From 54b21c6e461197634f372a539defb98d632e9c9f Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Sun, 20 May 2012 22:24:24 +0200 Subject: [PATCH] Add --enable-fips option. Request new gcrypt if set. --- configure.in | 30 ++++++++++++++++++++++++++++-- lib/crypto_backend/crypto_gcrypt.c | 2 -- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/configure.in b/configure.in index 43c607f..55706a0 100644 --- a/configure.in +++ b/configure.in @@ -62,10 +62,31 @@ AC_SUBST(POPT_LIBS, $LIBS) LIBS=$saved_LIBS dnl ========================================================================== +dnl FIPS extensions +AC_ARG_ENABLE([fips], AS_HELP_STRING([--enable-fips],[enable FIPS mode restrictions]), +[with_fips=$enableval], +[with_fips=no]) + +if test "x$with_fips" = "xyes"; then + AC_DEFINE(ENABLE_FIPS, 1, [Enable FIPS mode restrictions]) +fi + +AC_DEFUN([NO_FIPS], [ + if test "x$with_fips" = "xyes"; then + AC_MSG_ERROR([This option is not compatible with FIPS.]) + fi +]) + +dnl ========================================================================== dnl Crypto backend functions AC_DEFUN([CONFIGURE_GCRYPT], [ - AM_PATH_LIBGCRYPT(1.1.42,,[AC_MSG_ERROR([You need the gcrypt library.])]) + if test "x$with_fips" = "xyes"; then + GCRYPT_REQ_VERSION=1.4.5 + else + GCRYPT_REQ_VERSION=1.1.42 + fi + AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])]) if test x$enable_static_cryptsetup = xyes; then saved_LIBS=$LIBS @@ -80,6 +101,8 @@ AC_DEFUN([CONFIGURE_GCRYPT], [ CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS CRYPTO_LIBS=$LIBGCRYPT_LIBS CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS + + AC_DEFINE_UNQUOTED(GCRYPT_REQ_VERSION, ["$GCRYPT_REQ_VERSION"], [Requested gcrypt version]) ]) AC_DEFUN([CONFIGURE_OPENSSL], [ @@ -95,6 +118,7 @@ AC_DEFUN([CONFIGURE_OPENSSL], [ CRYPTO_STATIC_LIBS=$OPENSSL_LIBS PKG_CONFIG=$saved_PKG_CONFIG fi + NO_FIPS([]) ]) AC_DEFUN([CONFIGURE_NSS], [ @@ -108,6 +132,7 @@ AC_DEFUN([CONFIGURE_NSS], [ AC_MSG_ERROR([You need nss library.])) CRYPTO_CFLAGS=$NSS_CFLAGS CRYPTO_LIBS=$NSS_LIBS + NO_FIPS([]) ]) AC_DEFUN([CONFIGURE_KERNEL], [ @@ -116,7 +141,7 @@ AC_DEFUN([CONFIGURE_KERNEL], [ # AC_CHECK_DECLS([AF_ALG],, # [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])], # [#include ]) - + NO_FIPS([]) ]) AC_DEFUN([CONFIGURE_NETTLE], [ @@ -130,6 +155,7 @@ AC_DEFUN([CONFIGURE_NETTLE], [ LIBS=$saved_LIBS CRYPTO_STATIC_LIBS=$CRYPTO_LIBS + NO_FIPS([]) ]) dnl ========================================================================== diff --git a/lib/crypto_backend/crypto_gcrypt.c b/lib/crypto_backend/crypto_gcrypt.c index 2a63b14..9459fb0 100644 --- a/lib/crypto_backend/crypto_gcrypt.c +++ b/lib/crypto_backend/crypto_gcrypt.c @@ -23,8 +23,6 @@ #include #include "crypto_backend.h" -#define GCRYPT_REQ_VERSION "1.1.42" - static int crypto_backend_initialised = 0; struct crypt_hash { -- 2.7.4