nss-softokn nss-tools nss-softokn-devel @@ -40,8 +44,8 @@ jobs: fi elif [ -f /etc/debian_version ]; then apt-get -q update - apt-get -yq install git ${{ matrix.compiler }} make automake \ - libtool pkg-config autoconf-archive libssl-dev openssl expect \ + apt-get -yq install git ${{ matrix.compiler }} meson \ + pkg-config libssl-dev openssl expect \ valgrind procps if [ "${{ matrix.token }}" = "softokn" ]; then apt-get -yq install libnss3 libnss3-tools libnss3-dev @@ -54,35 +58,34 @@ jobs: uses: actions/checkout@v4 - name: Setup run: | - autoreconf -fiv - CC=${{ matrix.compiler }} ./configure + CC=${{ matrix.compiler }} meson setup builddir - name: Build and Test - run: make check + run: | + meson compile -C builddir + meson test --num-processes 1 -C builddir - uses: actions/upload-artifact@v3 if: failure() with: name: Test logs ${{ matrix.name }}, ${{ matrix.compiler }}, ${{ matrix.token }} path: | - tests/*.log - tests/openssl.cnf - tests/tmp.${{ matrix.token }}/p11prov-debug.log - tests/tmp.${{ matrix.token }}/testvars - config.log + builddir/meson-logs/ + builddir/tests/tmp.${{ matrix.token }}/p11prov-debug.log + builddir/tests/tmp.${{ matrix.token }}/testvars + builddir/tests/tmp.${{ matrix.token }}/openssl.cnf - name: Run tests with valgrind run: | if [ "${{ matrix.compiler }}" = "gcc" ]; then - make check-valgrind-memcheck + meson test --num-processes 1 -C builddir --setup=valgrind fi - uses: actions/upload-artifact@v3 if: failure() with: name: Test valgrind logs ${{ matrix.name }}, ${{ matrix.compiler }}, ${{ matrix.token }} path: | - tests/*.log - tests/openssl.cnf - tests/tmp.${{ matrix.token }}/p11prov-debug.log - tests/tmp.${{ matrix.token }}/testvars - config.log + builddir/meson-logs/ + builddir/tests/tmp.${{ matrix.token }}/p11prov-debug.log + builddir/tests/tmp.${{ matrix.token }}/testvars + builddir/tests/tmp.${{ matrix.token }}/openssl.cnf build-macos: name: CI with software token runs-on: ${{ matrix.os }} @@ -96,9 +99,7 @@ jobs: run: | brew update brew install \ - autoconf-archive \ - automake \ - libtool \ + meson \ openssl@3 \ pkg-config if [ "${{ matrix.token }}" = "softokn" ]; then @@ -116,21 +117,20 @@ jobs: export PKG_CONFIG_PATH=$(brew --prefix openssl@3)/lib/pkgconfig export PATH=$(brew --prefix openssl@3)/bin:$PATH - autoreconf -fiv - CC=clang ./configure + CC=clang meson setup builddir - name: Build and Test run: | export PATH=$(brew --prefix openssl@3)/bin:$PATH - make -j$(sysctl -n hw.ncpu || echo 2) - make check + meson compile -j$(sysctl -n hw.ncpu || echo 2) -C builddir + meson test --num-processes 1 -C builddir - uses: actions/upload-artifact@v3 if: failure() with: name: Test logs on macOS-12 with ${{ matrix.token }} path: | - tests/*.log - tests/openssl.cnf - tests/tmp.${{ matrix.token }}/p11prov-debug.log - tests/tmp.${{ matrix.token }}/testvars - config.log + builddir/meson-logs/* + builddir/tests/tmp.${{ matrix.token }}/p11prov-debug.log + builddir/tests/tmp.${{ matrix.token }}/testvars + builddir/tests/tmp.${{ matrix.token }}/openssl.cnf + diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml index d5541e8c..78918c39 100644 --- a/.github/workflows/coverity-scan.yml +++ b/.github/workflows/coverity-scan.yml @@ -18,15 +18,16 @@ jobs: steps: - name: Install Dependencies run: | - dnf -y install git gcc automake libtool pkgconf-pkg-config \ - autoconf-archive openssl-devel openssl \ + dnf -y install git gcc meson pkgconf-pkg-config \ + openssl-devel openssl \ nss-softokn nss-tools nss-softokn-devel - name: Checkout Repository uses: actions/checkout@v4 - name: Setup run: | - autoreconf -fiv - ./configure + meson setup builddir + env: + CC: gcc - name: Check for changes run: | echo "RUN_COV=0" >> $GITHUB_ENV; @@ -54,8 +55,8 @@ jobs: steps: - name: Install Dependencies run: | - dnf -y install git gcc automake libtool pkgconf-pkg-config \ - autoconf-archive openssl-devel openssl \ + dnf -y install git gcc meson pkgconf-pkg-config \ + openssl-devel openssl \ nss-softokn nss-tools nss-softokn-devel \ gh - name: Find PR @@ -67,8 +68,9 @@ jobs: ref: ${{steps.get-pr.outputs.merge_commit_sha}} - name: Setup run: | - autoreconf -fiv - ./configure + meson setup builddir + env: + CC: gcc - name: Coverity Scan uses: vapier/coverity-scan-action@v1 with: diff --git a/.github/workflows/distcheck.yml b/.github/workflows/distcheck.yml index ca70a1d4..f1f5f841 100644 --- a/.github/workflows/distcheck.yml +++ b/.github/workflows/distcheck.yml @@ -24,16 +24,20 @@ jobs: steps: - name: Install Dependencies run: | + if [ "${{ matrix.name }}" = centos ]; then + dnf_opts="--enablerepo=crb" + fi if [ -f /etc/redhat-release ]; then - dnf -y install git gcc automake libtool expect \ - pkgconf-pkg-config autoconf-archive openssl-devel openssl xz \ + dnf -y install $dnf_opts \ + git gcc meson expect \ + pkgconf-pkg-config openssl-devel openssl xz \ nss-softokn nss-tools nss-softokn-devel \ softhsm opensc p11-kit-devel p11-kit-server \ rpm-build nss-devel gnutls-utils elif [ -f /etc/debian_version ]; then apt-get -q update - apt-get -yq install git gcc make automake expect \ - libtool pkg-config autoconf-archive libssl-dev openssl \ + apt-get -yq install git gcc meson expect \ + pkg-config libssl-dev openssl \ xz-utils libnss3 libnss3-tools libnss3-dev \ softhsm2 opensc p11-kit libp11-kit-dev p11-kit-modules \ gnutls-bin @@ -42,14 +46,17 @@ jobs: uses: actions/checkout@v4 - name: Setup run: | - autoreconf -fiv - ./configure + meson setup builddir - name: Distcheck - run: make distcheck + run: | + git config --global --add safe.directory \ + /__w/pkcs11-provider/pkcs11-provider + git ls-files meson.build + meson dist --no-tests -C builddir - name: RPM Build if: ${{ matrix.name == 'fedora' }} run: | mkdir -p rpmbuild/SOURCES - cp pkcs11-provider*tar.xz rpmbuild/SOURCES/ + cp builddir/meson-dist/pkcs11-provider*tar.xz rpmbuild/SOURCES/ rpmbuild --define "_topdir $PWD/rpmbuild" -ba \ packaging/pkcs11-provider.spec diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index fda4a148..ea2419fb 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -22,15 +22,12 @@ jobs: - name: Checkout Repository uses: actions/checkout@v4 - name: Install Build Requirements - run: | - dnf -y install git autoconf autoconf-archive automake libtool \ - openssl-devel + run: dnf -y install gcc git meson openssl-devel - name: Setup, Build and Install pkcs11-provider run: | - autoreconf -fiv - ./configure --libdir=/usr/lib64 - make - make install + meson setup -Dlibdir=/usr/lib64 builddir + meson compile -C builddir + meson install -C builddir - name: Test run: | pushd tests/integration diff --git a/.github/workflows/scan-build.yml b/.github/workflows/scan-build.yml index 75ea8767..72652277 100644 --- a/.github/workflows/scan-build.yml +++ b/.github/workflows/scan-build.yml @@ -13,24 +13,19 @@ jobs: steps: - name: Install Dependencies run: | - dnf -y install $COMPILER automake libtool pkgconf-pkg-config \ - autoconf-archive git openssl-devel clang-analyzer + dnf -y install $COMPILER meson pkgconf-pkg-config \ + git openssl-devel clang-analyzer - uses: actions/checkout@v4 name: Checkout Repository - name: Setup run: | - autoreconf -fiv - ./configure + meson setup builddir - name: Scan Build run: | - scan-build --html-title="PKCS#11 Provider ($GITHUB_SHA)" \ - --keep-cc \ - --status-bugs \ - --keep-going \ - -o scan-build.reports make + SCANBUILD=$PWD/.github/scan-build.sh ninja -C builddir scan-build - uses: actions/upload-artifact@v3 if: failure() with: name: Scan Build logs path: | - scan-build.reports/ + builddir/meson-logs/scanbuild/ diff --git a/.github/workflows/style.yml b/.github/workflows/style.yml index 4aa5e4e8..b0259809 100644 --- a/.github/workflows/style.yml +++ b/.github/workflows/style.yml @@ -13,14 +13,11 @@ jobs: steps: - name: Install Dependencies run: | - dnf -y install $COMPILER automake libtool pkgconf-pkg-config \ - autoconf-archive git openssl-devel clang-tools-extra \ + dnf -y install gcc meson pkgconf-pkg-config \ + git openssl-devel clang-tools-extra \ python3-pip codespell - name: Checkout Repository uses: actions/checkout@v4 - - name: Install compiledb - run: | - pip install compiledb - name: Setup if: ${{ github.event.pull_request.base.sha }} run: | @@ -29,16 +26,14 @@ jobs: git fetch origin main ${{ github.event.pull_request.base.sha }} - name: Generate Makefile run: | - autoreconf -fiv - ./configure - compiledb make + meson setup builddir - name: Run Clang Tidy run: | run-clang-tidy \ -checks=-*,readability-braces-around-statements \ -config "{WarningsAsErrors: '*'}" \ -header-filter "src/pkcs11.h" \ - -quiet + -quiet -p builddir - name: Check the Style run: make check-style || (make check-style-show; exit -1) - name: Check spelling diff --git a/.gitignore b/.gitignore index dbbc3b72..8d7b2c41 100644 --- a/.gitignore +++ b/.gitignore @@ -21,36 +21,6 @@ tests/tcmpkeys /pkcs11-provider-?.?.tar.?z # generic ignore patterns (c, autotools, etc) -INSTALL -Makefile -Makefile.in -aclocal.m4 -ar-lib -autom4te.cache/ -compile -compile_commands.json -config.guess -config.log -config.status -config.sub -configure -depcomp -install-sh -libtool -ltmain.sh -m4/libtool.m4 -m4/ltoptions.m4 -m4/ltsugar.m4 -m4/ltversion.m4 -m4/lt~obsolete.m4 -missing -src/config.h -src/config.h.in -src/stamp-h1 -.deps/ -.libs/ -*.la -*.lo *.o *~ test-driver diff --git a/.reuse/dep5 b/.reuse/dep5 index f2c4d6cf..16aa7698 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -6,27 +6,25 @@ Source: https://github.com/latchset/pkcs11-provider/ # # Build system, data files from tests, and misc cruft # -Files: **/Makefile.am - .github/* +Files: .github/* .gitignore - Makefile.am + Makefile + meson.build + meson_options.txt *.md - configure.ac - configure.ac - src/Makefile.am - src/provider.exports + src/meson.build + src/provider.map src/*.gen.c - tests/Makefile.am tests/README tests/openssl.cnf.in tests/explicit_ec.* + tests/meson.build .clang-format .clang-format-ignore packaging/pkcs11-provider.spec docs/* tests/lsan.supp tools/openssl*.cnf - m4/ax_valgrind_check.m4 Copyright: (C) 2022 Simo Sorce License: Apache-2.0 diff --git a/BUILD.md b/BUILD.md index 656f15cd..41e7858a 100644 --- a/BUILD.md +++ b/BUILD.md @@ -3,17 +3,27 @@ This package requires the following: - OpenSSL 3.0.7+ libraries and development headers - OpenSSL tools (for testing) -- autoconf-archive packages for some m4 macros - NSS softoken, tools and development headers (for testing) - a C compiler that supports at least C11 semantics -- automake +- meson - pkg-config -- libtool - p11-kit, p11-kit-server, p11-kit-devel, opensc and softhsm (for testing) The usual command to build are: -- autoreconf -fi (if needed) -- ./configure (--with-openssl=/path/to/openssl if needed) -- make -- make check +- meson setup builddir +- meson compile -C builddir +- meson test -C builddir +To link with OpenSSL installed in a custom path, set +`PKG_CONFIG_PATH`, or `CFLAGS`/`LDFLAGS` envvars accordingly at the +`meson setup` step. For example, let's assume OpenSSL is installed +under an absolute path `$OPENSSL_DIR`. + +If you rely on pkg-config, point `PKG_CONFIG_PATH` to a directory +where `libcrypto.pc` or `openssl.pc` can be found. + +- `PKG_CONFIG_PATH="$OPENSSL_DIR/lib64/pkg-config" meson setup builddir` + +Otherwise, you can set `CFLAGS`/`LDFLAGS`: + +- `CFLAGS="-I$OPENSSL_DIR/include" LDFLAGS="-L$OPENSSL_DIR/lib64" meson setup builddir` diff --git a/Makefile.am b/Makefile similarity index 80% rename from Makefile.am rename to Makefile index 47ab1e0f..f3076fb4 100644 --- a/Makefile.am +++ b/Makefile @@ -1,7 +1,14 @@ -ACLOCAL_AMFLAGS = -Im4 +.PHONY: all check check-style check-style-show check-style-fix clean generate-code generate-docs -SUBDIRS = src tests docs -dist_doc_DATA = README.md +all: + meson setup builddir + meson compile -C builddir + +check: + meson test -C builddir + +clean: + rm -rf builddir check-style: @lines=`git diff -U0 --no-color --relative origin/main -- ':!src/pkcs11.h' | clang-format-diff -p1 |wc -l`; \ @@ -37,20 +44,3 @@ generate-docs: manfile=`echo $${mdfile} | sed s/\.md//`; \ pandoc --standalone --to man $${mdfile} -o $${manfile}; \ done - -DISTCLEANFILES = \ - *~ - -MAINTAINERCLEANFILES = \ - Makefile.in \ - aclocal.m4 \ - ar-lib compile \ - config.guess \ - config.sub \ - configure \ - depcomp \ - install-sh \ - ltmain.sh \ - m4/* \ - missing \ - test-driver diff --git a/configure.ac b/configure.ac deleted file mode 100644 index db630e0f..00000000 --- a/configure.ac +++ /dev/null @@ -1,168 +0,0 @@ -# -*- Autoconf -*- -# Process this file with autoconf to produce a configure script. - -AC_PREREQ([2.69]) -AC_INIT([pkcs11-provider], [0.3], [simo@redhat.com]) -AC_CONFIG_SRCDIR([src/provider.c]) -AC_CONFIG_HEADERS([src/config.h]) -AM_INIT_AUTOMAKE([foreign dist-xz -Wall -Werror]) -AC_CONFIG_MACRO_DIRS([m4]) - -# Checks for programs. -AC_PROG_CC -AM_PROG_AR -LT_INIT -PKG_PROG_PKG_CONFIG - -AX_CHECK_COMPILE_FLAG([-std=c11], - [CFLAGS="$CFLAGS -std=c11"], - AC_MSG_ERROR([C compiler must support at least C11 standard]) -) - -AX_VALGRIND_CHECK() - -STD_CFLAGS="-Wall -Wextra -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow" - -# Temporarily disable unused parameter until the implementation is complete -STD_CFLAGS="$STD_CFLAGS -Wno-unused-parameter" - -# These should be always errors -STD_CFLAGS="$STD_CFLAGS -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes" - -# Don't enable warnings on VLA yet, but I would avoid using VLAs -# STD_CFLAGS"$STD_CFLAGS -Werror=vla" - -AX_CHECK_COMPILE_FLAG([-fno-strict-aliasing], - [STD_CFLAGS="$STD_CFLAGS -fno-strict-aliasing"]) -AX_CHECK_COMPILE_FLAG([-Werror -fno-delete-null-pointer-checks], - [STD_CFLAGS="$STD_CFLAGS -fno-delete-null-pointer-checks"]) -AX_CHECK_COMPILE_FLAG([-fdiagnostics-show-option], - [STD_CFLAGS="$STD_CFLAGS -fdiagnostics-show-option"]) - -AC_SUBST([STD_CFLAGS]) - -AC_ARG_WITH([openssl], - [AS_HELP_STRING([--with-openssl],[the path to the OpenSSL files])], - [ - OPENSSL_DIR=${withval} - case "$OPENSSL_DIR" in - # Relative paths - ./*|../*) OPENSSL_DIR="`pwd`/$OPENSSL_DIR" - esac - if test -d "$OPENSSL_DIR/lib64"; then - libcrypto_path="$OPENSSL_DIR/lib64" - elif test -d "$OPENSSL_DIR/lib"; then - libcrypto_path="$OPENSSL_DIR/lib" - else - # Built but not installed - libcrypto_path="$OPENSSL_DIR" - fi - CFLAGS="-I$OPENSSL_DIR/include $CFLAGS" - LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" - LIBS="$LIBS -L${libcrypto_path}" - CRYPTO_LIBS="-lcrypto" - OPENSSL_LIBS="-lcrypto -lssl" - AC_MSG_WARN([Custom openssl located in $OPENSSL_DIR is used, lib version check is skipped]) - ], - [ - # Checks for libraries. - PKG_CHECK_MODULES( - [CRYPTO], - [libcrypto >= 3.0.7], - , - [AC_MSG_ERROR([libcrypto >= 3.0.7 is required])] - ) - PKG_CHECK_MODULES( - [OPENSSL], - [libcrypto >= 3.0.7, libssl], - , - [AC_MSG_ERROR([libcrypto >= 3.0.7 is required])] - ) - ]) - -address_sanitizer_path="no" -AC_MSG_CHECKING(for --with-address-sanitizer) -AC_ARG_WITH(address_sanitizer, - AS_HELP_STRING([--with-address-sanitizer=yes|path_to_libasan.so], - [Enable Address Sanitizer @<:@default=no@:>@]), - [ - address_sanitizer_path=${withval} - CFLAGS="-fsanitize=address -fno-omit-frame-pointer $CFLAGS" - LDFLAGS="-fsanitize=address $LDFLAGS" - ], - [ - address_sanitizer_path="no" - ]) -AS_IF([test "x$address_sanitizer_path" != "xno"], - [AS_IF([test "x$address_sanitizer_path" == "xyes"], - [address_sanitizer_path=`realpath $($CC -print-file-name=libasan.so)`], - [])], - []) - -AC_MSG_RESULT($address_sanitizer_path) -AM_CONDITIONAL([ADDRESS_SANITIZER], [test x${address_sanitizer_path} != xno]) -AC_SUBST(ADDRESS_SANITIZER_PATH, "$address_sanitizer_path") - -AC_SUBST([SHARED_EXT], $(eval echo "${shrext_cmds}")) - -# Check whether we have a p11-kit to use as a default PKCS#11 module -PKG_CHECK_EXISTS([p11-kit-1], - [PKG_CHECK_VAR([DEFAULT_PKCS11_MODULE], - [p11-kit-1], - [proxy_module])], - [AC_MSG_WARN([The P11-kit proxy is not available. No fallback PKCS11 module used.])]) -if test "x$DEFAULT_PKCS11_MODULE" != "x"; then - AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "$DEFAULT_PKCS11_MODULE", - [Default PKCS11 module]) -fi - - -# Try nss-softoken first as used on Fedora, -# fallback to "nss" as used on Debian -PKG_CHECK_EXISTS( - [nss-softokn], - [PKG_CHECK_VAR([SOFTOKENDIR], [nss-softokn], [libdir])], - [PKG_CHECK_EXISTS( - [nss], - [PKG_CHECK_VAR([SOFTOKENDIR], [nss], [libdir])] - )] -) - -if ! test -f $SOFTOKENDIR/libsoftokn3$SHARED_EXT; then - if test -f $SOFTOKENDIR/nss/libsoftokn3$SHARED_EXT; then - AC_SUBST([SOFTOKEN_SUBDIR], "nss/") - else - AC_MSG_WARN([Softoken library missing, tests will fail!]) - fi -fi - -# find p11-kit-client to separate softhsm openssl context from our tests -PKG_CHECK_EXISTS([p11-kit-1], - [PKG_CHECK_VAR([P11_MODULE_PATH], - [p11-kit-1], - [p11_module_path])], - [AC_MSG_WARN([The p11-kit client not found. Can not run SoftHSM tests])]) -if test "$P11_MODULE_PATH" != "" ; then - # p11-kit-client is a module, so its name ends with .so also on macOS! - AC_SUBST([P11KITCLIENTPATH], "$P11_MODULE_PATH/p11-kit-client.so") -fi - -# Checks for header files. -AC_CHECK_HEADERS([string.h dlfcn.h]) - -# Checks for typedefs, structures, and compiler characteristics. -AC_CHECK_HEADER_STDBOOL -AC_C_BIGENDIAN -AC_C_INLINE -AC_TYPE_SIZE_T - -# Checks for library functions. -AC_CHECK_FUNCS([strpbrk]) - -AC_CONFIG_FILES([ - Makefile - docs/Makefile - src/Makefile - tests/Makefile -]) -AC_OUTPUT diff --git a/docs/Makefile.am b/docs/Makefile.am deleted file mode 100644 index e7fa12d6..00000000 --- a/docs/Makefile.am +++ /dev/null @@ -1,2 +0,0 @@ - -dist_man_MANS = provider-pkcs11.7 diff --git a/docs/meson.build b/docs/meson.build new file mode 100644 index 00000000..0286673a --- /dev/null +++ b/docs/meson.build @@ -0,0 +1 @@ +install_man('provider-pkcs11.7') diff --git a/m4/ax_valgrind_check.m4 b/m4/ax_valgrind_check.m4 deleted file mode 100644 index e0d8a2f3..00000000 --- a/m4/ax_valgrind_check.m4 +++ /dev/null @@ -1,239 +0,0 @@ -# =========================================================================== -# https://www.gnu.org/software/autoconf-archive/ax_valgrind_check.html -# =========================================================================== -# -# SYNOPSIS -# -# AX_VALGRIND_DFLT(memcheck|helgrind|drd|sgcheck, on|off) -# AX_VALGRIND_CHECK() -# -# DESCRIPTION -# -# AX_VALGRIND_CHECK checks whether Valgrind is present and, if so, allows -# running `make check` under a variety of Valgrind tools to check for -# memory and threading errors. -# -# Defines VALGRIND_CHECK_RULES which should be substituted in your -# Makefile; and $enable_valgrind which can be used in subsequent configure -# output. VALGRIND_ENABLED is defined and substituted, and corresponds to -# the value of the --enable-valgrind option, which defaults to being -# enabled if Valgrind is installed and disabled otherwise. Individual -# Valgrind tools can be disabled via --disable-valgrind-, the -# default is configurable via the AX_VALGRIND_DFLT command or is to use -# all commands not disabled via AX_VALGRIND_DFLT. All AX_VALGRIND_DFLT -# calls must be made before the call to AX_VALGRIND_CHECK. -# -# If unit tests are written using a shell script and automake's -# LOG_COMPILER system, the $(VALGRIND) variable can be used within the -# shell scripts to enable Valgrind, as described here: -# -# https://www.gnu.org/software/gnulib/manual/html_node/Running-self_002dtests-under-valgrind.html -# -# Usage example: -# -# configure.ac: -# -# AX_VALGRIND_DFLT([sgcheck], [off]) -# AX_VALGRIND_CHECK -# -# in each Makefile.am with tests: -# -# @VALGRIND_CHECK_RULES@ -# VALGRIND_SUPPRESSIONS_FILES = my-project.supp -# EXTRA_DIST = my-project.supp -# -# This results in a "check-valgrind" rule being added. Running `make -# check-valgrind` in that directory will recursively run the module's test -# suite (`make check`) once for each of the available Valgrind tools (out -# of memcheck, helgrind and drd) while the sgcheck will be skipped unless -# enabled again on the commandline with --enable-valgrind-sgcheck. The -# results for each check will be output to test-suite-$toolname.log. The -# target will succeed if there are zero errors and fail otherwise. -# -# Alternatively, a "check-valgrind-$TOOL" rule will be added, for $TOOL in -# memcheck, helgrind, drd and sgcheck. These are useful because often only -# some of those tools can be ran cleanly on a codebase. -# -# The macro supports running with and without libtool. -# -# LICENSE -# -# Copyright (c) 2014, 2015, 2016 Philip Withnall -# -# Copying and distribution of this file, with or without modification, are -# permitted in any medium without royalty provided the copyright notice -# and this notice are preserved. This file is offered as-is, without any -# warranty. - -#serial 23 - -dnl Configured tools -m4_define([valgrind_tool_list], [[memcheck], [helgrind], [drd], [sgcheck]]) -m4_set_add_all([valgrind_exp_tool_set], [sgcheck]) -m4_foreach([vgtool], [valgrind_tool_list], - [m4_define([en_dflt_valgrind_]vgtool, [on])]) - -AC_DEFUN([AX_VALGRIND_DFLT],[ - m4_define([en_dflt_valgrind_$1], [$2]) -])dnl - -AC_DEFUN([AX_VALGRIND_CHECK],[ - AM_EXTRA_RECURSIVE_TARGETS([check-valgrind]) - m4_foreach([vgtool], [valgrind_tool_list], - [AM_EXTRA_RECURSIVE_TARGETS([check-valgrind-]vgtool)]) - - dnl Check for --enable-valgrind - AC_ARG_ENABLE([valgrind], - [AS_HELP_STRING([--enable-valgrind], [Whether to enable Valgrind on the unit tests])], - [enable_valgrind=$enableval],[enable_valgrind=]) - - AS_IF([test "$enable_valgrind" != "no"],[ - # Check for Valgrind. - AC_CHECK_PROG([VALGRIND],[valgrind],[valgrind]) - AS_IF([test "$VALGRIND" = ""],[ - AS_IF([test "$enable_valgrind" = "yes"],[ - AC_MSG_ERROR([Could not find valgrind; either install it or reconfigure with --disable-valgrind]) - ],[ - enable_valgrind=no - ]) - ],[ - enable_valgrind=yes - ]) - ]) - - AM_CONDITIONAL([VALGRIND_ENABLED],[test "$enable_valgrind" = "yes"]) - AC_SUBST([VALGRIND_ENABLED],[$enable_valgrind]) - - # Check for Valgrind tools we care about. - [valgrind_enabled_tools=] - m4_foreach([vgtool],[valgrind_tool_list],[ - AC_ARG_ENABLE([valgrind-]vgtool, - m4_if(m4_defn([en_dflt_valgrind_]vgtool),[off],dnl -[AS_HELP_STRING([--enable-valgrind-]vgtool, [Whether to use ]vgtool[ during the Valgrind tests])],dnl -[AS_HELP_STRING([--disable-valgrind-]vgtool, [Whether to skip ]vgtool[ during the Valgrind tests])]), - [enable_valgrind_]vgtool[=$enableval], - [enable_valgrind_]vgtool[=]) - AS_IF([test "$enable_valgrind" = "no"],[ - enable_valgrind_]vgtool[=no], - [test "$enable_valgrind_]vgtool[" ]dnl -m4_if(m4_defn([en_dflt_valgrind_]vgtool), [off], [= "yes"], [!= "no"]),[ - AC_CACHE_CHECK([for Valgrind tool ]vgtool, - [ax_cv_valgrind_tool_]vgtool,[ - ax_cv_valgrind_tool_]vgtool[=no - m4_set_contains([valgrind_exp_tool_set],vgtool, - [m4_define([vgtoolx],[exp-]vgtool)], - [m4_define([vgtoolx],vgtool)]) - AS_IF([`$VALGRIND --tool=]vgtoolx[ --help >/dev/null 2>&1`],[ - ax_cv_valgrind_tool_]vgtool[=yes - ]) - ]) - AS_IF([test "$ax_cv_valgrind_tool_]vgtool[" = "no"],[ - AS_IF([test "$enable_valgrind_]vgtool[" = "yes"],[ - AC_MSG_ERROR([Valgrind does not support ]vgtool[; reconfigure with --disable-valgrind-]vgtool) - ],[ - enable_valgrind_]vgtool[=no - ]) - ],[ - enable_valgrind_]vgtool[=yes - ]) - ]) - AS_IF([test "$enable_valgrind_]vgtool[" = "yes"],[ - valgrind_enabled_tools="$valgrind_enabled_tools ]m4_bpatsubst(vgtool,[^exp-])[" - ]) - AC_SUBST([ENABLE_VALGRIND_]vgtool,[$enable_valgrind_]vgtool) - ]) - AC_SUBST([valgrind_tools],["]m4_join([ ], valgrind_tool_list)["]) - AC_SUBST([valgrind_enabled_tools],[$valgrind_enabled_tools]) - -[VALGRIND_CHECK_RULES=' -# Valgrind check -# -# Optional: -# - VALGRIND_SUPPRESSIONS_FILES: Space-separated list of Valgrind suppressions -# files to load. (Default: empty) -# - VALGRIND_FLAGS: General flags to pass to all Valgrind tools. -# (Default: --num-callers=30) -# - VALGRIND_$toolname_FLAGS: Flags to pass to Valgrind $toolname (one of: -# memcheck, helgrind, drd, sgcheck). (Default: various) - -# Optional variables -VALGRIND_SUPPRESSIONS ?= $(addprefix --suppressions=,$(VALGRIND_SUPPRESSIONS_FILES)) -VALGRIND_FLAGS ?= --num-callers=30 -VALGRIND_memcheck_FLAGS ?= --leak-check=full --show-reachable=no -VALGRIND_helgrind_FLAGS ?= --history-level=approx -VALGRIND_drd_FLAGS ?= -VALGRIND_sgcheck_FLAGS ?= - -# Internal use -valgrind_log_files = $(addprefix test-suite-,$(addsuffix .log,$(valgrind_tools))) - -valgrind_memcheck_flags = --tool=memcheck $(VALGRIND_memcheck_FLAGS) -valgrind_helgrind_flags = --tool=helgrind $(VALGRIND_helgrind_FLAGS) -valgrind_drd_flags = --tool=drd $(VALGRIND_drd_FLAGS) -valgrind_sgcheck_flags = --tool=exp-sgcheck $(VALGRIND_sgcheck_FLAGS) - -valgrind_quiet = $(valgrind_quiet_$(V)) -valgrind_quiet_ = $(valgrind_quiet_$(AM_DEFAULT_VERBOSITY)) -valgrind_quiet_0 = --quiet -valgrind_v_use = $(valgrind_v_use_$(V)) -valgrind_v_use_ = $(valgrind_v_use_$(AM_DEFAULT_VERBOSITY)) -valgrind_v_use_0 = @echo " USE " $(patsubst check-valgrind-%-local,%,$''@):; - -# Support running with and without libtool. -ifneq ($(LIBTOOL),) -valgrind_lt = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=execute -else -valgrind_lt = -endif - -# Use recursive makes in order to ignore errors during check -check-valgrind-local: -ifeq ($(VALGRIND_ENABLED),yes) - $(A''M_V_at)$(MAKE) $(AM_MAKEFLAGS) -k \ - $(foreach tool, $(valgrind_enabled_tools), check-valgrind-$(tool)) -else - @echo "Need to reconfigure with --enable-valgrind" -endif - -# Valgrind running -VALGRIND_TESTS_ENVIRONMENT = \ - $(TESTS_ENVIRONMENT) \ - env VALGRIND=$(VALGRIND) \ - G_SLICE=always-malloc,debug-blocks \ - G_DEBUG=fatal-warnings,fatal-criticals,gc-friendly - -VALGRIND_LOG_COMPILER = \ - $(valgrind_lt) \ - $(VALGRIND) $(VALGRIND_SUPPRESSIONS) --error-exitcode=1 $(VALGRIND_FLAGS) - -define valgrind_tool_rule -check-valgrind-$(1)-local: -ifeq ($$(VALGRIND_ENABLED)-$$(ENABLE_VALGRIND_$(1)),yes-yes) -ifneq ($$(TESTS),) - $$(valgrind_v_use)$$(MAKE) check-TESTS \ - TESTS_ENVIRONMENT="$$(VALGRIND_TESTS_ENVIRONMENT)" \ - LOG_COMPILER="$$(VALGRIND_LOG_COMPILER)" \ - LOG_FLAGS="$$(valgrind_$(1)_flags)" \ - TEST_SUITE_LOG=test-suite-$(1).log -endif -else ifeq ($$(VALGRIND_ENABLED),yes) - @echo "Need to reconfigure with --enable-valgrind-$(1)" -else - @echo "Need to reconfigure with --enable-valgrind" -endif -endef - -$(foreach tool,$(valgrind_tools),$(eval $(call valgrind_tool_rule,$(tool)))) - -A''M_DISTCHECK_CONFIGURE_FLAGS ?= -A''M_DISTCHECK_CONFIGURE_FLAGS += --disable-valgrind - -MOSTLYCLEANFILES ?= -MOSTLYCLEANFILES += $(valgrind_log_files) - -.PHONY: check-valgrind $(addprefix check-valgrind-,$(valgrind_tools)) -'] - - AC_SUBST([VALGRIND_CHECK_RULES]) - m4_ifdef([_AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE([VALGRIND_CHECK_RULES])]) -]) diff --git a/meson.build b/meson.build new file mode 100644 index 00000000..105bdefc --- /dev/null +++ b/meson.build @@ -0,0 +1,90 @@ +project( + 'pkcs11-provider', 'c', + version: '0.3', + meson_version: '>= 0.57', + default_options: ['c_std=c11'], +) + +version_arr = meson.project_version().split('.') +major_version = version_arr[0].to_int() +minor_version = version_arr[1].to_int() + +cc = meson.get_compiler('c') + +warning_c_args = [ + '-Wwrite-strings', + '-Wpointer-arith', + '-Wno-missing-field-initializers', + '-Wformat', + '-Wshadow', + # Temporarily disable unused parameter until the implementation is complete + '-Wno-unused-parameter', + # These should be always errors + '-Werror=implicit-function-declaration', + '-Werror=missing-prototypes', + '-Werror=format-security', + '-Werror=parentheses', + '-Werror=implicit', + '-Werror=strict-prototypes', +] + +extra_c_args = [ + '-fno-strict-aliasing', + '-fno-delete-null-pointer-checks', + '-fdiagnostics-show-option', +] + +add_project_arguments(cc.get_supported_arguments(warning_c_args + extra_c_args), + language: 'c') + +configinc = include_directories('.') + +conf = configuration_data() + +conf.set_quoted('PACKAGE_NAME', meson.project_name()) +conf.set('PACKAGE_MAJOR', major_version) +conf.set('PACKAGE_MINOR', minor_version) + +libcrypto = dependency('libcrypto', version: '>= 3.0.7') +provider_path = libcrypto.get_variable(pkgconfig: 'modulesdir') +libssl = dependency('libssl', version: '>= 3.0.7') + +host_system = host_machine.system() +if host_system == 'windows' + shlext = '.dll' +elif host_system == 'darwin' + # On