eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-06 00:10:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add --enable-fips option. Request new gcrypt if set.

Browse Source
This commit is contained in:
Milan Broz
2012-05-20 22:24:24 +02:00
parent c2a33b480f
commit 54b21c6e46
2 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
configure.in
View File

@@ -61,11 +61,32 @@ AC_CHECK_LIB(popt, poptConfigFileToString,,
AC_SUBST(POPT_LIBS, $LIBS) AC_SUBST(POPT_LIBS, $LIBS)
LIBS=$saved_LIBS LIBS=$saved_LIBS
dnl ==========================================================================
dnl FIPS extensions
AC_ARG_ENABLE([fips], AS_HELP_STRING([--enable-fips],[enable FIPS mode restrictions]),
[with_fips=$enableval],
[with_fips=no])
if test "x$with_fips" = "xyes"; then
AC_DEFINE(ENABLE_FIPS, 1, [Enable FIPS mode restrictions])
fi
AC_DEFUN([NO_FIPS], [
if test "x$with_fips" = "xyes"; then
AC_MSG_ERROR([This option is not compatible with FIPS.])
fi
])
dnl ========================================================================== dnl ==========================================================================
dnl Crypto backend functions dnl Crypto backend functions
AC_DEFUN([CONFIGURE_GCRYPT], [ AC_DEFUN([CONFIGURE_GCRYPT], [
AM_PATH_LIBGCRYPT(1.1.42,,[AC_MSG_ERROR([You need the gcrypt library.])]) if test "x$with_fips" = "xyes"; then
GCRYPT_REQ_VERSION=1.4.5
else
GCRYPT_REQ_VERSION=1.1.42
fi
AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])
if test x$enable_static_cryptsetup = xyes; then if test x$enable_static_cryptsetup = xyes; then
saved_LIBS=$LIBS saved_LIBS=$LIBS
@@ -80,6 +101,8 @@ AC_DEFUN([CONFIGURE_GCRYPT], [
CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS
CRYPTO_LIBS=$LIBGCRYPT_LIBS CRYPTO_LIBS=$LIBGCRYPT_LIBS
CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS
AC_DEFINE_UNQUOTED(GCRYPT_REQ_VERSION, ["$GCRYPT_REQ_VERSION"], [Requested gcrypt version])
]) ])
AC_DEFUN([CONFIGURE_OPENSSL], [ AC_DEFUN([CONFIGURE_OPENSSL], [
@@ -95,6 +118,7 @@ AC_DEFUN([CONFIGURE_OPENSSL], [
CRYPTO_STATIC_LIBS=$OPENSSL_LIBS CRYPTO_STATIC_LIBS=$OPENSSL_LIBS
PKG_CONFIG=$saved_PKG_CONFIG PKG_CONFIG=$saved_PKG_CONFIG
fi fi
NO_FIPS([])
]) ])
AC_DEFUN([CONFIGURE_NSS], [ AC_DEFUN([CONFIGURE_NSS], [
@@ -108,6 +132,7 @@ AC_DEFUN([CONFIGURE_NSS], [
AC_MSG_ERROR([You need nss library.])) AC_MSG_ERROR([You need nss library.]))
CRYPTO_CFLAGS=$NSS_CFLAGS CRYPTO_CFLAGS=$NSS_CFLAGS
CRYPTO_LIBS=$NSS_LIBS CRYPTO_LIBS=$NSS_LIBS
NO_FIPS([])
]) ])
AC_DEFUN([CONFIGURE_KERNEL], [ AC_DEFUN([CONFIGURE_KERNEL], [
@@ -116,7 +141,7 @@ AC_DEFUN([CONFIGURE_KERNEL], [
# AC_CHECK_DECLS([AF_ALG],, # AC_CHECK_DECLS([AF_ALG],,
# [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])], # [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
# [#include <sys/socket.h>]) # [#include <sys/socket.h>])
NO_FIPS([])
]) ])
AC_DEFUN([CONFIGURE_NETTLE], [ AC_DEFUN([CONFIGURE_NETTLE], [
@@ -130,6 +155,7 @@ AC_DEFUN([CONFIGURE_NETTLE], [
LIBS=$saved_LIBS LIBS=$saved_LIBS
CRYPTO_STATIC_LIBS=$CRYPTO_LIBS CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
NO_FIPS([])
]) ])
dnl ========================================================================== dnl ==========================================================================

2
lib/crypto_backend/crypto_gcrypt.c
View File

@@ -23,8 +23,6 @@
#include <gcrypt.h> #include <gcrypt.h>
#include "crypto_backend.h" #include "crypto_backend.h"
#define GCRYPT_REQ_VERSION "1.1.42"
static int crypto_backend_initialised = 0; static int crypto_backend_initialised = 0;
struct crypt_hash { struct crypt_hash {