forked from wolfSSL/wolfssl
Compare commits
5 Commits
fixes_with
...
wolfRand-R
| Author | SHA1 | Date | |
|---|---|---|---|
| 894a57d24d | |||
| 3f8981fbd5 | |||
| 434fcc1012 | |||
| 031cd27c1d | |||
| 52b5843cbb |
128
configure.ac
128
configure.ac
@ -2246,72 +2246,66 @@ fi
|
||||
# FIPS
|
||||
AC_ARG_ENABLE([fips],
|
||||
[AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
|
||||
[ ENABLED_FIPS=$enableval ],
|
||||
[ ENABLED_FIPS=no ]
|
||||
)
|
||||
[ENABLED_FIPS=$enableval],
|
||||
[ENABLED_FIPS="no"])
|
||||
|
||||
if test "x$ENABLED_FIPS" != "xno"
|
||||
then
|
||||
FIPS_VERSION=$ENABLED_FIPS
|
||||
ENABLED_FIPS=yes
|
||||
# requires thread local storage
|
||||
if test "$thread_ls_on" = "no"
|
||||
then
|
||||
AC_MSG_ERROR([FIPS requires Thread Local Storage])
|
||||
fi
|
||||
# requires SHA512
|
||||
if test "x$ENABLED_SHA512" = "xno"
|
||||
then
|
||||
ENABLED_SHA512="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
|
||||
fi
|
||||
# requires AESGCM
|
||||
if test "x$ENABLED_AESGCM" != "xyes"
|
||||
then
|
||||
ENABLED_AESGCM="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
|
||||
fi
|
||||
# requires DES3
|
||||
if test "x$ENABLED_DES3" = "xno"
|
||||
then
|
||||
ENABLED_DES3="yes"
|
||||
fi
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
|
||||
# Add the FIPS flag.
|
||||
AS_IF([test "x$FIPS_VERSION" = "xv2"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
|
||||
ENABLED_KEYGEN="yes"
|
||||
ENABLED_SHA224="yes"
|
||||
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
|
||||
[ENABLED_AESCCM="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
|
||||
AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
|
||||
[ENABLED_RSAPSS="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
|
||||
AS_IF([test "x$ENABLED_ECC" != "xyes"],
|
||||
[ENABLED_ECC="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
|
||||
AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
|
||||
AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
|
||||
[ENABLED_AESCTR="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
|
||||
AS_IF([test "x$ENABLED_CMAC" != "xyes"],
|
||||
[ENABLED_CMAC="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
|
||||
AS_IF([test "x$ENABLED_HKDF" != "xyes"],
|
||||
[ENABLED_HKDF="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
|
||||
AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
|
||||
])
|
||||
else
|
||||
if test "x$ENABLED_FORTRESS" = "xyes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
|
||||
fi
|
||||
fi
|
||||
AS_CASE([$ENABLED_FIPS],
|
||||
["v2"],[FIPS_VERSION="v2"
|
||||
ENABLED_FIPS=yes
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
|
||||
ENABLED_KEYGEN="yes"
|
||||
ENABLED_SHA224="yes"
|
||||
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
|
||||
[ENABLED_AESCCM="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
|
||||
AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
|
||||
[ENABLED_RSAPSS="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
|
||||
AS_IF([test "x$ENABLED_ECC" != "xyes"],
|
||||
[ENABLED_ECC="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
|
||||
AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
|
||||
AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
|
||||
[ENABLED_AESCTR="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
|
||||
AS_IF([test "x$ENABLED_CMAC" != "xyes"],
|
||||
[ENABLED_CMAC="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
|
||||
AS_IF([test "x$ENABLED_HKDF" != "xyes"],
|
||||
[ENABLED_HKDF="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
|
||||
AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
|
||||
],
|
||||
["rand"],[
|
||||
ENABLED_FIPS="yes"
|
||||
FIPS_VERSION="rand"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=2"
|
||||
],
|
||||
["no"],[FIPS_VERSION="none"],
|
||||
[
|
||||
ENABLED_FIPS="yes"
|
||||
FIPS_VERSION="v1"
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
|
||||
])
|
||||
|
||||
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno"],
|
||||
[AC_MSG_ERROR([FIPS requires Thread Local Storage])])
