feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

configure.ac: add --enable-fips=cert4718 alias for v5, and make --enable-fips=v5 set FIPS to 5.2.1; set DEF_FAST_MATH and DEF_SP_MATH to "no" when "yes" would conflict with user-supplied arguments.

Browse Source
This commit is contained in:
Daniel Pouzzner
2024-12-04 18:30:41 -06:00
parent 86b24ef6fa
commit 66c874bded
1 changed files with 30 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
configure.ac
View File

@ -397,8 +397,8 @@ AS_CASE([$ENABLED_WOLFENGINE],
# v2 - FIPS 140-2 Cert 3389 # v2 - FIPS 140-2 Cert 3389
# cert3389 - alias for v2 # cert3389 - alias for v2
# rand - wolfRand # rand - wolfRand
# v5-RC12 - FIPS 140-3, wolfCrypt/fips WCv5.0-RC12 # v5 - FIPS 140-3 Cert 4718
# v5 - currently, alias for v5-RC12 # cert4718 - alias for v5
# ready - FIPS 140-3 settings with in-tree wolfcrypt sources, feature locked # ready - FIPS 140-3 settings with in-tree wolfcrypt sources, feature locked
# dev - FIPS 140-3 settings with in-tree wolfcrypt sources, features freely adjustable # dev - FIPS 140-3 settings with in-tree wolfcrypt sources, features freely adjustable
# v5-ready - Alias for ready. # v5-ready - Alias for ready.
@ -414,6 +414,7 @@ AS_CASE([$ENABLED_WOLFENGINE],
# HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 2. # HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 2.
# v5-RC11 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC11 # v5-RC11 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC11
# HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 2. # HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 2.
# v5-RC12 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC12
AS_CASE([$ENABLED_FIPS], AS_CASE([$ENABLED_FIPS],
[no],[ [no],[
FIPS_VERSION="none" FIPS_VERSION="none"
@ -445,10 +446,20 @@ AS_CASE([$ENABLED_FIPS],
DEF_SP_MATH="no" DEF_SP_MATH="no"
DEF_FAST_MATH="no" DEF_FAST_MATH="no"
], ],
[v5|v5-RC12],[ [v5|cert4718],[
FIPS_VERSION="v5"
HAVE_FIPS_VERSION_MAJOR=5
HAVE_FIPS_VERSION_MINOR=2
HAVE_FIPS_VERSION_PATCH=1
ENABLED_FIPS="yes"
DEF_SP_MATH="no"
DEF_FAST_MATH="yes"
],
[v5-RC12],[
FIPS_VERSION="v5-RC12" FIPS_VERSION="v5-RC12"
HAVE_FIPS_VERSION_MAJOR=5 HAVE_FIPS_VERSION_MAJOR=5
HAVE_FIPS_VERSION_MINOR=2 HAVE_FIPS_VERSION_MINOR=2
HAVE_FIPS_VERSION_PATCH=0
ENABLED_FIPS="yes" ENABLED_FIPS="yes"
DEF_SP_MATH="no" DEF_SP_MATH="no"
DEF_FAST_MATH="yes" DEF_FAST_MATH="yes"
@ -689,6 +700,17 @@ fi
# MATH LIBRARY SELECTION # MATH LIBRARY SELECTION
# Assure consistency of defaults
if test "$DEF_FAST_MATH" = "yes" && ((test "$enable_sp_math" != "no" && test "$enable_sp_math" != "") || test "$enable_heapmath" = "yes")
then
DEF_FAST_MATH=no
fi
if test "$DEF_SP_MATH" = "yes" && (test "$enable_fastmath" = "yes" || test "$enable_fasthugemath" = "yes" || test "$enable_heapmath" = "yes")
then
DEF_SP_MATH=no
fi
# Single Precision maths implementation # Single Precision maths implementation
AC_ARG_ENABLE([sp], AC_ARG_ENABLE([sp],
[AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])], [AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])],
@ -936,7 +958,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT" AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
fi fi
if test "$ENABLED_SP_MATH" = "no" if test "$ENABLED_SP_MATH" != "yes"
then then
# linuxkm is incompatible with opensslextra and its dependents. # linuxkm is incompatible with opensslextra and its dependents.
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
@ -987,7 +1009,7 @@ then
test "$enable_webserver" = "" && enable_webserver=yes test "$enable_webserver" = "" && enable_webserver=yes
if test "$ENABLED_SP_MATH" = "no" if test "$ENABLED_SP_MATH" != "yes"
then then
if test "$ENABLED_FIPS" = "no" if test "$ENABLED_FIPS" = "no"
then then
@ -1183,7 +1205,7 @@ then
fi fi
# sp-math is incompatible with opensslextra, ECC custom curves, and DSA. # sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
if test "$ENABLED_SP_MATH" = "no" if test "$ENABLED_SP_MATH" != "yes"
then then
test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
@ -9848,7 +9870,7 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
if test "$ENABLED_SMALL_STACK" != "yes"; then if test "$ENABLED_SMALL_STACK" != "yes"; then
AC_MSG_ERROR([--enable-smallstack is required for --enable-linuxkm.]) AC_MSG_ERROR([--enable-smallstack is required for --enable-linuxkm.])
fi fi
if test "$ENABLED_SP_MATH" = "no" && test "$ENABLED_SP_MATH_ALL" = "no" && test "$ENABLED_BIGNUM" != "no"; then if test "$ENABLED_SP_MATH" != "yes" && test "$ENABLED_SP_MATH_ALL" = "no" && test "$ENABLED_BIGNUM" != "no"; then
AC_MSG_ERROR([--enable-sp-math or --enable-sp-math-all is required for --enable-linuxkm.]) AC_MSG_ERROR([--enable-sp-math or --enable-sp-math-all is required for --enable-linuxkm.])
fi fi
if test "$ENABLED_STACKSIZE" != "no"; then if test "$ENABLED_STACKSIZE" != "no"; then
@ -10320,7 +10342,7 @@ if test "$ENABLED_SP_MATH_ALL" != "no"
then then
ENABLED_SP_MATH_DESC="all" ENABLED_SP_MATH_DESC="all"
else else
if test "$ENABLED_SP_MATH" != "no" if test "$ENABLED_SP_MATH" = "yes"
then then
ENABLED_SP_MATH_DESC="restricted" ENABLED_SP_MATH_DESC="restricted"
else else