From 85b3c9652af34db40a969aa3b98a8d6eb26ee1d2 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 9 Feb 2018 09:54:34 -0800
Subject: [PATCH] FIPS Revalidation 1. Change to configure.ac to automatically
 enable AES-CTR in FIPSv2 builds. 2. Move the aes-ni asm file into the
 boundary if enabled. 3. Enable AES-ECB by default.

---
 configure.ac   | 7 +++++--
 src/include.am | 6 ++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 33bcce996..155a82fbf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1982,7 +1982,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
     # Add the FIPS flag.
     AS_IF([test "x$FIPS_VERSION" = "xv2"],
-          [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224"
+          [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"
            ENABLED_KEYGEN="yes"
            ENABLED_SHA224="yes"
            AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
@@ -1996,9 +1996,12 @@ then
                   AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
                   AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
                         [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
+           AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
+                 [ENABLED_AESCTR="yes"
+                  AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
            AS_IF([test "x$ENABLED_CMAC" != "xyes"],
                  [ENABLED_CMAC="yes"
-                  AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
+                  AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
           ])
 else
     if test "x$ENABLED_FORTRESS" = "xyes"
diff --git a/src/include.am b/src/include.am
index 8392e2d33..a292d939a 100644
--- a/src/include.am
+++ b/src/include.am
@@ -82,6 +82,10 @@ if BUILD_AES
 src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
 endif
 
+if BUILD_AESNI
+src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_asm.s
+endif
+
 if BUILD_DES3
 src_libwolfssl_la_SOURCES += wolfcrypt/src/des3.c
 endif
@@ -273,9 +277,11 @@ if BUILD_DSA
 src_libwolfssl_la_SOURCES += wolfcrypt/src/dsa.c
 endif
 
+if !BUILD_FIPS_V2
 if BUILD_AESNI
 src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_asm.s
 endif
+endif
 
 if BUILD_CAMELLIA
 src_libwolfssl_la_SOURCES += wolfcrypt/src/camellia.c