diff options
author | Andreas Schneider <asn@samba.org> | 2021-04-13 17:48:21 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2021-04-13 19:17:56 +0000 |
commit | bfb9cd8b9b32f60475e8a654b77ea1b6b057d4ad (patch) | |
tree | 081ecaab3278a27454398f289857c6949f388623 /wscript_configure_system_gnutls | |
parent | d5759794d6d384de02bbb5df9d46b3a8675813d0 (diff) | |
download | samba-bfb9cd8b9b32f60475e8a654b77ea1b6b057d4ad.tar.gz |
waf: Check correctly if gnutls has been compiled with fips mode support
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Apr 13 19:17:56 UTC 2021 on sn-devel-184
Diffstat (limited to 'wscript_configure_system_gnutls')
-rw-r--r-- | wscript_configure_system_gnutls | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls index 2ec217fb9dc..28abd29f964 100644 --- a/wscript_configure_system_gnutls +++ b/wscript_configure_system_gnutls @@ -1,4 +1,5 @@ from waflib import Options +import os def parse_version(v): return tuple(map(int, (v.split(".")))) @@ -35,9 +36,31 @@ conf.CHECK_FUNCS_IN('gnutls_set_default_priority_append', 'gnutls') if (parse_version(gnutls_version) > parse_version('3.6.14')): conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls') -# Check if we have support for crypto policies -if conf.CHECK_FUNCS_IN('gnutls_get_system_config_file', 'gnutls'): - conf.DEFINE('HAVE_GNUTLS_CRYPTO_POLICIES', 1) +# Check if gnutls has fips mode support +# gnutls_fips140_mode_enabled() is available since 3.3.0 +fragment = ''' +#include <gnutls/gnutls.h> +#include <stdlib.h> + +int main(void) +{ + unsigned int ok; + + ok = gnutls_fips140_mode_enabled(); + + return !ok; +} +''' + +os.environ['GNUTLS_FORCE_FIPS_MODE'] = '1' +conf.CHECK_CODE(fragment, + 'HAVE_GNUTLS_FIPS_MODE_SUPPORTED', + execute=True, + addmain=False, + add_headers=False, + lib='gnutls', + msg='Checking for gnutls fips mode support') +del os.environ['GNUTLS_FORCE_FIPS_MODE'] if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'): conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1) |