configure.ac: check compatibility of chosen FIPS option with the source tree, for early prevention of accidental attempts to build FIPS with non-FIPS source, or non-FIPS with FIPS source.

2025-07-31 03:07:29 +02:00 · 2021-01-25 17:56:28 -06:00
parent 6e0e507dad
commit a89087ed2d
1 changed files with 15 additions and 0 deletions
--- a/configure.ac
+++ b/configure.ac
@ -166,6 +166,21 @@ AS_CASE([$ENABLED_FIPS],
        FIPS_VERSION="v1"
    ])

+case "$FIPS_VERSION" in
+none) if test -s wolfcrypt/src/fips.c || test -s ctaocrypt/src/fips.c; then
+        AC_MSG_ERROR([FIPS source tree is incompatible with non-FIPS build (requires --enable-fips)])
+    fi
+    ;;
+v1) if ! test -s ctaocrypt/src/fips.c; then
+        AC_MSG_ERROR([non-FIPS-v1 source tree is incompatible with --enable-fips=$enableval])
+    fi
+    ;;
+*) if ! test -s wolfcrypt/src/fips.c; then
+        AC_MSG_ERROR([non-FIPS source tree is incompatible with --enable-fips=$enableval])
+   fi
+   ;;
+esac
+

 # Distro build feature subset (Debian, Ubuntu, etc.)
 AC_ARG_ENABLE([distro],