FIPS Revalidation

1. Change to configure.ac to automatically enable AES-CTR in FIPSv2 builds.
2. Move the aes-ni asm file into the boundary if enabled.
3. Enable AES-ECB by default.

configure.ac

@@ -1982,7 +1982,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
     # Add the FIPS flag.
     AS_IF([test "x$FIPS_VERSION" = "xv2"],
-          [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224"
+          [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"
            ENABLED_KEYGEN="yes"
            ENABLED_SHA224="yes"
            AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
@@ -1996,9 +1996,12 @@ then
                   AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
                   AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
                         [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
+           AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
+                 [ENABLED_AESCTR="yes"
+                  AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
            AS_IF([test "x$ENABLED_CMAC" != "xyes"],
                  [ENABLED_CMAC="yes"
-                  AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
+                  AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
           ])
 else
     if test "x$ENABLED_FORTRESS" = "xyes"

src/include.am

@@ -82,6 +82,10 @@ if BUILD_AES
 src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
 endif
 
+if BUILD_AESNI
+src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_asm.s
+endif
+
 if BUILD_DES3
 src_libwolfssl_la_SOURCES += wolfcrypt/src/des3.c
 endif
@@ -273,9 +277,11 @@ if BUILD_DSA
 src_libwolfssl_la_SOURCES += wolfcrypt/src/dsa.c
 endif
 
+if !BUILD_FIPS_V2
 if BUILD_AESNI
 src_libwolfssl_la_SOURCES += wolfcrypt/src/aes_asm.s
 endif
+endif
 
 if BUILD_CAMELLIA
 src_libwolfssl_la_SOURCES += wolfcrypt/src/camellia.c