ConfigureChecks.cmake: Disable HAVE_DSA by default (when mbedTLS is not enabled)
Ensure that it is not possible to enable it back with mbedTLS Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
родитель
ff599a9c53
Коммит
b052f665c9
@ -15,7 +15,7 @@ stages:
|
|||||||
stage: build
|
stage: build
|
||||||
variables:
|
variables:
|
||||||
CMAKE_DEFAULT_OPTIONS: "-DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON"
|
CMAKE_DEFAULT_OPTIONS: "-DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON"
|
||||||
CMAKE_BUILD_OPTIONS: "-DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON"
|
CMAKE_BUILD_OPTIONS: "-DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON -DWITH_DSA=ON"
|
||||||
CMAKE_TEST_OPTIONS: "-DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON"
|
CMAKE_TEST_OPTIONS: "-DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON"
|
||||||
CMAKE_OPTIONS: $CMAKE_DEFAULT_OPTIONS $CMAKE_BUILD_OPTIONS $CMAKE_TEST_OPTIONS
|
CMAKE_OPTIONS: $CMAKE_DEFAULT_OPTIONS $CMAKE_BUILD_OPTIONS $CMAKE_TEST_OPTIONS
|
||||||
before_script:
|
before_script:
|
||||||
@ -109,7 +109,7 @@ fedora/openssl_1.1.x/x86_64/fips:
|
|||||||
-DPICKY_DEVELOPER=ON
|
-DPICKY_DEVELOPER=ON
|
||||||
-DWITH_BLOWFISH_CIPHER=ON
|
-DWITH_BLOWFISH_CIPHER=ON
|
||||||
-DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
|
-DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
|
||||||
-DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON
|
-DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON -DWITH_DSA=ON
|
||||||
-DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON ..
|
-DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON ..
|
||||||
script:
|
script:
|
||||||
- cmake $CMAKE_OPTIONS .. &&
|
- cmake $CMAKE_OPTIONS .. &&
|
||||||
@ -125,6 +125,7 @@ fedora/openssl_1.1.x/x86_64/minimal:
|
|||||||
-DWITH_SERVER=OFF
|
-DWITH_SERVER=OFF
|
||||||
-DWITH_ZLIB=OFF
|
-DWITH_ZLIB=OFF
|
||||||
-DWITH_PCAP=OFF
|
-DWITH_PCAP=OFF
|
||||||
|
-DWITH_DSA=OFF
|
||||||
-DUNIT_TESTING=ON
|
-DUNIT_TESTING=ON
|
||||||
-DCLIENT_TESTING=ON
|
-DCLIENT_TESTING=ON
|
||||||
-DWITH_GEX=OFF .. &&
|
-DWITH_GEX=OFF .. &&
|
||||||
@ -188,7 +189,7 @@ fedora/libgcrypt/x86_64:
|
|||||||
fedora/mbedtls/x86_64:
|
fedora/mbedtls/x86_64:
|
||||||
extends: .fedora
|
extends: .fedora
|
||||||
variables:
|
variables:
|
||||||
CMAKE_ADDTIONAL_OPTIONS: "-DWITH_MBEDTLS=ON -DWITH_DEBUG_CRYPTO=ON"
|
CMAKE_ADDTIONAL_OPTIONS: "-DWITH_MBEDTLS=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DSA=OFF"
|
||||||
|
|
||||||
# Unit testing only, no client and pkd testing, because cwrap is not available
|
# Unit testing only, no client and pkd testing, because cwrap is not available
|
||||||
# for MinGW
|
# for MinGW
|
||||||
@ -260,7 +261,7 @@ fedora/csbuild/openssl_1.1.x:
|
|||||||
script:
|
script:
|
||||||
- csbuild
|
- csbuild
|
||||||
--build-dir=obj-csbuild
|
--build-dir=obj-csbuild
|
||||||
--build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON @SRCDIR@ && make clean && make -j$(nproc)"
|
--build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_DSA=ON @SRCDIR@ && make clean && make -j$(nproc)"
|
||||||
--git-commit-range $CI_COMMIT_RANGE
|
--git-commit-range $CI_COMMIT_RANGE
|
||||||
--color
|
--color
|
||||||
--print-current --print-fixed
|
--print-current --print-fixed
|
||||||
@ -270,7 +271,7 @@ fedora/csbuild/libgcrypt:
|
|||||||
script:
|
script:
|
||||||
- csbuild
|
- csbuild
|
||||||
--build-dir=obj-csbuild
|
--build-dir=obj-csbuild
|
||||||
--build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_GCRYPT=ON @SRCDIR@ && make clean && make -j$(nproc)"
|
--build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_GCRYPT=ON -DWITH_DSA=ON @SRCDIR@ && make clean && make -j$(nproc)"
|
||||||
--git-commit-range $CI_COMMIT_RANGE
|
--git-commit-range $CI_COMMIT_RANGE
|
||||||
--color
|
--color
|
||||||
--print-current --print-fixed
|
--print-current --print-fixed
|
||||||
@ -315,6 +316,7 @@ tumbleweed/openssl_1.1.x/x86/gcc:
|
|||||||
-DWITH_SERVER=ON
|
-DWITH_SERVER=ON
|
||||||
-DWITH_ZLIB=ON
|
-DWITH_ZLIB=ON
|
||||||
-DWITH_PCAP=ON
|
-DWITH_PCAP=ON
|
||||||
|
-DWITH_DSA=ON
|
||||||
-DUNIT_TESTING=ON ..
|
-DUNIT_TESTING=ON ..
