Added support for fips states.

This implies that when in FIPS mode and the library is not in operational
state (i.e., all self checks succeeded), crypto functionality of the library will fail.
This includes:
	* API functions of gnutls/crypto.h
	* API functions of gnutls/abstract.h
	* API functions of gnutls/x509.h
	* gnutls_init()
	* API functions of gnutls/xssl.h

1 files changed, 11 insertions, 0 deletions

diff --git a/configure.ac b/configure.ac
index 8387847ed6..7681b56b79 100644
--- a/configure.ac
+++ b/configure.ac
@@ -125,6 +125,16 @@ AM_CONDITIONAL(HAVE_GCC, test "$GCC" = "yes")
 AC_ARG_ENABLE(self-checks,
   AS_HELP_STRING([--enable-self-checks], [enable self checking functionality]),
     enable_self_checks=$enableval, enable_self_checks=no)
+
+AC_ARG_ENABLE(fips140-mode,
+  AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode (implies self checks)]),
+    enable_fips=$enableval, enable_fips=no)
+AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes")
+if [ test "$enable_fips" = "yes" ];then
+   enable_self_checks=yes
+   AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode])
+fi
+
 AM_CONDITIONAL(ENABLE_SELF_CHECKS, test "$enable_self_checks" = "yes")
 if [ test "$enable_self_checks" = "yes" ];then
    AC_DEFINE([ENABLE_SELF_CHECKS], 1, [Self checks are included in the library])
@@ -729,6 +739,7 @@ if features are disabled)
   RSA-EXPORT compat:    $ac_enable_rsa_export
   Unicode support:      $ac_have_unicode
   Self checks:          $enable_self_checks
+  FIPS140 mode:         $enable_fips
 ])
 
 AC_MSG_NOTICE([Optional applications: