From 47872224d85b3eda9913195968e66b05308eec18 Mon Sep 17 00:00:00 2001
From: Elms <jeff@wolfssl.com>
Date: Tue, 23 Feb 2021 14:17:35 -0800
Subject: [PATCH 1/2] configure: fix for FIPS out-of-tree builds

Check for fips files relative to source directory.
---
 configure.ac | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index a45af9c2c..c439ae6e1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -188,15 +188,15 @@ AS_CASE([$ENABLED_FIPS],
     ])
 
 case "$FIPS_VERSION" in
-none) if test -s wolfcrypt/src/fips.c || test -s ctaocrypt/src/fips.c; then
+none) if test -s $srcdir/wolfcrypt/src/fips.c || test -s $srcdir/ctaocrypt/src/fips.c; then
         AC_MSG_ERROR([FIPS source tree is incompatible with non-FIPS build (requires --enable-fips)])
     fi
     ;;
-v1) if ! test -s ctaocrypt/src/fips.c; then
+v1) if ! test -s $srcdir/ctaocrypt/src/fips.c; then
         AC_MSG_ERROR([non-FIPS-v1 source tree is incompatible with --enable-fips=$enableval])
     fi
     ;;
-*) if ! test -s wolfcrypt/src/fips.c; then
+*) if ! test -s $srcdir/wolfcrypt/src/fips.c; then
         AC_MSG_ERROR([non-FIPS source tree is incompatible with --enable-fips=$enableval])
    fi
    ;;

From 36ba2e134b8c5bfc7408ae5252de6c493adc3005 Mon Sep 17 00:00:00 2001
From: Elms <jeff@wolfssl.com>
Date: Tue, 23 Feb 2021 15:33:52 -0800
Subject: [PATCH 2/2] configure: FIPS error and compatability cleanup

Use autotools macros for case and if. Simplify validation logic.
---
 configure.ac | 50 ++++++++++++++++++++++++++------------------------
 1 file changed, 26 insertions(+), 24 deletions(-)

diff --git a/configure.ac b/configure.ac
index c439ae6e1..f7c312906 100644
--- a/configure.ac
+++ b/configure.ac
@@ -165,43 +165,45 @@ AC_ARG_ENABLE([fips],
     [ENABLED_FIPS="no"])
 
 AS_CASE([$ENABLED_FIPS],
-    ["ready"],[
+    [ready],[
         ENABLED_FIPS="yes"
         FIPS_VERSION="v2"
         FIPS_READY="yes"
     ],
-    ["v2"],[
-        # FIPS v2
-        ENABLED_FIPS="yes"
-        FIPS_VERSION="v2"
+    [no],[
+        FIPS_VERSION="none"
+        ENABLED_FIPS="no"
     ],
-    ["rand"],[
-        # FIPS Rand
+    [rand|v1|v2],[
+        FIPS_VERSION="$ENABLED_FIPS"
         ENABLED_FIPS="yes"
-        FIPS_VERSION="rand"
     ],
-    ["no"],[FIPS_VERSION="none"],
+    [yes],
     [
         # FIPS v1
         ENABLED_FIPS="yes"
         FIPS_VERSION="v1"
+    ],
+    [
+        AC_MSG_ERROR([Invalid value for --enable-fips \"$ENABLED_FIPS\" (allowed: ready, rand, v1, v2)])
     ])
 
-case "$FIPS_VERSION" in
-none) if test -s $srcdir/wolfcrypt/src/fips.c || test -s $srcdir/ctaocrypt/src/fips.c; then
-        AC_MSG_ERROR([FIPS source tree is incompatible with non-FIPS build (requires --enable-fips)])
-    fi
-    ;;
-v1) if ! test -s $srcdir/ctaocrypt/src/fips.c; then
-        AC_MSG_ERROR([non-FIPS-v1 source tree is incompatible with --enable-fips=$enableval])
-    fi
-    ;;
-*) if ! test -s $srcdir/wolfcrypt/src/fips.c; then
-        AC_MSG_ERROR([non-FIPS source tree is incompatible with --enable-fips=$enableval])
-   fi
-   ;;
-esac
-
+AS_CASE([$FIPS_VERSION],
+    [none],
+    [
+      AS_IF([ test -s $srcdir/wolfcrypt/src/fips.c -o -s $srcdir/ctaocrypt/src/fips.c ],
+            [AC_MSG_ERROR([FIPS source tree is incompatible with non-FIPS build (requires --enable-fips)])])
+    ],
+    [v1],
+    [
+      AS_IF([ ! test -s $srcdir/ctaocrypt/src/fips.c],
+            [AC_MSG_ERROR([non-FIPS-v1 source tree is incompatible with --enable-fips=$enableval])])
+    ],
+    [
+      AS_IF([ ! test -s $srcdir/wolfcrypt/src/fips.c],
+            [AC_MSG_ERROR([non-FIPS source tree is incompatible with --enable-fips=$enableval])])
+    ]
+)
 
 # Distro build feature subset (Debian, Ubuntu, etc.)
 AC_ARG_ENABLE([distro],