FIPS 140-3

1. Fix issue with FIPS Ready and FIPS 140-3. FR acts at the latest
   version in the code, but that leaves DES3 out of the build. The code
   was still including the header. Force DES3 disabled in FIPS Ready
   builds.

configure.ac

@@ -2974,8 +2974,8 @@ AS_CASE([$FIPS_VERSION],
     ],
     ["v2"],[
         AS_IF([test "x$FIPS_READY" = "xyes"],
-            [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=3"],
-            [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2"])
+            [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=3"; ENABLED_DES3="no"],
+            [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2"; ENABLED_DES3="yes"])
         AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
         ENABLED_KEYGEN="yes"
         ENABLED_SHA224="yes"
@@ -3008,7 +3008,6 @@ AS_CASE([$FIPS_VERSION],
             [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
         AS_IF([test "x$ENABLED_AESGCM" = "xno"],
             [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
-        AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
     ],
     ["rand"],[
         AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=2"

fips-check.sh

@@ -344,7 +344,6 @@ then
         echo "fips-check: Couldn't checkout the FIPS repository for FIPS Ready."
         exit 1
     fi
-    FIPS_OPTION="v2"
 elif test "x$FIPS_OPTION" = "xv3"
 then
     if ! $GIT clone $FIPS_REPO fips; then