|
||||||
|
|
||||||
tumbleweed/openssl_1.1.x/x86_64/gcc7:
|
tumbleweed/openssl_1.1.x/x86_64/gcc7:
|
||||||
@ -329,7 +331,7 @@ tumbleweed/openssl_1.1.x/x86/gcc7:
|
|||||||
-DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-m32.cmake
|
-DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-m32.cmake
|
||||||
-DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7
|
-DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7
|
||||||
$CMAKE_DEFAULT_OPTIONS
|
$CMAKE_DEFAULT_OPTIONS
|
||||||
-DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
|
-DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DSA=ON
|
||||||
-DUNIT_TESTING=ON .. &&
|
-DUNIT_TESTING=ON .. &&
|
||||||
make -j$(nproc) &&
|
make -j$(nproc) &&
|
||||||
ctest --output-on-failure
|
ctest --output-on-failure
|
||||||
|
@ -235,6 +235,7 @@ message(STATUS "Unit testing: ${UNIT_TESTING}")
|
|||||||
message(STATUS "Client code testing: ${CLIENT_TESTING}")
|
message(STATUS "Client code testing: ${CLIENT_TESTING}")
|
||||||
message(STATUS "Blowfish cipher support: ${WITH_BLOWFISH_CIPHER}")
|
message(STATUS "Blowfish cipher support: ${WITH_BLOWFISH_CIPHER}")
|
||||||
message(STATUS "PKCS #11 URI support: ${WITH_PKCS11_URI}")
|
message(STATUS "PKCS #11 URI support: ${WITH_PKCS11_URI}")
|
||||||
|
message(STATUS "DSA support: ${WITH_DSA}")
|
||||||
set(_SERVER_TESTING OFF)
|
set(_SERVER_TESTING OFF)
|
||||||
if (WITH_SERVER)
|
if (WITH_SERVER)
|
||||||
set(_SERVER_TESTING ${SERVER_TESTING})
|
set(_SERVER_TESTING ${SERVER_TESTING})
|
||||||
|
@ -185,9 +185,11 @@ if (NOT WITH_GCRYPT AND NOT WITH_MBEDTLS)
|
|||||||
endif (HAVE_OPENSSL_ECC)
|
endif (HAVE_OPENSSL_ECC)
|
||||||
endif ()
|
endif ()
|
||||||
|
|
||||||
if (NOT WITH_MBEDTLS)
|
if (WITH_DSA)
|
||||||
|
if (NOT WITH_MBEDTLS)
|
||||||
set(HAVE_DSA 1)
|
set(HAVE_DSA 1)
|
||||||
endif (NOT WITH_MBEDTLS)
|
endif (NOT WITH_MBEDTLS)
|
||||||
|
endif()
|
||||||
|
|
||||||
# FUNCTIONS
|
# FUNCTIONS
|
||||||
|
|
||||||
@ -480,12 +482,19 @@ if (WITH_PKCS11_URI)
|
|||||||
message(FATAL_ERROR "PKCS #11 is not supported for gcrypt.")
|
message(FATAL_ERROR "PKCS #11 is not supported for gcrypt.")
|
||||||
set(WITH_PKCS11_URI 0)
|
set(WITH_PKCS11_URI 0)
|
||||||
endif()
|
endif()
|
||||||
if (WITH_WITH_MBEDTLS)
|
if (WITH_MBEDTLS)
|
||||||
message(FATAL_ERROR "PKCS #11 is not supported for mbedcrypto")
|
message(FATAL_ERROR "PKCS #11 is not supported for mbedcrypto")
|
||||||
set(WITH_PKCS11_URI 0)
|
set(WITH_PKCS11_URI 0)
|
||||||
endif()
|
endif()
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
|
if (WITH_MBEDTLS)
|
||||||
|
if (WITH_DSA)
|
||||||
|
message(FATAL_ERROR "DSA is not supported with mbedTLS crypto")
|
||||||
|
set(HAVE_DSA 0)
|
||||||
|
endif()
|
||||||
|
endif()
|
||||||
|
|
||||||
# ENDIAN
|
# ENDIAN
|
||||||
if (NOT WIN32)
|
if (NOT WIN32)
|
||||||
test_big_endian(WORDS_BIGENDIAN)
|
test_big_endian(WORDS_BIGENDIAN)
|
||||||
|
@ -5,6 +5,7 @@ option(WITH_SERVER "Build with SSH server support" ON)
|
|||||||
option(WITH_DEBUG_CRYPTO "Build with cryto debug output" OFF)
|
option(WITH_DEBUG_CRYPTO "Build with cryto debug output" OFF)
|
||||||
option(WITH_DEBUG_PACKET "Build with packet debug output" OFF)
|
option(WITH_DEBUG_PACKET "Build with packet debug output" OFF)
|
||||||
option(WITH_DEBUG_CALLTRACE "Build with calltrace debug output" ON)
|
option(WITH_DEBUG_CALLTRACE "Build with calltrace debug output" ON)
|
||||||
|
option(WITH_DSA "Build with DSA" OFF)
|
||||||
option(WITH_GCRYPT "Compile against libgcrypt" OFF)
|
option(WITH_GCRYPT "Compile against libgcrypt" OFF)
|
||||||
option(WITH_MBEDTLS "Compile against libmbedtls" OFF)
|
option(WITH_MBEDTLS "Compile against libmbedtls" OFF)
|
||||||
option(WITH_BLOWFISH_CIPHER "Compile with blowfish support" OFF)
|
option(WITH_BLOWFISH_CIPHER "Compile with blowfish support" OFF)
|
||||||
|
Загрузка…
x
Ссылка в новой задаче
Block a user