configure.ac fixes related to change in default math back end (to sp-math-all): wolfRand doesn't use fastmath;

FIPS v5-dev follows the non-FIPS default (now sp-math-all); add -DWC_NO_CACHE_RESISTANT to AM_CFLAGS when $ENABLED_HARDEN != yes; add ENABLED_BIGNUM sensor and use it in linuxkm math back end assert; add configuration callout for "Side-channel Hardening" reporting value of $ENABLED_HARDEN.
2022-06-24 15:55:08 -05:00 · 2022-06-24 15:55:08 -05:00 · 940d0140f9
commit 940d0140f9
parent 8dfcc76f50
1 changed files with 13 additions and 7 deletions
--- a/configure.ac
+++ b/configure.ac
@ -315,7 +315,7 @@ AS_CASE([$ENABLED_FIPS],
        HAVE_FIPS_VERSION_MINOR=1
        ENABLED_FIPS="yes"
        DEF_SP_MATH="no"
-        DEF_FAST_MATH="yes"
+        DEF_FAST_MATH="no"
    ],
    [v5-RC8],[
        FIPS_VERSION="v5-RC8"
@ -370,8 +370,7 @@ AS_CASE([$ENABLED_FIPS],
        HAVE_FIPS_VERSION=5
        HAVE_FIPS_VERSION_MINOR=3
        ENABLED_FIPS="yes"
-        DEF_SP_MATH="no"
-        DEF_FAST_MATH="yes"
+	# for v5-dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
    ],
    [
        AC_MSG_ERROR([Invalid value for --enable-fips "$ENABLED_FIPS" (main options: v1, v2, v5, ready, dev, rand, no, disabled)])
@ -478,6 +477,8 @@ then
    if test "$ENABLED_FIPS" = "no"; then
        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OLD_PRIME_CHECK"
    fi
+    DEF_SP_MATH="yes"
+    DEF_FAST_MATH="no"
 fi

 AC_ARG_WITH([linux-source],
@ -1411,7 +1412,7 @@ then
        AM_CFLAGS="$AM_CFLAGS -DWC_RSA_BLINDING"
    fi
 else
-    AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN"
+    AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN -DWC_NO_CACHE_RESISTANT"
 fi


@ -3524,12 +3525,15 @@ then
    AC_MSG_ERROR([please disable dsa if disabling asn.])
 fi

-# No Big Int (ASN, RSA, DH and ECC need bigint)
-if test "$ENABLED_ASN" = "no" && test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && test "$ENABLED_RSA" = "no"
+# No Big Int (ASN, DSA, RSA, DH and ECC need bigint)
+if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = no && test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && test "$ENABLED_RSA" = "no"
 then
    ENABLED_SP_MATH_ALL=no
    ENABLED_FASTMATH=no
    ENABLED_HEAPMATH=no
+    ENABLED_BIGNUM=no
+else
+    ENABLED_BIGNUM=yes
 fi


@ -7779,7 +7783,7 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
    if test "$ENABLED_SMALL_STACK" != "yes"; then
        AC_MSG_ERROR([--enable-smallstack is required for --enable-linuxkm.])
    fi
-    if test "$ENABLED_SP_MATH" = "no" && test "$ENABLED_SP_MATH_ALL" = "no"; then
+    if test "$ENABLED_SP_MATH" = "no" && test "$ENABLED_SP_MATH_ALL" = "no" && test "$ENABLED_BIGNUM" != "no"; then
        AC_MSG_ERROR([--enable-sp-math or --enable-sp-math-all is required for --enable-linuxkm.])
    fi
    if test "$ENABLED_STACKSIZE" != "no"; then
@ -8164,6 +8168,8 @@ echo "   * Old Names:                  $ENABLED_OLDNAMES"
 echo "   * Max Strength Build:         $ENABLED_MAXSTRENGTH"
 echo "   * Distro Build:               $ENABLED_DISTRO"
 echo "   * Reproducible Build:         $ENABLED_REPRODUCIBLE_BUILD"
+echo "   * Side-channel Hardening:     $ENABLED_HARDEN"
+
 echo "   * Single Precision Math:      $ENABLED_SP"
 if test "$ENABLED_SP_MATH_ALL" != "no"
 then