From a89087ed2d166d047d741c8d22c9906b3a2b85f8 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Mon, 25 Jan 2021 17:56:28 -0600
Subject: [PATCH] configure.ac: check compatibility of chosen FIPS option with
 the source tree, for early prevention of accidental attempts to build FIPS
 with non-FIPS source, or non-FIPS with FIPS source.

---
 configure.ac | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/configure.ac b/configure.ac
index b850ca1a0..eb89c0bb4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -166,6 +166,21 @@ AS_CASE([$ENABLED_FIPS],
         FIPS_VERSION="v1"
     ])
 
+case "$FIPS_VERSION" in
+none) if test -s wolfcrypt/src/fips.c || test -s ctaocrypt/src/fips.c; then
+        AC_MSG_ERROR([FIPS source tree is incompatible with non-FIPS build (requires --enable-fips)])
+    fi
+    ;;
+v1) if ! test -s ctaocrypt/src/fips.c; then
+        AC_MSG_ERROR([non-FIPS-v1 source tree is incompatible with --enable-fips=$enableval])
+    fi
+    ;;
+*) if ! test -s wolfcrypt/src/fips.c; then
+        AC_MSG_ERROR([non-FIPS source tree is incompatible with --enable-fips=$enableval])
+   fi
+   ;;
+esac
+
 
 # Distro build feature subset (Debian, Ubuntu, etc.)
 AC_ARG_ENABLE([distro],