feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

configure.ac: fixes for --enable-fips logic.

Browse Source
This commit is contained in:
Daniel Pouzzner
2021-10-26 22:51:59 -05:00
parent d105256330
commit 3a80ba6744
1 changed files with 12 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
configure.ac
View File

@@ -228,13 +228,13 @@ AS_CASE([$ENABLED_FIPS],
ENABLED_FIPS="no" ENABLED_FIPS="no"
], ],
[v3-ready|v3],[ [v3-ready|v3],[
ENABLED_FIPS="yes"
FIPS_VERSION="v3" FIPS_VERSION="v3"
HAVE_FIPS_VERSION=3 HAVE_FIPS_VERSION=3
FIPS_READY="yes" FIPS_READY="yes"
ENABLED_FIPS="yes"
], ],
[rand],[ [rand],[
FIPS_VERSION="$ENABLED_FIPS" FIPS_VERSION="rand"
HAVE_FIPS_VERSION=3 HAVE_FIPS_VERSION=3
ENABLED_FIPS="yes" ENABLED_FIPS="yes"
], ],
@@ -244,29 +244,24 @@ AS_CASE([$ENABLED_FIPS],
ENABLED_FIPS="yes" ENABLED_FIPS="yes"
], ],
[v2|cert3389],[ [v2|cert3389],[
FIPS_VERSION="$ENABLED_FIPS" FIPS_VERSION="v2"
HAVE_FIPS_VERSION=2 HAVE_FIPS_VERSION=2
ENABLED_FIPS="yes" ENABLED_FIPS="yes"
], ],
[v5|v5-RC9],[ [v5|v5-RC9|v5-REL],[
FIPS_VERSION="$ENABLED_FIPS" FIPS_VERSION="v5-RC9"
HAVE_FIPS_VERSION=5 HAVE_FIPS_VERSION=5
HAVE_FIPS_VERSION_MINOR=1 HAVE_FIPS_VERSION_MINOR=1
ENABLED_FIPS="yes" ENABLED_FIPS="yes"
], ],
[v5-RC8],[ [v5-RC8],[
FIPS_VERSION="$ENABLED_FIPS" FIPS_VERSION="v5-RC8"
HAVE_FIPS_VERSION=5 HAVE_FIPS_VERSION=5
ENABLED_FIPS="yes" HAVE_FIPS_VERSION_MINOR=0
],
[v5-REL],[
FIPS_VERSION="$ENABLED_FIPS"
HAVE_FIPS_VERSION=5
HAVE_FIPS_VERSION_MINOR=1
ENABLED_FIPS="yes" ENABLED_FIPS="yes"
], ],
[ready|v5-ready],[ [ready|v5-ready],[
FIPS_VERSION="$ENABLED_FIPS" FIPS_VERSION="v5-ready"
HAVE_FIPS_VERSION=5 HAVE_FIPS_VERSION=5
HAVE_FIPS_VERSION_MINOR=1 HAVE_FIPS_VERSION_MINOR=1
ENABLED_FIPS="yes" ENABLED_FIPS="yes"
@@ -3405,7 +3400,7 @@ fi
# FIPS # FIPS
AS_CASE([$FIPS_VERSION], AS_CASE([$FIPS_VERSION],
[v5*], [ # FIPS 140-3 [v5*], [ # FIPS 140-3, including 140-3 ready
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_ECDSA_SET_K" AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_ECDSA_SET_K"
ENABLED_KEYGEN="yes"; ENABLED_SHA224="yes"; ENABLED_DES3="no" ENABLED_KEYGEN="yes"; ENABLED_SHA224="yes"; ENABLED_DES3="no"
# Shake256 is a SHA-3 algorithm not in our FIPS algorithm list # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
@@ -3441,7 +3436,7 @@ AS_CASE([$FIPS_VERSION],
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192" AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192"
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192 DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
], ],
["v3"],[ # FIPS Ready ["v3"],[ # FIPS 140-2 Ready
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q -DWOLFSSL_ECDSA_SET_K" AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q -DWOLFSSL_ECDSA_SET_K"
ENABLED_KEYGEN="yes" ENABLED_KEYGEN="yes"
ENABLED_SHA224="yes" ENABLED_SHA224="yes"
@@ -3479,7 +3474,7 @@ AS_CASE([$FIPS_VERSION],
AS_IF([test "x$ENABLED_AESGCM" = "xno"], AS_IF([test "x$ENABLED_AESGCM" = "xno"],
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"]) [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
], ],
["v2"],[ # Cert 3389 ["v2"],[ # FIPS 140-2, Cert 3389
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q -DHAVE_PUBLIC_FFDHE" AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q -DHAVE_PUBLIC_FFDHE"
ENABLED_KEYGEN="yes" ENABLED_KEYGEN="yes"
ENABLED_SHA224="yes" ENABLED_SHA224="yes"
@@ -3521,7 +3516,7 @@ echo "$AM_CFLAGS" >/dev/stderr
["rand"],[ ["rand"],[
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR" AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR"
], ],
["v1"],[ # Cert 2425 ["v1"],[ # FIPS 140-2, Cert 2425
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
AS_IF([test "x$ENABLED_SHA512" = "xno"], AS_IF([test "x$ENABLED_SHA512" = "xno"],
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"]) [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])