From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 11 Jan 2022 06:36:27 +0000 (+0100)
Subject: fips: add build option to embed FIPS module info in library config
X-Git-Tag: 3.7.3~1^2~1
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=53bd182ef262be22ad4fc3bcba33a0ca64e7e6c3;p=thirdparty%2Fgnutls.git

fips: add build option to embed FIPS module info in library config

This adds a couple of configure options, --with-fips140-module-name
and --with-fips140-module-version, which packagers can use to embed
FIPS module information in the library.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---

diff --git a/configure.ac b/configure.ac
index ef4878d7ea..895f845872 100644
--- a/configure.ac
+++ b/configure.ac
@@ -594,6 +594,24 @@ if [ test "$enable_fips" = "yes" ];then
             fips_key="orboDeJITITejsirpADONivirpUkvarP")
 
     AC_DEFINE_UNQUOTED([FIPS_KEY], ["$fips_key"], [The FIPS140-2 integrity key])
+
+    AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name],
+                                 [specify the FIPS140 module name]),
+            fips_module_name="$withval",
+            fips_module_name=none)
+
+    if test "x$fips_module_name" != xnone; then
+       AC_DEFINE_UNQUOTED([FIPS_MODULE_NAME], ["$fips_module_name"], [The FIPS140 module name])
+    fi
+
+    AC_ARG_WITH(fips140-module-version, AS_HELP_STRING([--with-fips140-module-version],
+                                 [specify the FIPS140 module version]),
+            fips_module_version="$withval",
+            fips_module_version=none)
+
+    if test "x$fips_module_version" != xnone; then
+       AC_DEFINE_UNQUOTED([FIPS_MODULE_VERSION], ["$fips_module_version"], [The FIPS140 module version])
+    fi
   else
     enable_fips=no
     AC_MSG_WARN([[
diff --git a/lib/global.c b/lib/global.c
index 8a84bb6e1f..65c0b81709 100644
--- a/lib/global.c
+++ b/lib/global.c
@@ -533,6 +533,12 @@ static void _DESTRUCTOR lib_deinit(void)
 }
 
 static const struct gnutls_library_config_st _gnutls_library_config[] = {
+#ifdef FIPS_MODULE_NAME
+	{ "fips-module-name", FIPS_MODULE_NAME },
+#endif
+#ifdef FIPS_MODULE_VERSION
+	{ "fips-module-version", FIPS_MODULE_VERSION },
+#endif
 	{ "libgnutls-soname", GNUTLS_LIBRARY_SONAME },
 	{ "libnettle-soname", NETTLE_LIBRARY_SONAME },
 	{ "libhogweed-soname", HOGWEED_LIBRARY_SONAME },
@@ -548,6 +554,10 @@ static const struct gnutls_library_config_st _gnutls_library_config[] = {
  * Returns the library configuration as key value pairs.
  * Currently defined keys are:
  *
+ *  - fips-module-name: the name of the FIPS140 module
+ *
+ *  - fips-module-version: the version of the FIPS140 module
+ *
  *  - libgnutls-soname: the SONAME of the library itself
  *
  *  - libnettle-soname: the library SONAME of linked libnettle