From 675480adf9ca71606559dd00a5951bb45f01e842 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 5 Feb 2018 17:25:23 -0800 Subject: [PATCH] FIPS Revalidation 1. Enable SHA-224 by default if building for FIPSv2. --- configure.ac | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/configure.ac b/configure.ac index 2dd7bd4c8..33bcce996 100644 --- a/configure.ac +++ b/configure.ac @@ -1982,23 +1982,24 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" # Add the FIPS flag. AS_IF([test "x$FIPS_VERSION" = "xv2"], - [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN" + [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224" ENABLED_KEYGEN="yes" - AS_IF([test "x$ENABLED_AESCCM" != "xyes"], - [ENABLED_AESCCM="yes" - AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"]) + ENABLED_SHA224="yes" + AS_IF([test "x$ENABLED_AESCCM" != "xyes"], + [ENABLED_AESCCM="yes" + AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"]) AS_IF([test "x$ENABLED_RSAPSS" != "xyes"], - [ENABLED_RSAPSS="yes" - AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"]) + [ENABLED_RSAPSS="yes" + AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"]) AS_IF([test "x$ENABLED_ECC" != "xyes"], - [ENABLED_ECC="yes" - AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" + [ENABLED_ECC="yes" + AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])]) AS_IF([test "x$ENABLED_CMAC" != "xyes"], [ENABLED_CMAC="yes" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"]) - ]) + ]) else if test "x$ENABLED_FORTRESS" = "xyes" then @@ -2029,7 +2030,7 @@ AM_CONDITIONAL([BUILD_SELFTEST], [test "x$ENABLED_SELFTEST" = "xyes"]) SHA224_DEFAULT=no if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" then - if test "x$ENABLED_FIPS" = "xno" + if test "x$ENABLED_FIPS" = "xno" || test "x$FIPS_VERSION" = "xv2" then SHA224_DEFAULT=yes fi