diff options
| author | Zack Weinberg <zackw@panix.com> | 2017-09-16 12:25:03 -0400 |
|---|---|---|
| committer | Zack Weinberg <zackw@panix.com> | 2017-09-16 12:25:03 -0400 |
| commit | 333feeb6becffbeb62711bb4c9c0ee3fed3cff56 (patch) | |
| tree | d0dbe433c642a9cfae722557722c3a6279e5a1be /Makefile.am | |
| parent | f05dbd4f208df9e8f93f0a8e76a9d07514c08522 (diff) | |
| download | libxcrypt-333feeb6becffbeb62711bb4c9c0ee3fed3cff56.tar.gz libxcrypt-333feeb6becffbeb62711bb4c9c0ee3fed3cff56.tar.bz2 libxcrypt-333feeb6becffbeb62711bb4c9c0ee3fed3cff56.zip | |
Add configure options to disable obsolete APIs and/or weak hashes.
If the library is configured with --disable-obsolete-api, the functions
encrypt, encrypt_r, setkey, setkey_r, bigcrypt, and fcrypt will not
be included in the library, not even as dynamic-only symbols. This
also changes the SONAME of the library from libcrypt.so.1 (compatible
with glibc) to libcrypt.so.2, and removes all of the compatibility
symbol versions (GLIBC_*) from the supported APIs.
If the library is configured with --disable-weak-hashes, the code for
DES and MD5 password hashes will not be included in the library, which
means the crypt() functions will not be able to generate or verify
password hashes in these formats. This option implies --disable-obsolete-api.
* configure.ac: Add AC_PROG_CPP. Move zw_SIMPLE_ENABLE_WARNINGS
above LT_INIT.
(--disable-obsolete-api, --disable-weak-hashes): New configure
options.
(ENABLE_OBSOLETE_API, ENABLE_WEAK_HASHES): New conditional flags,
available in Automake and as preprocessor macros.
* Makefile.am: Conditionally include support for the obsolete APIs
and the weak hashes.
(libcrypt.map): Is now a generated file.
(EXTRA_libcrypt_la_DEPENDENCIES): Mention libcrypt.map.
(libcrypt_la_VERSION): Make the library SONAME conditional on
whether obsolete APIs are enabled.
* crypt.c: Compile the table entries for DES and MD5 hash prefixes
only when ENABLE_WEAK_HASHES is true. Compile fcrypt and bigcrypt
only when ENABLE_OBSOLETE_API is true.
* test-gensalt.c: Compile the table entries for DES and MD5 hash
prefixes only when ENABLE_WEAK_HASHES is true. Do not crash
if crypt_gensalt_rn returns NULL.
* .gitignore: Update.
Diffstat (limited to 'Makefile.am')
| -rw-r--r-- | Makefile.am | 54 |
1 files changed, 38 insertions, 16 deletions
diff --git a/Makefile.am b/Makefile.am index 71fb716..d224305 100644 --- a/Makefile.am +++ b/Makefile.am @@ -19,28 +19,53 @@ noinst_HEADERS = \ lib_LTLIBRARIES = libcrypt.la libcrypt_la_SOURCES = \ crypt.c crypt-gensalt.c crypt-bcrypt.c crypt-sha512.c crypt-sha256.c \ - crypt-md5.c crypt-des.c crypt-des-obsolete.c \ - alg-sha512.c alg-sha256.c alg-md5.c alg-des.c + alg-sha512.c alg-sha256.c -nodist_libcrypt_la_SOURCES = \ - alg-des-tables.c +# Build libcrypt.so.2 if obsolete APIs are excluded, libcrypt.so.1 otherwise. +if ENABLE_OBSOLETE_API +libcrypt_la_VERSION = 2:0:1 +else +libcrypt_la_VERSION = 2:0:0 +endif libcrypt_la_LDFLAGS = \ - -version-info 2:0:0 \ + -version-info $(libcrypt_la_VERSION) \ -Wl,--version-script=$(srcdir)/libcrypt.map \ -Wl,-z,defs -Wl,-z,text -alg-des-tables.c: alg-des-mktables - ./alg-des-mktables > alg-des-tables.c.T - mv -f alg-des-tables.c.T alg-des-tables.c +EXTRA_DIST = libcrypt.map.in +EXTRA_libcrypt_la_DEPENDENCIES = libcrypt.map +CLEANFILES = libcrypt.map libcrypt.map.T -noinst_PROGRAMS = alg-des-mktables +libcrypt.map: libcrypt.map.in + $(AM_V_GEN)$(CPP) -P - < libcrypt.map.in > libcrypt.map.T + $(AM_V_at)mv -f libcrypt.map.T libcrypt.map check_PROGRAMS = \ - test-alg-des test-alg-md5 test-alg-sha256 test-alg-sha512 \ - test-crypt-des test-crypt-md5 test-crypt-sha256 test-crypt-sha512 \ - test-crypt-bcrypt \ - test-byteorder test-des-obsolete test-bigcrypt test-gensalt + test-alg-sha256 test-alg-sha512 \ + test-crypt-sha256 test-crypt-sha512 test-crypt-bcrypt \ + test-byteorder test-gensalt + +if ENABLE_WEAK_HASHES +libcrypt_la_SOURCES += \ + crypt-md5.c crypt-des.c alg-md5.c alg-des.c + +nodist_libcrypt_la_SOURCES = \ + alg-des-tables.c +noinst_PROGRAMS = alg-des-mktables +CLEANFILES += alg-des-tables.c alg-des-tables.c.T + +alg-des-tables.c: alg-des-mktables + $(AM_V_GEN)./alg-des-mktables > alg-des-tables.c.T + $(AM_V_at)mv -f alg-des-tables.c.T alg-des-tables.c + +check_PROGRAMS += test-alg-des test-alg-md5 test-crypt-des test-crypt-md5 +endif + +if ENABLE_OBSOLETE_API +libcrypt_la_SOURCES += crypt-des-obsolete.c +check_PROGRAMS += test-des-obsolete test-bigcrypt +endif TESTS = $(check_PROGRAMS) test-symbols.sh @@ -48,9 +73,6 @@ AM_TESTS_ENVIRONMENT = \ lib_la="./libcrypt.la"; lib_map="$(srcdir)/libcrypt.map"; \ export lib_la lib_map; -EXTRA_DIST = libcrypt.map -CLEANFILES = alg-des-tables.c - test_crypt_bcrypt_LDADD = libcrypt.la test_crypt_des_LDADD = libcrypt.la test_crypt_md5_LDADD = libcrypt.la |