lib: unconditionally enable the self-check functionstmp-pkcs11-avoid-locks

These functions were previously made available only in FIPS140-2
mode. Enabling them unconditionally allows applications to directly
utilize that functionality for testing the gnutls library.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

8 files changed, 3 insertions, 46 deletions

diff --git a/configure.ac b/configure.ac
index e7e0a1492b..71f53a083a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -431,20 +431,14 @@ LT_INIT([disable-static,win32-dll,shared])
 
 
 
-AC_ARG_ENABLE(self-checks,
-  AS_HELP_STRING([--enable-self-checks], [enable self checking functionality]),
-    enable_self_checks=$enableval, enable_self_checks=no)
-
 AC_LIB_HAVE_LINKFLAGS(dl,, [#include <dlfcn.h>], [dladdr (0, 0);])
 
 AC_ARG_ENABLE(fips140-mode,
-  AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode (implies self checks)]),
+  AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode]),
     enable_fips=$enableval, enable_fips=no)
 AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes")
 if [ test "$enable_fips" = "yes" ];then
   if test "x$HAVE_LIBDL" = "xyes";then
-    enable_self_checks=yes
-
     AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode])
     AC_SUBST([FIPS140_LIBS], $LIBDL)
     AC_ARG_WITH(fips140-key, AS_HELP_STRING([--with-fips140-key],
@@ -550,11 +544,6 @@ if test "$enable_non_suiteb" = "yes";then
 fi
 AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes")
 
-AM_CONDITIONAL(ENABLE_SELF_CHECKS, test "$enable_self_checks" = "yes")
-if [ test "$enable_self_checks" = "yes" ];then
-   AC_DEFINE([ENABLE_SELF_CHECKS], 1, [Self checks are included in the library])
-fi
-
 AC_MSG_CHECKING([whether to build libdane])
 AC_ARG_ENABLE(libdane,
     AS_HELP_STRING([--disable-libdane],
@@ -1066,7 +1055,6 @@ if features are disabled)
   Anon auth support:    $ac_enable_anon
   Heartbeat support:    $ac_enable_heartbeat
   IDNA support:         $idna_support
-  Self checks:          $enable_self_checks
   Non-SuiteB curves:    $enable_non_suiteb
   FIPS140 mode:         $enable_fips
 ])
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 575683f2e0..bf07ecf6f5 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -84,7 +84,8 @@ COBJECTS = range.c record.c compress.c debug.c cipher.c			\
 	system_override.c crypto-backend.c verify-tofu.c pin.c tpm.c fips.c	\
 	safe-memfuncs.c system/inet_pton.c atfork.c atfork.h randomart.c \
 	system-keys.h urls.c urls.h prf.c auto-verify.c dh-session.c \
-	cert-session.c handshake-checks.c dtls-sw.c dh-primes.c openpgp_compat.c
+	cert-session.c handshake-checks.c dtls-sw.c dh-primes.c openpgp_compat.c \
+	crypto-selftests.c crypto-selftests-pk.c
 
 if WINDOWS
 COBJECTS += system/keys-win.c
@@ -92,9 +93,6 @@ else
 COBJECTS += system/keys-dummy.c
 endif
 
-if ENABLE_SELF_CHECKS
-COBJECTS += crypto-selftests.c crypto-selftests-pk.c
-endif
 
 if ENABLE_PKCS11
 COBJECTS += pkcs11.c pkcs11x.c pkcs11_privkey.c pkcs11_write.c pkcs11_secret.c \
diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h
index b77ddde199..c3fd84cd06 100644
--- a/lib/includes/gnutls/self-test.h
+++ b/lib/includes/gnutls/self-test.h
@@ -27,9 +27,6 @@
 
  /* Self checking functions */
  
- /* The functions are not part of the main API, and are conditionally
-  * enabled. */
-
 int gnutls_cipher_self_test(unsigned all, gnutls_cipher_algorithm_t cipher);
 int gnutls_mac_self_test(unsigned all, gnutls_mac_algorithm_t mac);
 int gnutls_digest_self_test(unsigned all, gnutls_digest_algorithm_t digest);
diff --git a/tests/slow/Makefile.am b/tests/slow/Makefile.am
index 7c9fc543cf..8f9c4e4db6 100644
--- a/tests/slow/Makefile.am
+++ b/tests/slow/Makefile.am
@@ -34,13 +34,8 @@ LDADD = ../libutils.la \
 	../../gl/libgnu.la \
 	$(top_builddir)/lib/libgnutls.la $(LIBSOCKET)
 
-if !ENABLE_SELF_CHECKS
-cipher_test_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) -I$(top_builddir)/lib/
-cipher_override2_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) -I$(top_builddir)/lib/
-else
 cipher_test_CPPFLAGS = $(AM_CPPFLAGS)
 cipher_override2_CPPFLAGS = $(AM_CPPFLAGS)
-endif
 
 ctests = gendh
 
diff --git a/tests/slow/cipher-override.c b/tests/slow/cipher-override.c
index fd5d0c990b..539a49fcdc 100644
--- a/tests/slow/cipher-override.c
+++ b/tests/slow/cipher-override.c
@@ -28,11 +28,6 @@ static void tls_log_func(int level, const char *str)
 	fprintf(stderr, "<%d>| %s", level, str);
 }
 
-#ifndef ENABLE_SELF_CHECKS
-# define AVOID_INTERNALS
-# include "../../lib/crypto-selftests.c"
-#endif
-
 struct myaes_ctx {
 	struct aes_ctx aes;
 	unsigned char iv[16];
diff --git a/tests/slow/cipher-override2.c b/tests/slow/cipher-override2.c
index c7c2842eee..85c0b70417 100644
--- a/tests/slow/cipher-override2.c
+++ b/tests/slow/cipher-override2.c
@@ -16,11 +16,6 @@ static void tls_log_func(int level, const char *str)
 	fprintf(stderr, "<%d>| %s", level, str);
 }
 
-#ifndef ENABLE_SELF_CHECKS
-# define AVOID_INTERNALS
-# include "../../lib/crypto-selftests.c"
-#endif
-
 struct myaes_ctx {
 	unsigned char iv[16];
 };
diff --git a/tests/slow/cipher-test.c b/tests/slow/cipher-test.c
index 6b66e678c9..da7e7e7673 100644
--- a/tests/slow/cipher-test.c
+++ b/tests/slow/cipher-test.c
@@ -32,12 +32,6 @@ static void tls_log_func(int level, const char *str)
 	fprintf(stderr, "<%d>| %s", level, str);
 }
 
-#ifndef ENABLE_SELF_CHECKS
-# define AVOID_INTERNALS
-# include "../../lib/crypto-selftests.c"
-# include "../../lib/crypto-selftests-pk.c"
-#endif
-
 int main(int argc, char **argv)
 {
 	gnutls_global_set_log_function(tls_log_func);
diff --git a/tests/slow/mac-override.c b/tests/slow/mac-override.c
index a2917bd946..1ef994217d 100644
--- a/tests/slow/mac-override.c
+++ b/tests/slow/mac-override.c
@@ -29,11 +29,6 @@ static void tls_log_func(int level, const char *str)
 	fprintf(stderr, "<%d>| %s", level, str);
 }
 
-#ifndef ENABLE_SELF_CHECKS
-# define AVOID_INTERNALS
-# include "../../lib/crypto-selftests.c"
-#endif
-
 struct myhash_ctx {
 	struct sha1_ctx sha1;
 };