diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d72a67f2..9ddd1b73 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,7 +15,7 @@ stages: stage: build variables: CMAKE_DEFAULT_OPTIONS: "-DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON" - CMAKE_BUILD_OPTIONS: "-DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON" + CMAKE_BUILD_OPTIONS: "-DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON -DWITH_DSA=ON" CMAKE_TEST_OPTIONS: "-DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON" CMAKE_OPTIONS: $CMAKE_DEFAULT_OPTIONS $CMAKE_BUILD_OPTIONS $CMAKE_TEST_OPTIONS before_script: @@ -109,7 +109,7 @@ fedora/openssl_1.1.x/x86_64/fips: -DPICKY_DEVELOPER=ON -DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON - -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON + -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON -DWITH_DSA=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. script: - cmake $CMAKE_OPTIONS .. && @@ -125,6 +125,7 @@ fedora/openssl_1.1.x/x86_64/minimal: -DWITH_SERVER=OFF -DWITH_ZLIB=OFF -DWITH_PCAP=OFF + -DWITH_DSA=OFF -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DWITH_GEX=OFF .. && @@ -188,7 +189,7 @@ fedora/libgcrypt/x86_64: fedora/mbedtls/x86_64: extends: .fedora variables: - CMAKE_ADDTIONAL_OPTIONS: "-DWITH_MBEDTLS=ON -DWITH_DEBUG_CRYPTO=ON" + CMAKE_ADDTIONAL_OPTIONS: "-DWITH_MBEDTLS=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DSA=OFF" # Unit testing only, no client and pkd testing, because cwrap is not available # for MinGW @@ -260,7 +261,7 @@ fedora/csbuild/openssl_1.1.x: script: - csbuild --build-dir=obj-csbuild - --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON @SRCDIR@ && make clean && make -j$(nproc)" + --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_DSA=ON @SRCDIR@ && make clean && make -j$(nproc)" --git-commit-range $CI_COMMIT_RANGE --color --print-current --print-fixed @@ -270,7 +271,7 @@ fedora/csbuild/libgcrypt: script: - csbuild --build-dir=obj-csbuild - --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_GCRYPT=ON @SRCDIR@ && make clean && make -j$(nproc)" + --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_GCRYPT=ON -DWITH_DSA=ON @SRCDIR@ && make clean && make -j$(nproc)" --git-commit-range $CI_COMMIT_RANGE --color --print-current --print-fixed @@ -315,6 +316,7 @@ tumbleweed/openssl_1.1.x/x86/gcc: -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON + -DWITH_DSA=ON -DUNIT_TESTING=ON .. tumbleweed/openssl_1.1.x/x86_64/gcc7: @@ -329,7 +331,7 @@ tumbleweed/openssl_1.1.x/x86/gcc7: -DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-m32.cmake -DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7 $CMAKE_DEFAULT_OPTIONS - -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON + -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DSA=ON -DUNIT_TESTING=ON .. && make -j$(nproc) && ctest --output-on-failure diff --git a/CMakeLists.txt b/CMakeLists.txt index 2dc8118f..39bc0471 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -235,6 +235,7 @@ message(STATUS "Unit testing: ${UNIT_TESTING}") message(STATUS "Client code testing: ${CLIENT_TESTING}") message(STATUS "Blowfish cipher support: ${WITH_BLOWFISH_CIPHER}") message(STATUS "PKCS #11 URI support: ${WITH_PKCS11_URI}") +message(STATUS "DSA support: ${WITH_DSA}") set(_SERVER_TESTING OFF) if (WITH_SERVER) set(_SERVER_TESTING ${SERVER_TESTING}) diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake index b17b6c77..c62f4b92 100644 --- a/ConfigureChecks.cmake +++ b/ConfigureChecks.cmake @@ -185,9 +185,11 @@ if (NOT WITH_GCRYPT AND NOT WITH_MBEDTLS) endif (HAVE_OPENSSL_ECC) endif () -if (NOT WITH_MBEDTLS) - set(HAVE_DSA 1) -endif (NOT WITH_MBEDTLS) +if (WITH_DSA) + if (NOT WITH_MBEDTLS) + set(HAVE_DSA 1) + endif (NOT WITH_MBEDTLS) +endif() # FUNCTIONS @@ -480,12 +482,19 @@ if (WITH_PKCS11_URI) message(FATAL_ERROR "PKCS #11 is not supported for gcrypt.") set(WITH_PKCS11_URI 0) endif() - if (WITH_WITH_MBEDTLS) + if (WITH_MBEDTLS) message(FATAL_ERROR "PKCS #11 is not supported for mbedcrypto") set(WITH_PKCS11_URI 0) endif() endif() +if (WITH_MBEDTLS) + if (WITH_DSA) + message(FATAL_ERROR "DSA is not supported with mbedTLS crypto") + set(HAVE_DSA 0) + endif() +endif() + # ENDIAN if (NOT WIN32) test_big_endian(WORDS_BIGENDIAN) diff --git a/DefineOptions.cmake b/DefineOptions.cmake index 85a30376..068db988 100644 --- a/DefineOptions.cmake +++ b/DefineOptions.cmake @@ -5,6 +5,7 @@ option(WITH_SERVER "Build with SSH server support" ON) option(WITH_DEBUG_CRYPTO "Build with cryto debug output" OFF) option(WITH_DEBUG_PACKET "Build with packet debug output" OFF) option(WITH_DEBUG_CALLTRACE "Build with calltrace debug output" ON) +option(WITH_DSA "Build with DSA" OFF) option(WITH_GCRYPT "Compile against libgcrypt" OFF) option(WITH_MBEDTLS "Compile against libmbedtls" OFF) option(WITH_BLOWFISH_CIPHER "Compile with blowfish support" OFF)