synced with Wiki (typo fix)

[platform/upstream/cryptsetup.git] / configure.in
diff --git a/configure.in b/configure.in

index 2ad29c8..f6ceb86 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -1,5 +1,5 @@
  AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[1.4.1])
+AC_INIT([cryptsetup],[1.4.3-git])
  
  dnl library version from <major>.<minor>.<release>[-<suffix>]
  LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
@@ -62,10 +62,41 @@ AC_SUBST(POPT_LIBS, $LIBS)
  LIBS=$saved_LIBS
  
  dnl ==========================================================================
+dnl FIPS extensions
+AC_ARG_ENABLE([fips], AS_HELP_STRING([--enable-fips],[enable FIPS mode restrictions]),
+[with_fips=$enableval],
+[with_fips=no])
+
+if test "x$with_fips" = "xyes"; then
+       AC_DEFINE(ENABLE_FIPS, 1, [Enable FIPS mode restrictions])
+
+       if test "x$enable_static" = "xyes" -o "x$enable_static_cryptsetup" = "xyes" ; then
+               AC_MSG_ERROR([Static build is not compatible with FIPS.])
+       fi
+
+       saved_LIBS=$LIBS
+       AC_CHECK_LIB(fipscheck, FIPSCHECK_verify, ,[AC_MSG_ERROR([You need the fipscheck library.])])
+       AC_SUBST(FIPSCHECK_LIBS, $LIBS)
+       LIBS=$saved_LIBS
+
+fi
+
+AC_DEFUN([NO_FIPS], [
+       if test "x$with_fips" = "xyes"; then
+               AC_MSG_ERROR([This option is not compatible with FIPS.])
+       fi
+])
+
+dnl ==========================================================================
  dnl Crypto backend functions
  
  AC_DEFUN([CONFIGURE_GCRYPT], [
-       AM_PATH_LIBGCRYPT(1.1.42,,[AC_MSG_ERROR([You need the gcrypt library.])])
+       if test "x$with_fips" = "xyes"; then
+               GCRYPT_REQ_VERSION=1.4.5
+       else
+               GCRYPT_REQ_VERSION=1.1.42
+       fi
+       AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])
  
         if test x$enable_static_cryptsetup = xyes; then
                 saved_LIBS=$LIBS
@@ -80,6 +111,8 @@ AC_DEFUN([CONFIGURE_GCRYPT], [
         CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS
         CRYPTO_LIBS=$LIBGCRYPT_LIBS
         CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS
+
+       AC_DEFINE_UNQUOTED(GCRYPT_REQ_VERSION, ["$GCRYPT_REQ_VERSION"], [Requested gcrypt version])
  ])
  
  AC_DEFUN([CONFIGURE_OPENSSL], [
@@ -95,6 +128,7 @@ AC_DEFUN([CONFIGURE_OPENSSL], [
                 CRYPTO_STATIC_LIBS=$OPENSSL_LIBS
                 PKG_CONFIG=$saved_PKG_CONFIG
         fi
+       NO_FIPS([])
  ])
  
  AC_DEFUN([CONFIGURE_NSS], [
@@ -108,6 +142,7 @@ AC_DEFUN([CONFIGURE_NSS], [
                 AC_MSG_ERROR([You need nss library.]))
         CRYPTO_CFLAGS=$NSS_CFLAGS
         CRYPTO_LIBS=$NSS_LIBS
+       NO_FIPS([])
  ])
  
  AC_DEFUN([CONFIGURE_KERNEL], [
@@ -116,7 +151,7 @@ AC_DEFUN([CONFIGURE_KERNEL], [
  #      AC_CHECK_DECLS([AF_ALG],,
  #              [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
  #              [#include <sys/socket.h>])
-
+       NO_FIPS([])
  ])
  
  AC_DEFUN([CONFIGURE_NETTLE], [
@@ -130,6 +165,7 @@ AC_DEFUN([CONFIGURE_NETTLE], [
         LIBS=$saved_LIBS
  
         CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
+       NO_FIPS([])
  ])
  
  dnl ==========================================================================
@@ -166,6 +202,7 @@ LIBS=$saved_LIBS
  
  LIBS="$LIBS $DEVMAPPER_LIBS"
  AC_CHECK_DECLS([dm_task_secure_data], [], [], [#include <libdevmapper.h>])
+AC_CHECK_DECLS([dm_task_retry_remove], [], [], [#include <libdevmapper.h>])
  AC_CHECK_DECLS([DM_UDEV_DISABLE_DISK_RULES_FLAG], [have_cookie=yes], [have_cookie=no], [#include <libdevmapper.h>])
  if test "x$enable_udev" = xyes; then
         if test "x$have_cookie" = xno; then