AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[1.4.1])
+AC_INIT([cryptsetup],[1.4.3-git])
dnl library version from <major>.<minor>.<release>[-<suffix>]
LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
LIBS=$saved_LIBS
dnl ==========================================================================
+dnl FIPS extensions
+AC_ARG_ENABLE([fips], AS_HELP_STRING([--enable-fips],[enable FIPS mode restrictions]),
+[with_fips=$enableval],
+[with_fips=no])
+
+if test "x$with_fips" = "xyes"; then
+ AC_DEFINE(ENABLE_FIPS, 1, [Enable FIPS mode restrictions])
+
+ if test "x$enable_static" = "xyes" -o "x$enable_static_cryptsetup" = "xyes" ; then
+ AC_MSG_ERROR([Static build is not compatible with FIPS.])
+ fi
+
+ saved_LIBS=$LIBS
+ AC_CHECK_LIB(fipscheck, FIPSCHECK_verify, ,[AC_MSG_ERROR([You need the fipscheck library.])])
+ AC_SUBST(FIPSCHECK_LIBS, $LIBS)
+ LIBS=$saved_LIBS
+
+fi
+
+AC_DEFUN([NO_FIPS], [
+ if test "x$with_fips" = "xyes"; then
+ AC_MSG_ERROR([This option is not compatible with FIPS.])
+ fi
+])
+
+dnl ==========================================================================
dnl Crypto backend functions
AC_DEFUN([CONFIGURE_GCRYPT], [
- AM_PATH_LIBGCRYPT(1.1.42,,[AC_MSG_ERROR([You need the gcrypt library.])])
+ if test "x$with_fips" = "xyes"; then
+ GCRYPT_REQ_VERSION=1.4.5
+ else
+ GCRYPT_REQ_VERSION=1.1.42
+ fi
+ AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])
if test x$enable_static_cryptsetup = xyes; then
saved_LIBS=$LIBS
CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS
CRYPTO_LIBS=$LIBGCRYPT_LIBS
CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS
+
+ AC_DEFINE_UNQUOTED(GCRYPT_REQ_VERSION, ["$GCRYPT_REQ_VERSION"], [Requested gcrypt version])
])
AC_DEFUN([CONFIGURE_OPENSSL], [
CRYPTO_STATIC_LIBS=$OPENSSL_LIBS
PKG_CONFIG=$saved_PKG_CONFIG
fi
+ NO_FIPS([])
])
AC_DEFUN([CONFIGURE_NSS], [
AC_MSG_ERROR([You need nss library.]))
CRYPTO_CFLAGS=$NSS_CFLAGS
CRYPTO_LIBS=$NSS_LIBS
+ NO_FIPS([])
])
AC_DEFUN([CONFIGURE_KERNEL], [
# AC_CHECK_DECLS([AF_ALG],,
# [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
# [#include <sys/socket.h>])
-
+ NO_FIPS([])
])
AC_DEFUN([CONFIGURE_NETTLE], [
LIBS=$saved_LIBS
CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
+ NO_FIPS([])
])
dnl ==========================================================================
LIBS="$LIBS $DEVMAPPER_LIBS"
AC_CHECK_DECLS([dm_task_secure_data], [], [], [#include <libdevmapper.h>])
+AC_CHECK_DECLS([dm_task_retry_remove], [], [], [#include <libdevmapper.h>])
AC_CHECK_DECLS([DM_UDEV_DISABLE_DISK_RULES_FLAG], [have_cookie=yes], [have_cookie=no], [#include <libdevmapper.h>])
if test "x$enable_udev" = xyes; then
if test "x$have_cookie" = xno; then