configure.ac and wolfssl/wolfcrypt/settings.h: define WOLFSSL_FIPS_READY for fips=ready, WOLFSSL_FIPS_DEV for fips=dev, and add predefined override FIPS version values when defined(WOLFSSL_FIPS_READY) || defined(WOLFSSL_FIPS_DEV).

2024-10-09 17:58:31 -05:00 · 2024-10-09 17:58:31 -05:00 · 12ba4355d2
parent 74d14d9687
commit 12ba4355d2
2 changed files with 18 additions and 0 deletions
--- a/configure.ac
+++ b/configure.ac
@ -5217,6 +5217,12 @@ AC_ARG_ENABLE([aeskeywrap],
    )

 # FIPS feature and macro setup
+
+AS_IF([test "$FIPS_VERSION" = "dev"],
+    [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_DEV"])
+AS_IF([test "$FIPS_VERSION" = "ready"],
+    [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_READY"])
+
 AS_CASE([$FIPS_VERSION],
    [v6|ready|dev],[ # FIPS 140-3 SRTP-KDF
        AM_CFLAGS="$AM_CFLAGS \
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@ -328,6 +328,18 @@
 #include <wolfssl/wolfcrypt/visibility.h>

 /*------------------------------------------------------------*/
+#if defined(WOLFSSL_FIPS_READY) || defined(WOLFSSL_FIPS_DEV)
+    #undef HAVE_FIPS_VERSION_MAJOR
+    #define HAVE_FIPS_VERSION_MAJOR 7 /* always one more than major version */
+                                      /* of most recent FIPS certificate */
+    #undef HAVE_FIPS_VERSION
+    #define HAVE_FIPS_VERSION HAVE_FIPS_VERSION_MAJOR
+    #undef HAVE_FIPS_VERSION_MINOR
+    #define HAVE_FIPS_VERSION_MINOR 0 /* always 0 */
+    #undef HAVE_FIPS_VERSION_PATCH
+    #define HAVE_FIPS_VERSION_PATCH 0 /* always 0 */
+#endif
+
 #define WOLFSSL_MAKE_FIPS_VERSION3(major, minor, patch) \
                                (((major) * 65536) + ((minor) * 256) + (patch))
 #define WOLFSSL_MAKE_FIPS_VERSION(major, minor) \