macOS, loadable modules typically use .so as filename extension, but + # both NSS softokn and OpenSSL providers ignore this rule and use .dylib for + # loadable modules anyway. Note that p11-kit correctly uses .so, though, so + # be careful when using this variable, as it might not be correct on macOS. + shlext = '.dylib' +else + shlext = '.so' +endif + +if host_machine.endian() == 'big' + conf.set('WORDS_BIGENDIAN', 1) +endif + +p11_kit = dependency('p11-kit-1', required: false) +if p11_kit.found() + default_pkcs11_module = p11_kit.get_variable(pkgconfig: 'proxy_module') + conf.set_quoted('DEFAULT_PKCS11_MODULE', default_pkcs11_module) +endif + +headers = [ + 'dlfcn.h', +] + +foreach h : headers + if cc.has_header(h) + conf.set('HAVE_' + h.underscorify().to_upper(), 1) + endif +endforeach + +configure_file(output: 'config.h', configuration: conf) + +subdir('src') +subdir('docs') +subdir('tests') + diff --git a/meson_options.txt b/meson_options.txt new file mode 100644 index 00000000..7e7b9bee --- /dev/null +++ b/meson_options.txt @@ -0,0 +1,4 @@ +option('preload_libasan', + type: 'string', + value: 'no', + description: 'Path to libasan.so to preload') diff --git a/packaging/pkcs11-provider.spec b/packaging/pkcs11-provider.spec index 85dc48d5..f23b519f 100644 --- a/packaging/pkcs11-provider.spec +++ b/packaging/pkcs11-provider.spec @@ -15,10 +15,7 @@ Source2: https://people.redhat.com/~ssorce/simo_redhat.asc BuildRequires: openssl-devel >= 3.0.7 BuildRequires: gcc -BuildRequires: autoconf-archive -BuildRequires: automake -BuildRequires: libtool -BuildRequires: make +BuildRequires: meson %if %{with gpgcheck} BuildRequires: gnupg2 %endif @@ -54,18 +51,17 @@ compatible to previous versions as well. %build -autoreconf -fi -%configure -%make_build +%meson +%meson_build %install -%make_install +%meson_install %check # do not run them in parrallel with %{?_smp_mflags} -make check || if [ $? -ne 0 ]; then cat tests/*.log; exit 1; fi; +%meson_test --num-processes 1 %files diff --git a/src/Makefile.am b/src/Makefile.am deleted file mode 100644 index a5db81df..00000000 --- a/src/Makefile.am +++ /dev/null @@ -1,74 +0,0 @@ - -AM_CFLAGS = $(STD_CFLAGS) - -noinst_HEADERS = \ - asymmetric_cipher.h \ - debug.h \ - encoder.h \ - decoder.h \ - digests.h \ - exchange.h \ - kdf.h \ - keymgmt.h \ - pk11_uri.h \ - interface.h \ - objects.h \ - pkcs11.h \ - platform/endian.h \ - provider.h \ - random.h \ - session.h \ - signature.h \ - slot.h \ - store.h \ - util.h -pkcs11_LTLIBRARIES = pkcs11.la - -SHARED_EXT=@SHARED_EXT@ - -pkcs11dir = $(libdir)/ossl-modules - -pkcs11_la_SOURCES = \ - asymmetric_cipher.c \ - debug.c \ - encoder.c \ - decoder.c \ - digests.c \ - exchange.c \ - kdf.c \ - keymgmt.c \ - pk11_uri.c \ - interface.c \ - objects.c \ - provider.h \ - provider.c \ - random.c \ - session.c \ - signature.c \ - slot.c \ - store.c \ - tls.c \ - util.c \ - provider.exports \ - $(NULL) - -EXTRA_DIST = \ - interface.gen.c \ - encoder.gen.c \ - pk11_uri.gen.c \ - $(NULL) - -pkcs11_la_CFLAGS = $(AM_CFLAGS) $(OPENSSL_CFLAGS) -Wall -Werror -pkcs11_la_LIBADD = $(CRYPTO_LIBS) - -pkcs11_la_LDFLAGS = \ - $(AM_LDFLAGS) -module \ - -shared -shrext $(SHARED_EXT) \ - -avoid-version \ - -export-symbols "$(srcdir)/provider.exports" - -DISTCLEANFILES = \ - *~ - -MAINTAINERCLEANFILES = \ - Makefile.in config.h.in diff --git a/src/interface.c b/src/interface.c index d36e79da..8968e668 100644 --- a/src/interface.c +++ b/src/interface.c @@ -165,7 +165,6 @@ static CK_RV p11prov_interface_init(P11PROV_MODULE *mctx) return CKR_HOST_MEMORY; } - ret = CKR_FUNCTION_NOT_SUPPORTED; intf->GetInterface = dlsym(mctx->dlhandle, "C_GetInterface"); if (!intf->GetInterface) { char *err = dlerror(); diff --git a/src/meson.build b/src/meson.build new file mode 100644 index 00000000..631d4742 --- /dev/null +++ b/src/meson.build @@ -0,0 +1,38 @@ +pkcs11_provider_sources = [ + 'asymmetric_cipher.c', + 'debug.c', + 'encoder.c', + 'decoder.c', + 'digests.c', + 'exchange.c', + 'kdf.c', + 'keymgmt.c', + 'pk11_uri.c', + 'interface.c', + 'objects.c', + 'provider.c', + 'random.c', + 'session.c', + 'signature.c', + 'slot.c', + 'store.c', + 'tls.c', + 'util.c', +] + +pkcs11_provider_map = meson.current_source_dir() / 'provider.map' +pkcs11_provider_ldflags = cc.get_supported_link_arguments([ + '-Wl,--version-script,' + pkcs11_provider_map +]) + +pkcs11_provider = shared_module( + 'pkcs11', + pkcs11_provider_sources, + name_prefix: '', + dependencies: [libcrypto], + include_directories: [configinc], + link_depends: [pkcs11_provider_map], + link_args: pkcs11_provider_ldflags, + install: true, + install_dir: get_option('libdir') / 'ossl-modules', +) diff --git a/src/objects.c b/src/objects.c index 7b76566c..5b5b09ea 100644 --- a/src/objects.c +++ b/src/objects.c @@ -1870,7 +1870,6 @@ static int p11prov_obj_export_public_ec_key(P11PROV_OBJ *obj, switch (key_type) { case CKK_EC: attrs[0].type = CKA_P11PROV_CURVE_NID; - nattr = 1; rv = get_public_attrs(obj, attrs, 1); if (rv != CKR_OK) { P11PROV_raise(obj->ctx, rv, "Failed to get EC key curve nid"); diff --git a/src/provider.exports b/src/provider.exports deleted file mode 100644 index 8d6632bf..00000000 --- a/src/provider.exports +++ /dev/null @@ -1 +0,0 @@ -OSSL_provider_init diff --git a/src/provider.map b/src/provider.map new file mode 100644 index 00000000..42b8f3c8 --- /dev/null +++ b/src/provider.map @@ -0,0 +1,6 @@ +{ + global: + OSSL_provider_init; + local: + *; +}; diff --git a/src/signature.c b/src/signature.c index f726a199..a9ca373c 100644 --- a/src/signature.c +++ b/src/signature.c @@ -877,6 +877,9 @@ static CK_RV p11prov_sig_operate(P11PROV_SIG_CTX *sigctx, unsigned char *sig, if (sigctx->operation == CKF_VERIFY) { return CKR_ARGUMENTS_BAD; } + if (siglen == NULL) { + return CKR_ARGUMENTS_BAD; + } return p11prov_sig_get_sig_size(sigctx, siglen); } @@ -1042,6 +1045,9 @@ static int p11prov_sig_digest_final(P11PROV_SIG_CTX *sigctx, unsigned char *sig, if (sigctx->operation == CKF_VERIFY) { goto done; } + if (siglen == NULL) { + goto done; + } ret = p11prov_sig_get_sig_size(sigctx, siglen); if (ret == CKR_OK) { result = RET_OSSL_OK; @@ -1868,7 +1874,7 @@ static int p11prov_ecdsa_digest_sign_final(void *ctx, unsigned char *sig, { P11PROV_SIG_CTX *sigctx = (P11PROV_SIG_CTX *)ctx; unsigned char raw[P11PROV_MAX_RAW_ECC_SIG_SIZE]; - size_t rawlen; + size_t rawlen = 0; int ret; /* the siglen might be uninitialized when called from openssl */ diff --git a/tests/Makefile.am b/tests/Makefile.am deleted file mode 100644 index e3939924..00000000 --- a/tests/Makefile.am +++ /dev/null @@ -1,141 +0,0 @@ -EXTRA_DIST = openssl.cnf.in \ - lsan.supp \ - explicit_ec.key.der explicit_ec.pub.der - -libspath=@abs_top_builddir@/src/.libs -testsblddir=@abs_top_builddir@/tests -testssrcdir=@abs_srcdir@ - -@VALGRIND_CHECK_RULES@ -#VALGRIND_SUPPRESSIONS_FILES = $(top_srcdir)/tests/pkcs11-provider.supp -VALGRIND_FLAGS = --num-callers=30 -q --keep-debuginfo=yes - -check_PROGRAMS = tsession tgenkey tlsctx tdigests tdigest_dupctx treadkeys \ - tcmpkeys tfork pincache tfork_deadlock - -tsession_SOURCES = tsession.c -tsession_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS) -tsession_LDADD = $(OPENSSL_LIBS) - -tgenkey_SOURCES = tgenkey.c -tgenkey_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS) -tgenkey_LDADD = $(OPENSSL_LIBS) - -tlsctx_SOURCES = tlsctx.c -tlsctx_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS) -tlsctx_LDADD = $(OPENSSL_LIBS) - -tdigests_SOURCES = tdigests.c -tdigests_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS) -tdigests_LDADD = $(OPENSSL_LIBS) - -tdigest_dupctx_SOURCES = tdigest_dupctx.c -tdigest_dupctx_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS) -tdigest_dupctx_LDADD = $(OPENSSL_LIBS) - -treadkeys_SOURCES = treadkeys.c -treadkeys_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS) -treadkeys_LDADD = $(OPENSSL_LIBS) - -tcmpkeys_SOURCES = tcmpkeys.c -tcmpkeys_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS) -tcmpkeys_LDADD = $(OPENSSL_LIBS) - -tfork_SOURCES = tfork.c -tfork_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS) -tfork_LDADD = $(OPENSSL_LIBS) - -pincache_SOURCES = pincache.c -pincache_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS) -pincache_LDADD = $(OPENSSL_LIBS) - -tfork_deadlock_SOURCES = tfork_deadlock.c -tfork_deadlock_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS) -tfork_deadlock_LDADD = $(OPENSSL_LIBS) - -tmp.softokn: - LIBSPATH=$(libspath) \ - TESTSSRCDIR=$(testssrcdir) \ - TESTBLDDIR=$(testsblddir) \ - SHARED_EXT=$(SHARED_EXT) \ - SOFTOKNPATH="$(SOFTOKENDIR)/$(SOFTOKEN_SUBDIR)" \ - $(testssrcdir)/setup-softokn.sh > setup-softokn.log 2>&1 -tmp.softhsm: - LIBSPATH=$(libspath) \ - TESTSSRCDIR=$(testssrcdir) \ - TESTBLDDIR=$(testsblddir) \ - SHARED_EXT=$(SHARED_EXT) \ - P11KITCLIENTPATH="$(P11KITCLIENTPATH)" \ - $(testssrcdir)/setup-softhsm.sh > setup-softhsm.log 2>&1 - -dist_check_SCRIPTS = \ - helpers.sh setup-softhsm.sh setup-softokn.sh softhsm-proxy.sh \ - test-wrapper tbasic tcerts tecc tecdh tedwards tdemoca thkdf \ - toaepsha2 trsapss tdigest ttls tpubkey tforking turi trand tecxc \ - tcms top_state tpem_encoder - -test_LIST = \ - basic-softokn.t basic-softhsm.t \ - pubkey-softokn.t pubkey-softhsm.t \ - certs-softokn.t certs-softhsm.t \ - ecc-softokn.t ecc-softhsm.t \ - edwards-softhsm.t \ - ecdh-softokn.t \ - democa-softokn.t democa-softhsm.t \ - digest-softokn.t digest-softhsm.t \ - forking-softokn.t forking-softhsm.t \ - oaepsha2-softokn.t \ - hkdf-softokn.t \ - rsapss-softokn.t \ - session-softokn.t session-softhsm.t \ - rand-softokn.t rand-softhsm.t \ - readkeys-softokn.t readkeys-softhsm.t \ - tls-softokn.t tls-softhsm.t \ - uri-softokn.t uri-softhsm.t \ - ecxc-softhsm.t \ - cms-softokn.t \ - op_state-softhsm.t \ - pem_encoder-softokn.t pem_encoder-softhsm.t - -.PHONY: $(test_LIST) - -TESTS = $(test_LIST) - -AM_TESTS_ENVIRONMENT = \ - export LC_ALL='C'; - -TEST_EXTENSIONS = .t -T_LOG_COMPILER = $(testssrcdir)/test-wrapper - -if ADDRESS_SANITIZER -# Avoids closing dlopened libraries for ASan to be able to print usable traces -FAKE_DLCLOSE=.libs/fake_dlclose.so -lib_LTLIBRARIES = fake_dlclose.la -fake_dlclose_la_SOURCES = fake_dlclose.c -fake_dlclose_la_CFLAGS = $(AM_CFLAGS) -Wall -Werror -fake_dlclose_la_LDFLAGS = $(AM_LDFLAGS) -module -shared -avoid-version - -# LD_PRELOAD is needed before invoking openssl as it is not instrumented with -# asan and asan needs to be loaded as a firs dynamic library of the process. -AM_TESTS_ENVIRONMENT += \ - export ASAN_OPTIONS='fast_unwind_on_malloc=0'; \ - export LSAN_OPTIONS='suppressions=$(testssrcdir)/lsan.supp'; \ - export DLCLOSE='$(testsblddir)/$(FAKE_DLCLOSE)'; \ - export CHECKER='env LD_PRELOAD=$(ADDRESS_SANITIZER_PATH):$(testsblddir)/$(FAKE_DLCLOSE)'; -endif - -$(TESTS): tmp.softokn tmp.softhsm $(FAKE_DLCLOSE) - -CLEANFILES = \ - setup-*.log \ - pinfile.txt - -clean-local: - rm -Rf tmp.softhsm - rm -Rf tmp.softokn - -DISTCLEANFILES = \ - *~ - -MAINTAINERCLEANFILES = \ - Makefile.in diff --git a/tests/fake_dlclose.c b/tests/fake_dlclose.c index 706658e1..9f5fde77 100644 --- a/tests/fake_dlclose.c +++ b/tests/fake_dlclose.c @@ -2,6 +2,8 @@ SPDX-License-Identifier: Apache-2.0 */ #include +extern int dlclose(void *handle); + int dlclose(void *handle) { return 0; diff --git a/tests/helpers.sh b/tests/helpers.sh index e5b96c76..a9c0d0d6 100755 --- a/tests/helpers.sh +++ b/tests/helpers.sh @@ -2,6 +2,8 @@ # Copyright (C) 2022 Simo Sorce # SPDX-License-Identifier: Apache-2.0 +: "${TESTBLDDIR=.}" + title() { case "$1" in diff --git a/tests/integration/bind.sh b/tests/integration/bind.sh index dec044b1..3839649f 100644 --- a/tests/integration/bind.sh +++ b/tests/integration/bind.sh @@ -22,7 +22,7 @@ install_dependencies() releasever="--releasever=40" fi dnf install -y "$releasever" --skip-broken \ - autoconf automake autoconf-archive libtool \ + meson \ p11-kit httpd mod_ssl openssl-devel gnutls-utils nss-tools \ p11-kit-devel p11-kit-server opensc softhsm-devel procps-ng \ openssl util-linux bind9-next opensc @@ -64,10 +64,9 @@ pkcs11_provider_setup() "${WORKDIR}"/pkcs11-provider pushd "${WORKDIR}"/pkcs11-provider git checkout "${GIT_REF:-"main"}" - autoreconf -fiv - ./configure --libdir=/usr/lib64 - make - make install + meson setup -Dlibdir=/usr/lib64 builddir + meson compile -C builddir + meson install -C builddir popd export PKCS11_MODULE=/usr/lib64/ossl-modules/pkcs11.so fi diff --git a/tests/integration/httpd.sh b/tests/integration/httpd.sh index 209c19d3..6d8313d1 100644 --- a/tests/integration/httpd.sh +++ b/tests/integration/httpd.sh @@ -24,7 +24,7 @@ install_dependencies() releasever="--releasever=40" fi dnf install -y "$releasever" --skip-broken \ - autoconf automake autoconf-archive libtool \ + meson \ p11-kit httpd mod_ssl openssl-devel gnutls-utils nss-tools \ p11-kit-devel p11-kit-server opensc softhsm-devel procps-ng \ openssl util-linux @@ -89,10 +89,9 @@ pkcs11_provider_setup() "${WORKDIR}"/pkcs11-provider pushd "$WORKDIR"/pkcs11-provider git checkout "${GIT_REF:-"main"}" - autoreconf -fiv - ./configure --libdir=/usr/lib64 - make - make install + meson setup -Dlibdir=/usr/lib64 builddir + meson compile -C builddir + meson install -C builddir popd export PKCS11_MODULE=/usr/lib64/ossl-modules/pkcs11.so fi diff --git a/tests/integration/libssh.sh b/tests/integration/libssh.sh index d69fe9fd..21c7f005 100644 --- a/tests/integration/libssh.sh +++ b/tests/integration/libssh.sh @@ -16,8 +16,8 @@ install_dependencies() dnf install -y --skip-broken cmake libcmocka libcmocka-devel softhsm \ nss-tools gnutls-utils p11-kit p11-kit-devel p11-kit-server opensc \ softhsm-devel socket_wrapper nss_wrapper uid_wrapper pam_wrapper \ - priv_wrapper openssh-server zlib-devel git autoconf autoconf-archive \ - automake libtool openssl-devel gcc g++ libcmocka-devel + priv_wrapper openssh-server zlib-devel git meson \ + openssl-devel gcc g++ libcmocka-devel } pkcs11_provider_setup() @@ -36,10 +36,9 @@ pkcs11_provider_setup() "${WORKDIR}"/pkcs11-provider pushd "$WORKDIR"/pkcs11-provider git checkout "${GIT_REF:-"main"}" - autoreconf -fiv - ./configure --libdir=/usr/lib64 - make - make install + meson setup -Dlibdir=/usr/lib64 