wolfRand

1. Rearrange some of the macros in the FIPS section to separate out the
different flavors of FIPS with their own flags to set them apart.
2. Add automake flags for FIPSv1 and wolfRand.

configure.ac

@@ -2243,16 +2243,13 @@ fi
 # FIPS
 AC_ARG_ENABLE([fips],
     [AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
-    [ ENABLED_FIPS=$enableval ],
+    [ENABLED_FIPS=$enableval],
-    [ ENABLED_FIPS=no ]
+    [ENABLED_FIPS="no"])
-    )
 
-if test "x$ENABLED_FIPS" != "xno"
+AS_CASE([$ENABLED_FIPS],
-then
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
-    AS_CASE([$ENABLED_FIPS],
         ["v2"],[FIPS_VERSION="v2"
-                AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
+            ENABLED_FIPS=yes
+            AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
             ENABLED_KEYGEN="yes"
             ENABLED_SHA224="yes"
             AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
@@ -2279,37 +2276,31 @@ then
             AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
                   [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
         ],
-            ["rand"],[FIPS_VERSION="rand"],
+        ["rand"],[
-            [FIPS_VERSION="v1"])
+            ENABLED_FIPS="yes"
-    ENABLED_FIPS=yes
+            FIPS_VERSION="rand"
-    # requires thread local storage
+            AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND"
-    if test "$thread_ls_on" = "no"
+        ],
-    then
+        ["no"],[FIPS_VERSION="none"],
-        AC_MSG_ERROR([FIPS requires Thread Local Storage])
+        [
-    fi
+            ENABLED_FIPS="yes"
-    # requires SHA512
+            FIPS_VERSION="v1"
-    if test "x$ENABLED_SHA512" = "xno"
+            AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
-    then
+        ])
-        ENABLED_SHA512="yes"
+
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
+AS_IF([test "x$ENABLED_FIPS" = "xyes"],
-    fi
+[
-    # requires AESGCM
+    # Check prerequisites, force them on or error out.
-    if test "x$ENABLED_AESGCM" != "xyes"
+    AS_IF([test "x$thread_ls_on" = "xno"],[AC_MSG_ERROR([FIPS requires Thread Local Storage])])
-    then
+    AS_IF([test "x$ENABLED_SHA512" = "xno"],
-        ENABLED_AESGCM="yes"
+        [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
+    AS_IF([test "x$ENABLED_AESGCM" != "xyes"],
-    fi
+        [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
-    # requires DES3
+    AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
-    if test "x$ENABLED_DES3" = "xno"
+],
-    then
+[
-        ENABLED_DES3="yes"
+    AS_IF([test "x$ENABLED_FORTRESS" = "xyes"],[ENABLED_DES3="yes"])
-    fi
+])
-else
-    if test "x$ENABLED_FORTRESS" = "xyes"
-    then
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
-    fi
-fi
 
 
 # SELFTEST
@@ -4697,7 +4688,9 @@ AM_CONDITIONAL([BUILD_SHA],[test "x$ENABLED_SHA" = "xyes"])
 AM_CONDITIONAL([BUILD_HC128],[test "x$ENABLED_HC128" = "xyes"])
 AM_CONDITIONAL([BUILD_RABBIT],[test "x$ENABLED_RABBIT" = "xyes"])
 AM_CONDITIONAL([BUILD_FIPS],[test "x$ENABLED_FIPS" = "xyes"])
+AM_CONDITIONAL([BUILD_FIPS_V1],[test "x$FIPS_VERSION" = "xv1"])
 AM_CONDITIONAL([BUILD_FIPS_V2],[test "x$FIPS_VERSION" = "xv2"])
+AM_CONDITIONAL([BUILD_FIPS_RAND],[test "x$FIPS_VERSION" = "xrand"])
 AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes"])
 AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"])
 AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes"])