LIBS=$saved_LIBS
dnl ==========================================================================
+dnl FIPS extensions
+AC_ARG_ENABLE([fips], AS_HELP_STRING([--enable-fips],[enable FIPS mode restrictions]),
+[with_fips=$enableval],
+[with_fips=no])
+
+if test "x$with_fips" = "xyes"; then
+ AC_DEFINE(ENABLE_FIPS, 1, [Enable FIPS mode restrictions])
+fi
+
+AC_DEFUN([NO_FIPS], [
+ if test "x$with_fips" = "xyes"; then
+ AC_MSG_ERROR([This option is not compatible with FIPS.])
+ fi
+])
+
+dnl ==========================================================================
dnl Crypto backend functions
AC_DEFUN([CONFIGURE_GCRYPT], [
- AM_PATH_LIBGCRYPT(1.1.42,,[AC_MSG_ERROR([You need the gcrypt library.])])
+ if test "x$with_fips" = "xyes"; then
+ GCRYPT_REQ_VERSION=1.4.5
+ else
+ GCRYPT_REQ_VERSION=1.1.42
+ fi
+ AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])
if test x$enable_static_cryptsetup = xyes; then
saved_LIBS=$LIBS
CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS
CRYPTO_LIBS=$LIBGCRYPT_LIBS
CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS
+
+ AC_DEFINE_UNQUOTED(GCRYPT_REQ_VERSION, ["$GCRYPT_REQ_VERSION"], [Requested gcrypt version])
])
AC_DEFUN([CONFIGURE_OPENSSL], [
CRYPTO_STATIC_LIBS=$OPENSSL_LIBS
PKG_CONFIG=$saved_PKG_CONFIG
fi
+ NO_FIPS([])
])
AC_DEFUN([CONFIGURE_NSS], [
AC_MSG_ERROR([You need nss library.]))
CRYPTO_CFLAGS=$NSS_CFLAGS
CRYPTO_LIBS=$NSS_LIBS
+ NO_FIPS([])
])
AC_DEFUN([CONFIGURE_KERNEL], [
# AC_CHECK_DECLS([AF_ALG],,
# [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
# [#include <sys/socket.h>])
-
+ NO_FIPS([])
])
AC_DEFUN([CONFIGURE_NETTLE], [
LIBS=$saved_LIBS
CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
+ NO_FIPS([])
])
dnl ==========================================================================