configure.ac: fixes for --enable-fips logic.

2021-10-26 22:51:59 -05:00
parent d105256330
commit 3a80ba6744
1 changed files with 12 additions and 17 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -228,13 +228,13 @@ AS_CASE([$ENABLED_FIPS],
        ENABLED_FIPS="no"
    ],
    [v3-ready|v3],[
-        ENABLED_FIPS="yes"
        FIPS_VERSION="v3"
        HAVE_FIPS_VERSION=3
        FIPS_READY="yes"
+        ENABLED_FIPS="yes"
    ],
    [rand],[
-        FIPS_VERSION="$ENABLED_FIPS"
+        FIPS_VERSION="rand"
        HAVE_FIPS_VERSION=3
        ENABLED_FIPS="yes"
    ],
@@ -244,29 +244,24 @@ AS_CASE([$ENABLED_FIPS],
        ENABLED_FIPS="yes"
    ],
    [v2|cert3389],[
-        FIPS_VERSION="$ENABLED_FIPS"
+        FIPS_VERSION="v2"
        HAVE_FIPS_VERSION=2
        ENABLED_FIPS="yes"
    ],
-    [v5|v5-RC9],[
-        FIPS_VERSION="$ENABLED_FIPS"
+    [v5|v5-RC9|v5-REL],[
+        FIPS_VERSION="v5-RC9"
        HAVE_FIPS_VERSION=5
        HAVE_FIPS_VERSION_MINOR=1
        ENABLED_FIPS="yes"
    ],
    [v5-RC8],[
-        FIPS_VERSION="$ENABLED_FIPS"
+        FIPS_VERSION="v5-RC8"
        HAVE_FIPS_VERSION=5
-        ENABLED_FIPS="yes"
-    ],
-    [v5-REL],[
-        FIPS_VERSION="$ENABLED_FIPS"
-        HAVE_FIPS_VERSION=5
-        HAVE_FIPS_VERSION_MINOR=1
+        HAVE_FIPS_VERSION_MINOR=0
        ENABLED_FIPS="yes"
    ],
    [ready|v5-ready],[
-        FIPS_VERSION="$ENABLED_FIPS"
+        FIPS_VERSION="v5-ready"
        HAVE_FIPS_VERSION=5
        HAVE_FIPS_VERSION_MINOR=1
        ENABLED_FIPS="yes"
@@ -3405,7 +3400,7 @@ fi

 # FIPS
 AS_CASE([$FIPS_VERSION],
-    [v5*], [ # FIPS 140-3
+    [v5*], [ # FIPS 140-3, including 140-3 ready
        AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_ECDSA_SET_K"
        ENABLED_KEYGEN="yes"; ENABLED_SHA224="yes"; ENABLED_DES3="no"
        # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
@@ -3441,7 +3436,7 @@ AS_CASE([$FIPS_VERSION],
        AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192"
        DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
    ],
-    ["v3"],[ # FIPS Ready
+    ["v3"],[ # FIPS 140-2 Ready
        AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q -DWOLFSSL_ECDSA_SET_K"
        ENABLED_KEYGEN="yes"
        ENABLED_SHA224="yes"
@@ -3479,7 +3474,7 @@ AS_CASE([$FIPS_VERSION],
        AS_IF([test "x$ENABLED_AESGCM" = "xno"],
            [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
    ],
-    ["v2"],[ # Cert 3389
+    ["v2"],[ # FIPS 140-2, Cert 3389
        AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q -DHAVE_PUBLIC_FFDHE"
        ENABLED_KEYGEN="yes"
        ENABLED_SHA224="yes"
@@ -3521,7 +3516,7 @@ echo "$AM_CFLAGS" >/dev/stderr
    ["rand"],[
        AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR"
    ],
-    ["v1"],[ # Cert 2425
+    ["v1"],[ # FIPS 140-2, Cert 2425
        AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
        AS_IF([test "x$ENABLED_SHA512" = "xno"],
            [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])