builddir + meson compile -C builddir + meson install -C builddir popd export PKCS11_MODULE=/usr/lib64/ossl-modules/pkcs11.so fi diff --git a/tests/meson.build b/tests/meson.build new file mode 100644 index 00000000..46343296 --- /dev/null +++ b/tests/meson.build @@ -0,0 +1,156 @@ +conf_env = environment({ + 'LIBSPATH': meson.project_build_root() / 'src', + 'TESTSSRCDIR': meson.current_source_dir(), + 'TESTBLDDIR': meson.current_build_dir(), + 'SHARED_EXT': shlext, +}) + +if p11_kit.found() + # p11-kit-client module doesn't support Windows, so hard-coding .so is fine + p11_module_path = p11_kit.get_variable(pkgconfig: 'p11_module_path') + p11_client_path = p11_module_path / 'p11-kit-client.so' + conf_env.set('P11KITCLIENTPATH', p11_client_path) +endif + +nss_softokn = dependency('nss-softokn', required: false) +if not nss_softokn.found() + nss_softokn = dependency('nss', required: false) +endif +softokendir = '' +softokensubdir = '' +if nss_softokn.found() + fs = import('fs') + softokendir = nss_softokn.get_variable(pkgconfig: 'libdir') + if fs.exists(softokendir / 'libsoftokn3@0@'.format(shlext)) + conf_env.set('SOFTOKNPATH', softokendir) + elif fs.exists(softokendir / 'nss' / 'libsoftokn3@0@'.format(shlext)) + conf_env.set('SOFTOKNPATH', softokendir / 'nss') + else + warning('Softoken library missing, tests will be skipped!') + endif +endif + +softoken_conf = custom_target( + 'generate softoken configuration', + output: 'tmp.softokn.log', + env: conf_env, + command: [ + find_program('setup-softokn.sh'), + ], + capture: true, +) + +softhsm_conf = custom_target( + 'generate softhsm configuration', + output: 'tmp.softhsm.log', + env: conf_env, + command: [ + find_program('setup-softhsm.sh'), + ], + capture: true, +) + +test_env = environment({ + 'TEST_PATH': meson.current_source_dir(), + 'TESTBLDDIR': meson.current_build_dir(), +}) + +valgrind = find_program('valgrind', required: false) +if valgrind.found() + add_test_setup('valgrind', + exe_wrapper: [ + valgrind, + '--num-callers=30', + '-q', + '--keep-debuginfo=yes', + ], + env: test_env, + timeout_multiplier: 20, + ) +endif + +if get_option('b_sanitize') == 'address' + preload_libasan = get_option('preload_libasan') + if preload_libasan == 'auto' + preload_libasan = run_command( + [cc.cmd_array()[0], '-print-file-name=libasan.so'], + check: true, + capture: true, + ).stdout().strip() + endif + + # Avoids closing dlopened libraries for ASan to be able to print usable traces + fake_dlclose = shared_module( + 'fake_dlclose', + 'fake_dlclose.c', + name_prefix: '', + ) + + test_env.set('ASAN_OPTIONS', 'fast_unwind_on_malloc=0') + test_env.set('LSAN_OPTIONS', 'suppressions=@0@/lsan.supp'.format(meson.current_source_dir())) + test_env.set('FAKE_DLCLOSE', fake_dlclose.full_path()) + # LD_PRELOAD is needed before invoking openssl as it is not instrumented with + # asan and asan needs to be loaded as a first dynamic library of the process. + if preload_libasan != 'no' + test_env.set('CHECKER', 'env LD_PRELOAD=@0@:@1@'.format(preload_libasan, fake_dlclose.full_path())) + else + test_env.set('CHECKER', 'env LD_PRELOAD=@0@'.format(fake_dlclose.full_path())) + endif +endif + +test_programs = [ + 'tsession', + 'tgenkey', + 'tlsctx', + 'tdigests', + 'treadkeys', + 'tcmpkeys', + 'tfork', + 'pincache', +] + +foreach t : test_programs + executable(t, '@0@.c'.format(t), + include_directories: [configinc], + dependencies: [libcrypto, libssl]) +endforeach + +tests = { + 'basic': {'suites': ['softokn', 'softhsm']}, + 'pubkey': {'suites': ['softokn', 'softhsm']}, + 'certs': {'suites': ['softokn', 'softhsm']}, + 'ecc': {'suites': ['softokn', 'softhsm']}, + 'edwards': {'suites': ['softhsm']}, + 'ecdh': {'suites': ['softokn']}, + 'democa': {'suites': ['softokn', 'softhsm'], 'is_parallel': false}, + 'digest': {'suites': ['softokn', 'softhsm']}, + 'fork': {'suites': ['softokn', 'softhsm']}, + 'oaepsha2': {'suites': ['softokn']}, + 'hkdf': {'suites': ['softokn']}, + 'rsapss': {'suites': ['softokn']}, + 'genkey': {'suites': ['softokn', 'softhsm']}, + 'session': {'suites': ['softokn', 'softhsm']}, + 'rand': {'suites': ['softokn', 'softhsm']}, + 'readkeys': {'suites': ['softokn', 'softhsm']}, + 'tls': {'suites': ['softokn', 'softhsm'], 'is_parallel': false}, + 'uri': {'suites': ['softokn', 'softhsm']}, + 'ecxc': {'suites': ['softhsm']}, + 'cms': {'suites': ['softokn']}, +} + +test_wrapper = find_program('test-wrapper') + +foreach t, extra_args : tests + is_parallel = extra_args.get('is_parallel', true) + foreach suite : extra_args.get('suites', []) + test( + t, + test_wrapper, + args: '@0@-@1@.t'.format(t, suite), + suite: suite, + depends: [softoken_conf, softhsm_conf], + env: test_env, + is_parallel: is_parallel, + ) + endforeach +endforeach diff --git a/tests/openssl.cnf.in b/tests/openssl.cnf.in index fcddcc69..6ef3d5b5 100644 --- a/tests/openssl.cnf.in +++ b/tests/openssl.cnf.in @@ -23,7 +23,7 @@ activate = 1 [pkcs11_sect] module = @libtoollibs@/pkcs11@SHARED_EXT@ pkcs11-module-init-args = configDir=@testsblddir@/tmp.softokn/tokens -pkcs11-module-token-pin = file:@testsblddir@/pinfile.txt +pkcs11-module-token-pin = file:@PINFILE@ #pkcs11-module-encode-provider-uri-to-pem #pkcs11-module-allow-export #pkcs11-module-load-behavior diff --git a/tests/setup-softhsm.sh b/tests/setup-softhsm.sh index a2f2ce7a..8237d67a 100755 --- a/tests/setup-softhsm.sh +++ b/tests/setup-softhsm.sh @@ -79,33 +79,33 @@ find_softhsm \ title SECTION "Set up testing system" -TMPPDIR="tmp.softhsm" +TMPPDIR="${TESTBLDDIR}/tmp.softhsm" -if [ -d ${TMPPDIR} ]; then - rm -fr ${TMPPDIR} +if [ -d "${TMPPDIR}" ]; then + rm -fr "${TMPPDIR}" fi -mkdir ${TMPPDIR} +mkdir "${TMPPDIR}" PINVALUE="12345678" -PINFILE="${PWD}/pinfile.txt" +PINFILE="${TMPPDIR}/pinfile.txt" echo ${PINVALUE} > "${PINFILE}" #RANDOM data SEEDFILE="${TMPPDIR}/noisefile.bin" -dd if=/dev/urandom of=${SEEDFILE} bs=2048 count=1 >/dev/null 2>&1 +dd if=/dev/urandom of="${SEEDFILE}" bs=2048 count=1 >/dev/null 2>&1 RAND64FILE="${TMPPDIR}/64krandom.bin" -dd if=/dev/urandom of=${RAND64FILE} bs=2048 count=32 >/dev/null 2>&1 +dd if=/dev/urandom of="${RAND64FILE}" bs=2048 count=32 >/dev/null 2>&1 # Create brand new tokens and certs TOKDIR="$TMPPDIR/tokens" -if [ -d ${TOKDIR} ]; then - rm -fr ${TOKDIR} +if [ -d "${TOKDIR}" ]; then + rm -fr "${TOKDIR}" fi -mkdir ${TOKDIR} +mkdir "${TOKDIR}" # Create SoftHSM configuration file cat >"$TMPPDIR/softhsm.conf" <> ${TMPPDIR}/cert.cfg <> "${TMPPDIR}/cert.cfg" <> ${TMPPDIR}/cert.cfg +echo 'organization = "PKCS11 Provider"' >> "${TMPPDIR}/cert.cfg" ca_sign() { CRT=$1 @@ -158,7 +158,7 @@ ca_sign() { "${sed_inplace[@]}" \ "${TMPPDIR}/cert.cfg" "${certtool}" --generate-certificate --outfile="${CRT}.crt" \ - --template=${TMPPDIR}/cert.cfg --provider="$P11LIB" \ + --template="${TMPPDIR}/cert.cfg" --provider="$P11LIB" \ --load-privkey "pkcs11:object=$LABEL;type=private" \ --load-pubkey "pkcs11:object=$LABEL;type=public" --outder \ --load-ca-certificate "${CACRT}.crt" --inder \ @@ -177,7 +177,7 @@ TSTCRTN="testCert" pkcs11-tool --keypairgen --key-type="RSA:2048" --login --pin=$PINVALUE \ --module="$P11LIB" --label="${TSTCRTN}" --id="$KEYID" -ca_sign $TSTCRT $TSTCRTN "My Test Cert" $KEYID +ca_sign "$TSTCRT" $TSTCRTN "My Test Cert" $KEYID BASEURIWITHPIN="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}" BASEURI="pkcs11:id=${URIKEYID}" @@ -201,7 +201,7 @@ ECCRTN="ecCert" pkcs11-tool --keypairgen --key-type="EC:secp256r1" --login --pin=$PINVALUE \ --module="$P11LIB" --label="${ECCRTN}" --id="$KEYID" -ca_sign $ECCRT $ECCRTN "My EC Cert" $KEYID +ca_sign "$ECCRT" $ECCRTN "My EC Cert" $KEYID ECBASEURIWITHPIN="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}" ECBASEURI="pkcs11:id=${URIKEYID}" @@ -216,7 +216,7 @@ ECPEERCRTN="ecPeerCert" pkcs11-tool --keypairgen --key-type="EC:secp256r1" --login --pin=$PINVALUE \ --module="$P11LIB" --label="$ECPEERCRTN" --id="$KEYID" -ca_sign $ECPEERCRT $ECPEERCRTN "My Peer EC Cert" $KEYID +ca_sign "$ECPEERCRT" $ECPEERCRTN "My Peer EC Cert" $KEYID ECPEERBASEURIWITHPIN="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}" ECPEERBASEURI="pkcs11:id=${URIKEYID}" @@ -245,7 +245,7 @@ EDCRTN="edCert" pkcs11-tool --keypairgen --key-type="EC:edwards25519" --login --pin=$PINVALUE --module="$P11LIB" \ --label="${EDCRTN}" --id="$KEYID" -ca_sign $EDCRT $EDCRTN "My ED25519 Cert" $KEYID +ca_sign "$EDCRT" $EDCRTN "My ED25519 Cert" $KEYID EDBASEURIWITHPIN="pkcs11:id=${URIKEYID};pin-value=${PINVALUE}" EDBASEURI="pkcs11:id=${URIKEYID}" @@ -269,7 +269,7 @@ TSTCRTN="testCert2" pkcs11-tool --keypairgen --key-type="RSA:2048" --login --pin=$PINVALUE \ --module="$P11LIB" --label="${TSTCRTN}" --id="$KEYID" -ca_sign $TSTCRT $TSTCRTN "My Test Cert 2" $KEYID +ca_sign "$TSTCRT" $TSTCRTN "My Test Cert 2" $KEYID pkcs11-tool --delete-object --type pubkey --id 0005 --module="$P11LIB" BASE2URIWITHPIN="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}" @@ -292,7 +292,7 @@ TSTCRTN="ecCert2" pkcs11-tool --keypairgen --key-type="EC:secp384r1" --login --pin=$PINVALUE \ --module="$P11LIB" --label="${TSTCRTN}" --id="$KEYID" -ca_sign $TSTCRT $TSTCRTN "My EC Cert 2" $KEYID +ca_sign "$TSTCRT" $TSTCRTN "My EC Cert 2" $KEYID pkcs11-tool --delete-object --type pubkey --id 0006 --module="$P11LIB" ECBASE2URIWITHPIN="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}" @@ -340,7 +340,7 @@ TSTCRTN="ecCert3" pkcs11-tool --keypairgen --key-type="EC:secp521r1" --login --pin=$PINVALUE \ --module="$P11LIB" --label="${TSTCRTN}" --id="$KEYID" --always-auth -ca_sign $TSTCRT $TSTCRTN "My EC Cert 3" $KEYID +ca_sign "$TSTCRT" $TSTCRTN "My EC Cert 3" $KEYID ECBASE3URIWITHPIN="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}" ECBASE3URI="pkcs11:id=${URIKEYID}" @@ -362,34 +362,34 @@ pkcs11-tool -O --login --pin=$PINVALUE --module="$P11LIB" echo " ----------------------------------------------------------------------------------------------------" title PARA "Output configurations" -BASEDIR=$(pwd) -OPENSSL_CONF=${BASEDIR}/${TMPPDIR}/openssl.cnf +OPENSSL_CONF=${TMPPDIR}/openssl.cnf title LINE "Generate openssl config file" -sed -e "s|@libtoollibs[@]|${LIBSPATH}|g" \ +sed -e "s|@libtoollibs@|${LIBSPATH}|g" \ -e "s|@testsblddir@|${TESTBLDDIR}|g" \ - -e "s|@testsdir[@]|${BASEDIR}/${TMPPDIR}|g" \ + -e "s|@testsdir@|${TMPPDIR}|g" \ -e "s|@SHARED_EXT@|${SHARED_EXT}|g" \ + -e "s|@PINFILE@|${PINFILE}|g" \ -e "s|##QUIRKS|pkcs11-module-quirks = no-deinit|g" \ -e "/pkcs11-module-init-args/d" \ "${TESTSSRCDIR}/openssl.cnf.in" > "${OPENSSL_CONF}" title LINE "Export test variables to ${TMPPDIR}/testvars" -cat >> ${TMPPDIR}/testvars <> "${TMPPDIR}/testvars" <> ${TMPPDIR}/testvars <> "${TMPPDIR}/testvars" <> ${TMPPDIR}/testvars <> "${TMPPDIR}/testvars" < "${PINFILE}" #RANDOM data SEEDFILE="${TMPPDIR}/noisefile.bin" -dd if=/dev/urandom of=${SEEDFILE} bs=2048 count=1 >/dev/null 2>&1 +dd if=/dev/urandom of="${SEEDFILE}" bs=2048 count=1 >/dev/null 2>&1 RAND64FILE="${TMPPDIR}/64krandom.bin" -dd if=/dev/urandom of=${RAND64FILE} bs=2048 count=32 >/dev/null 2>&1 +dd if=/dev/urandom of="${RAND64FILE}" bs=2048 count=32 >/dev/null 2>&1 # Create brand new tokens and certs TOKDIR="$TMPPDIR/tokens" -if [ -d ${TOKDIR} ]; then - rm -fr ${TOKDIR} +if [ -d "${TOKDIR}" ]; then + rm -fr "${TOKDIR}" fi -mkdir ${TOKDIR} +mkdir "${TOKDIR}" SERIAL=0 @@ -152,30 +152,30 @@ certutil -K -d "${TOKDIR}" -f "${PINFILE}" echo " ----------------------------------------------------------------------------------------------------" title PARA "Output configurations" -BASEDIR=$(pwd) -OPENSSL_CONF=${BASEDIR}/${TMPPDIR}/openssl.cnf +OPENSSL_CONF=${TMPPDIR}/openssl.cnf title LINE "Generate openssl config file" -sed -e "s|@libtoollibs[@]|${LIBSPATH}|g" \ +sed -e "s|@libtoollibs@|${LIBSPATH}|g" \ -e "s|@testsblddir@|${TESTBLDDIR}|g" \ - -e "s|@testsdir[@]|${BASEDIR}/${TMPPDIR}|g" \ + -e "s|@testsdir@|${TMPPDIR}|g" \ -e "s|@SHARED_EXT@|${SHARED_EXT}|g" \ + -e "s|@PINFILE@|${PINFILE}|g" \ "${TESTSSRCDIR}/openssl.cnf.in" > "${OPENSSL_CONF}" title LINE "Export tests variables to ${TMPPDIR}/testvars" cat > "${TMPPDIR}/testvars" <&1 || true) diff --git a/tests/test-wrapper b/tests/test-wrapper index 26c62403..23d28b9c 100755 --- a/tests/test-wrapper +++ b/tests/test-wrapper @@ -2,30 +2,33 @@ # Copyright (C) 2022 Simo sorce # SPDX-License-Identifier: Apache-2.0 -TEST_PATH=$(dirname "${1}") +DNAME=$(dirname "${1}") BNAME=$(basename "${1}") +: "${TEST_PATH=$DNAME}" +: "${TESTBLDDIR=.}" + # the test name is {TEST_NAME}-{TOKEN_DRIVER}.t # split extension NAME=${BNAME%.*} TEST_NAME=${NAME%-*} TOKEN_DRIVER=${NAME#*-} -if [ -f "./tmp.${TOKEN_DRIVER}/testvars" ]; then +if [ -f "${TESTBLDDIR}/tmp.${TOKEN_DRIVER}/testvars" ]; then # shellcheck source=/dev/null # we do not care about linting this source - source "./tmp.${TOKEN_DRIVER}/testvars" + source "${TESTBLDDIR}/tmp.${TOKEN_DRIVER}/testvars" else exit 77 # token not configured, skip fi # some tests are compiled, others are just distributed scripts # so we need to check both the current tests build dir and the -# source tests dir in the out-of-source buils case (used by +# source tests dir in the out-of-source build case (used by # make distcheck for example) if [ -f "${TEST_PATH}/t${TEST_NAME}" ]; then COMMAND="${TEST_PATH}/t${TEST_NAME}" else - COMMAND="./t${TEST_NAME}" + COMMAND="${TESTBLDDIR}/t${TEST_NAME}" fi # Run the tests under valgrind with appropriate flags diff --git a/tests/tlsctx.c b/tests/tlsctx.c index da164d07..8e159430 100644 --- a/tests/tlsctx.c +++ b/tests/tlsctx.c @@ -14,7 +14,9 @@ static void ossl_err_print(void) const char *file, *func, *data; int line; err = ERR_get_error_all(&file, &line, &func, &data, NULL); - if (err == 0) break; + if (err == 0) { + break; + } char buf[1024]; ERR_error_string_n(err, buf, sizeof(buf)); @@ -26,7 +28,9 @@ static void ossl_err_print(void) first = false; } - if (first) fprintf(stderr, "\n"); + if (first) { + fprintf(stderr, "\n"); + } } int main(int argc, char *argv[]) diff --git a/tests/ttls b/tests/ttls index 5b26a7a3..dd726215 100755 --- a/tests/ttls +++ b/tests/ttls @@ -5,7 +5,7 @@ source "${TESTSSRCDIR}/helpers.sh" title PARA "Test SSL_CTX creation" -$CHECKER ./tlsctx +$CHECKER "${TESTBLDDIR}/tlsctx" title PARA "Test an actual TLS connection"