configure.ac: when FIPS 140-3, disable AES-GCM streaming API, unless "dev".

2022-10-10 16:37:38 -05:00 · 2022-10-10 16:37:38 -05:00 · 02863d2e81
commit 02863d2e81
parent 6456b244d3
1 changed files with 4 additions and 0 deletions
--- a/configure.ac
+++ b/configure.ac
@ -4188,6 +4188,10 @@ AS_CASE([$FIPS_VERSION],
        AS_IF([test "$ENABLED_AESGCM" = "no" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm" != "no")],
            [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])

+	# AES-GCM streaming isn't part of the current FIPS suite.
+        AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "yes")],
+            [ENABLED_AESGCM_STREAM="no"])
+
        # Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
        AS_IF([test "$ENABLED_OLD_TLS" != "no"],
            [ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])