aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSahana Prasad <sahana@redhat.com>2020-08-26 14:02:37 +0200
committerJakub Jelen <jjelen@redhat.com>2020-09-02 14:35:43 +0200
commitb052f665c99bbcd8a1d8dd2b1076f25524657350 (patch)
tree9306afeb8e059b7963c66fee92687484e34471a9
parentff599a9c53c908d7abfc6ea0f4b94d707fbb34fa (diff)
downloadlibssh-b052f665c99bbcd8a1d8dd2b1076f25524657350.tar.gz
libssh-b052f665c99bbcd8a1d8dd2b1076f25524657350.tar.xz
libssh-b052f665c99bbcd8a1d8dd2b1076f25524657350.zip
ConfigureChecks.cmake: Disable HAVE_DSA by default (when mbedTLS is not enabled)
Ensure that it is not possible to enable it back with mbedTLS Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--.gitlab-ci.yml14
-rw-r--r--CMakeLists.txt1
-rw-r--r--ConfigureChecks.cmake17
-rw-r--r--DefineOptions.cmake1
4 files changed, 23 insertions, 10 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d72a67f2..9ddd1b73 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,7 +15,7 @@ stages:
stage: build
variables:
CMAKE_DEFAULT_OPTIONS: "-DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON"
- CMAKE_BUILD_OPTIONS: "-DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON"
+ CMAKE_BUILD_OPTIONS: "-DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON -DWITH_DSA=ON"
CMAKE_TEST_OPTIONS: "-DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON"
CMAKE_OPTIONS: $CMAKE_DEFAULT_OPTIONS $CMAKE_BUILD_OPTIONS $CMAKE_TEST_OPTIONS
before_script:
@@ -109,7 +109,7 @@ fedora/openssl_1.1.x/x86_64/fips:
-DPICKY_DEVELOPER=ON
-DWITH_BLOWFISH_CIPHER=ON
-DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
- -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON
+ -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON -DWITH_DSA=ON
-DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON ..
script:
- cmake $CMAKE_OPTIONS .. &&
@@ -125,6 +125,7 @@ fedora/openssl_1.1.x/x86_64/minimal:
-DWITH_SERVER=OFF
-DWITH_ZLIB=OFF
-DWITH_PCAP=OFF
+ -DWITH_DSA=OFF
-DUNIT_TESTING=ON
-DCLIENT_TESTING=ON
-DWITH_GEX=OFF .. &&
@@ -188,7 +189,7 @@ fedora/libgcrypt/x86_64:
fedora/mbedtls/x86_64:
extends: .fedora
variables:
- CMAKE_ADDTIONAL_OPTIONS: "-DWITH_MBEDTLS=ON -DWITH_DEBUG_CRYPTO=ON"
+ CMAKE_ADDTIONAL_OPTIONS: "-DWITH_MBEDTLS=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DSA=OFF"
# Unit testing only, no client and pkd testing, because cwrap is not available
# for MinGW
@@ -260,7 +261,7 @@ fedora/csbuild/openssl_1.1.x:
script:
- csbuild
--build-dir=obj-csbuild
- --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON @SRCDIR@ && make clean && make -j$(nproc)"
+ --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_DSA=ON @SRCDIR@ && make clean && make -j$(nproc)"
--git-commit-range $CI_COMMIT_RANGE
--color
--print-current --print-fixed
@@ -270,7 +271,7 @@ fedora/csbuild/libgcrypt:
script:
- csbuild
--build-dir=obj-csbuild
- --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_GCRYPT=ON @SRCDIR@ && make clean && make -j$(nproc)"
+ --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_GCRYPT=ON -DWITH_DSA=ON @SRCDIR@ && make clean && make -j$(nproc)"
--git-commit-range $CI_COMMIT_RANGE
--color
--print-current --print-fixed
@@ -315,6 +316,7 @@ tumbleweed/openssl_1.1.x/x86/gcc:
-DWITH_SERVER=ON
-DWITH_ZLIB=ON
-DWITH_PCAP=ON
+ -DWITH_DSA=ON
-DUNIT_TESTING=ON ..
tumbleweed/openssl_1.1.x/x86_64/gcc7:
@@ -329,7 +331,7 @@ tumbleweed/openssl_1.1.x/x86/gcc7:
-DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-m32.cmake
-DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7
$CMAKE_DEFAULT_OPTIONS
- -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
+ -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DSA=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) &&
ctest --output-on-failure
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2dc8118f..39bc0471 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -235,6 +235,7 @@ message(STATUS "Unit testing: ${UNIT_TESTING}")
message(STATUS "Client code testing: ${CLIENT_TESTING}")
message(STATUS "Blowfish cipher support: ${WITH_BLOWFISH_CIPHER}")
message(STATUS "PKCS #11 URI support: ${WITH_PKCS11_URI}")
+message(STATUS "DSA support: ${WITH_DSA}")
set(_SERVER_TESTING OFF)
if (WITH_SERVER)
set(_SERVER_TESTING ${SERVER_TESTING})
diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
index b17b6c77..c62f4b92 100644
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -185,9 +185,11 @@ if (NOT WITH_GCRYPT AND NOT WITH_MBEDTLS)
endif (HAVE_OPENSSL_ECC)
endif ()
-if (NOT WITH_MBEDTLS)
- set(HAVE_DSA 1)
-endif (NOT WITH_MBEDTLS)
+if (WITH_DSA)
+ if (NOT WITH_MBEDTLS)
+ set(HAVE_DSA 1)
+ endif (NOT WITH_MBEDTLS)
+endif()
# FUNCTIONS
@@ -480,12 +482,19 @@ if (WITH_PKCS11_URI)
message(FATAL_ERROR "PKCS #11 is not supported for gcrypt.")
set(WITH_PKCS11_URI 0)
endif()
- if (WITH_WITH_MBEDTLS)
+ if (WITH_MBEDTLS)
message(FATAL_ERROR "PKCS #11 is not supported for mbedcrypto")
set(WITH_PKCS11_URI 0)
endif()
endif()
+if (WITH_MBEDTLS)
+ if (WITH_DSA)
+ message(FATAL_ERROR "DSA is not supported with mbedTLS crypto")
+ set(HAVE_DSA 0)
+ endif()
+endif()
+
# ENDIAN
if (NOT WIN32)
test_big_endian(WORDS_BIGENDIAN)
diff --git a/DefineOptions.cmake b/DefineOptions.cmake
index 85a30376..068db988 100644
--- a/DefineOptions.cmake
+++ b/DefineOptions.cmake
@@ -5,6 +5,7 @@ option(WITH_SERVER "Build with SSH server support" ON)
option(WITH_DEBUG_CRYPTO "Build with cryto debug output" OFF)
option(WITH_DEBUG_PACKET "Build with packet debug output" OFF)
option(WITH_DEBUG_CALLTRACE "Build with calltrace debug output" ON)
+option(WITH_DSA "Build with DSA" OFF)
option(WITH_GCRYPT "Compile against libgcrypt" OFF)
option(WITH_MBEDTLS "Compile against libmbedtls" OFF)
option(WITH_BLOWFISH_CIPHER "Compile with blowfish support" OFF)