wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

wolfRand

Browse Source 
1. Rearrange some of the macros in the FIPS section to separate out the
different flavors of FIPS with their own flags to set them apart.
2. Add automake flags for FIPSv1 and wolfRand.
This commit is contained in:
John Safranek
2019-06-21 15:30:22 -07:00
parent 0931b574a7
commit a229e1e8e4
1 changed files with 59 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
configure.ac
View File

@@ -2243,73 +2243,64 @@ fi
# FIPS # FIPS
AC_ARG_ENABLE([fips], AC_ARG_ENABLE([fips],
[AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])], [AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
[ ENABLED_FIPS=$enableval ], [ENABLED_FIPS=$enableval],
[ ENABLED_FIPS=no ] [ENABLED_FIPS="no"])
)
if test "x$ENABLED_FIPS" != "xno" AS_CASE([$ENABLED_FIPS],
then ["v2"],[FIPS_VERSION="v2"
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" ENABLED_FIPS=yes
AS_CASE([$ENABLED_FIPS], AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
["v2"],[FIPS_VERSION="v2" ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q" ENABLED_SHA224="yes"
ENABLED_KEYGEN="yes" AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
ENABLED_SHA224="yes" [ENABLED_AESCCM="yes"
AS_IF([test "x$ENABLED_AESCCM" != "xyes"], AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
[ENABLED_AESCCM="yes" AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"]) [ENABLED_RSAPSS="yes"
AS_IF([test "x$ENABLED_RSAPSS" != "xyes"], AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
[ENABLED_RSAPSS="yes" AS_IF([test "x$ENABLED_ECC" != "xyes"],
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"]) [ENABLED_ECC="yes"
AS_IF([test "x$ENABLED_ECC" != "xyes"], AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
[ENABLED_ECC="yes" AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT" [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])], AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"]) [ENABLED_AESCTR="yes"
AS_IF([test "x$ENABLED_AESCTR" != "xyes"], AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
[ENABLED_AESCTR="yes" AS_IF([test "x$ENABLED_CMAC" != "xyes"],
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"]) [ENABLED_CMAC="yes"
AS_IF([test "x$ENABLED_CMAC" != "xyes"], AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
[ENABLED_CMAC="yes" AS_IF([test "x$ENABLED_HKDF" != "xyes"],
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"]) [ENABLED_HKDF="yes"
AS_IF([test "x$ENABLED_HKDF" != "xyes"], AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
[ENABLED_HKDF="yes" AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"]) [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
AS_IF([test "x$ENABLED_INTELASM" = "xyes"], ],
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"]) ["rand"],[
], ENABLED_FIPS="yes"
["rand"],[FIPS_VERSION="rand"], FIPS_VERSION="rand"
[FIPS_VERSION="v1"]) AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND"
ENABLED_FIPS=yes ],
# requires thread local storage ["no"],[FIPS_VERSION="none"],
if test "$thread_ls_on" = "no" [
then ENABLED_FIPS="yes"
AC_MSG_ERROR([FIPS requires Thread Local Storage]) FIPS_VERSION="v1"
fi AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
# requires SHA512 ])
if test "x$ENABLED_SHA512" = "xno"
then AS_IF([test "x$ENABLED_FIPS" = "xyes"],
ENABLED_SHA512="yes" [
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384" # Check prerequisites, force them on or error out.
fi AS_IF([test "x$thread_ls_on" = "xno"],[AC_MSG_ERROR([FIPS requires Thread Local Storage])])
# requires AESGCM AS_IF([test "x$ENABLED_SHA512" = "xno"],
if test "x$ENABLED_AESGCM" != "xyes" [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
then AS_IF([test "x$ENABLED_AESGCM" != "xyes"],
ENABLED_AESGCM="yes" [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM" AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
fi ],
# requires DES3 [
if test "x$ENABLED_DES3" = "xno" AS_IF([test "x$ENABLED_FORTRESS" = "xyes"],[ENABLED_DES3="yes"])
then ])
ENABLED_DES3="yes"
fi
else
if test "x$ENABLED_FORTRESS" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
fi
fi
# SELFTEST # SELFTEST
@@ -4697,7 +4688,9 @@ AM_CONDITIONAL([BUILD_SHA],[test "x$ENABLED_SHA" = "xyes"])
AM_CONDITIONAL([BUILD_HC128],[test "x$ENABLED_HC128" = "xyes"]) AM_CONDITIONAL([BUILD_HC128],[test "x$ENABLED_HC128" = "xyes"])
AM_CONDITIONAL([BUILD_RABBIT],[test "x$ENABLED_RABBIT" = "xyes"]) AM_CONDITIONAL([BUILD_RABBIT],[test "x$ENABLED_RABBIT" = "xyes"])
AM_CONDITIONAL([BUILD_FIPS],[test "x$ENABLED_FIPS" = "xyes"]) AM_CONDITIONAL([BUILD_FIPS],[test "x$ENABLED_FIPS" = "xyes"])
AM_CONDITIONAL([BUILD_FIPS_V1],[test "x$FIPS_VERSION" = "xv1"])
AM_CONDITIONAL([BUILD_FIPS_V2],[test "x$FIPS_VERSION" = "xv2"]) AM_CONDITIONAL([BUILD_FIPS_V2],[test "x$FIPS_VERSION" = "xv2"])
AM_CONDITIONAL([BUILD_FIPS_RAND],[test "x$FIPS_VERSION" = "xrand"])
AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes"]) AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes"])
AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"]) AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"])
AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes"]) AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes"])