|
||||
|
||||
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$FIPS_VERSION" != "xrand"],
|
||||
[
|
||||
# Force enable the prerequisites.
|
||||
AS_IF([test "x$ENABLED_SHA512" = "xno"],
|
||||
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
|
||||
AS_IF([test "x$ENABLED_AESGCM" = "xno"],
|
||||
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
|
||||
AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
|
||||
],
|
||||
[
|
||||
AS_IF([test "x$ENABLED_FORTRESS" = "xyes"],[ENABLED_DES3="yes"])
|
||||
])
|
||||
|
||||
|
||||
# SELFTEST
|
||||
@ -3493,6 +3487,8 @@ AC_ARG_ENABLE([cryptonly],
|
||||
[ENABLED_CRYPTONLY=$enableval],
|
||||
[ENABLED_CRYPTONLY=no])
|
||||
|
||||
AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])
|
||||
|
||||
if test "$ENABLED_CRYPTONLY" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"
|
||||
@ -4667,7 +4663,9 @@ AM_CONDITIONAL([BUILD_SHA],[test "x$ENABLED_SHA" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_HC128],[test "x$ENABLED_HC128" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_RABBIT],[test "x$ENABLED_RABBIT" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_FIPS],[test "x$ENABLED_FIPS" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_FIPS_V1],[test "x$FIPS_VERSION" = "xv1"])
|
||||
AM_CONDITIONAL([BUILD_FIPS_V2],[test "x$FIPS_VERSION" = "xv2"])
|
||||
AM_CONDITIONAL([BUILD_FIPS_RAND],[test "x$FIPS_VERSION" = "xrand"])
|
||||
AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"])
|
||||
AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes"])
|
||||
|
||||
@ -24,7 +24,8 @@ include_HEADERS+=$(IPPHEADERS)
|
||||
endif # BUILD_FAST_RSA
|
||||
|
||||
if BUILD_FIPS
|
||||
if !BUILD_FIPS_V2
|
||||
|
||||
if BUILD_FIPS_V1
|
||||
# fips first file
|
||||
src_libwolfssl_la_SOURCES += ctaocrypt/src/wolfcrypt_first.c
|
||||
|
||||
@ -58,9 +59,9 @@ src_libwolfssl_la_SOURCES += ctaocrypt/src/fips_test.c
|
||||
|
||||
# fips last file
|
||||
src_libwolfssl_la_SOURCES += ctaocrypt/src/wolfcrypt_last.c
|
||||
endif
|
||||
|
||||
else
|
||||
|
||||
if BUILD_FIPS_V2
|
||||
# FIPSv2 first file
|
||||
src_libwolfssl_la_SOURCES += \
|
||||
wolfcrypt/src/wolfcrypt_first.c
|
||||
@ -116,9 +117,26 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/fips.c \
|
||||
# fips last file
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/wolfcrypt_last.c
|
||||
endif
|
||||
endif
|
||||
|
||||
if BUILD_FIPS_RAND
|
||||
src_libwolfssl_la_SOURCES += \
|
||||
wolfcrypt/src/wolfcrypt_first.c \
|
||||
wolfcrypt/src/hmac.c \
|
||||
wolfcrypt/src/random.c \
|
||||
wolfcrypt/src/sha256.c \
|
||||
wolfcrypt/src/sha256_asm.S \
|
||||
wolfcrypt/src/fips.c \
|
||||
wolfcrypt/src/fips_test.c \
|
||||
wolfcrypt/src/wolfcrypt_last.c
|
||||
endif BUILD_FIPS_RAND
|
||||
|
||||
endif BUILD_FIPS
|
||||
|
||||
# For wolfRand, exclude everything else.
|
||||
if !BUILD_FIPS_RAND
|
||||
|
||||
# For FIPSV2, exclude the wolfCrypt files included above.
|
||||
# For wolfRand, exclude just a couple files.
|
||||
# For old FIPS, keep the wolfCrypt versions of the
|
||||
# CtaoCrypt files included above.
|
||||
if !BUILD_FIPS_V2
|
||||
@ -130,10 +148,14 @@ if BUILD_SELFTEST
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/selftest.c
|
||||
endif
|
||||
|
||||
endif !BUILD_FIPS_RAND
|
||||
|
||||
src_libwolfssl_la_SOURCES += \
|
||||
wolfcrypt/src/hash.c \
|
||||
wolfcrypt/src/cpuid.c
|
||||
|
||||
if !BUILD_FIPS_RAND
|
||||
|
||||
if !BUILD_FIPS_V2
|
||||
if BUILD_RNG
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/random.c
|
||||
@ -252,18 +274,25 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/sha3.c
|
||||
endif
|
||||
endif
|
||||
|
||||
endif !BUILD_FIPS_RAND
|
||||
|
||||
src_libwolfssl_la_SOURCES += \
|
||||
wolfcrypt/src/logging.c \
|
||||
wolfcrypt/src/wc_encrypt.c \
|
||||
wolfcrypt/src/wc_port.c \
|
||||
wolfcrypt/src/error.c \
|
||||
wolfcrypt/src/error.c
|
||||
|
||||
if !BUILD_FIPS_RAND
|
||||
src_libwolfssl_la_SOURCES += \
|
||||
wolfcrypt/src/signature.c \
|
||||
wolfcrypt/src/wolfmath.c
|
||||
endif !BUILD_FIPS_RAND
|
||||
|
||||
if BUILD_MEMORY
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c
|
||||
endif
|
||||
|
||||
if !BUILD_FIPS_RAND
|
||||
if !BUILD_FIPS_V2
|
||||
if BUILD_DH
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/dh.c
|
||||
@ -274,10 +303,14 @@ if BUILD_ASN
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/asn.c
|
||||
endif
|
||||
|
||||
endif !BUILD_FIPS_RAND
|
||||
|
||||
if BUILD_CODING
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/coding.c
|
||||
endif
|
||||
|
||||
if !BUILD_FIPS_RAND
|
||||
|
||||
if BUILD_POLY1305
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/poly1305.c
|
||||
if BUILD_INTELASM
|
||||
@ -461,4 +494,6 @@ if BUILD_SNIFFER
|
||||
src_libwolfssl_la_SOURCES += src/sniffer.c
|
||||
endif
|
||||
|
||||
endif # !BUILD_CRYPTONLY
|
||||
endif !BUILD_CRYPTONLY
|
||||
|
||||
endif !BUILD_FIPS_RAND
|
||||
|
||||
@ -122,3 +122,7 @@ endif
|
||||
if BUILD_FIPS_V2
|
||||
nobase_include_HEADERS+= wolfssl/wolfcrypt/fips.h
|
||||
endif
|
||||
|
||||
if BUILD_FIPS_RAND
|
||||
nobase_include_HEADERS+= wolfssl/wolfcrypt/fips.h
|
||||
endif
|
||||
|
||||
Reference in New Issue
Block a user