fips: add build option to embed FIPS module info in library config

This adds a couple of configure options, --with-fips140-module-name
and --with-fips140-module-version, which packagers can use to embed
FIPS module information in the library.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/configure.ac b/configure.ac
index ef4878d7ea357dce0f14a44f871aa58ae294dd78..895f8458724d2a1c1d98c905f65fb852915f73c1 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -594,6 +594,24 @@ if [ test "$enable_fips" = "yes" ];then
             fips_key="orboDeJITITejsirpADONivirpUkvarP")
 
     AC_DEFINE_UNQUOTED([FIPS_KEY], ["$fips_key"], [The FIPS140-2 integrity key])
+
+    AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name],
+                                 [specify the FIPS140 module name]),
+            fips_module_name="$withval",
+            fips_module_name=none)
+
+    if test "x$fips_module_name" != xnone; then
+       AC_DEFINE_UNQUOTED([FIPS_MODULE_NAME], ["$fips_module_name"], [The FIPS140 module name])
+    fi
+
+    AC_ARG_WITH(fips140-module-version, AS_HELP_STRING([--with-fips140-module-version],
+                                 [specify the FIPS140 module version]),
+            fips_module_version="$withval",
+            fips_module_version=none)
+
+    if test "x$fips_module_version" != xnone; then
+       AC_DEFINE_UNQUOTED([FIPS_MODULE_VERSION], ["$fips_module_version"], [The FIPS140 module version])
+    fi
   else
     enable_fips=no
     AC_MSG_WARN([[

diff --git a/lib/global.c b/lib/global.c
index 8a84bb6e1f170a75e176d0e835721214faccecec..65c0b81709cb9bff5b9005f317ed792017f5b179 100644 (file)
--- a/lib/global.c
+++ b/lib/global.c
@@ -533,6 +533,12 @@ static void _DESTRUCTOR lib_deinit(void)
 }
 
 static const struct gnutls_library_config_st _gnutls_library_config[] = {
+#ifdef FIPS_MODULE_NAME
+       { "fips-module-name", FIPS_MODULE_NAME },
+#endif
+#ifdef FIPS_MODULE_VERSION
+       { "fips-module-version", FIPS_MODULE_VERSION },
+#endif
        { "libgnutls-soname", GNUTLS_LIBRARY_SONAME },
        { "libnettle-soname", NETTLE_LIBRARY_SONAME },
        { "libhogweed-soname", HOGWEED_LIBRARY_SONAME },
@@ -548,6 +554,10 @@ static const struct gnutls_library_config_st _gnutls_library_config[] = {
  * Returns the library configuration as key value pairs.
  * Currently defined keys are:
  *
+ *  - fips-module-name: the name of the FIPS140 module
+ *
+ *  - fips-module-version: the version of the FIPS140 module
+ *
  *  - libgnutls-soname: the SONAME of the library itself
  *
  *  - libnettle-soname: the library SONAME of linked libnettle