|
@@ -3767,11 +3767,9 @@ AS_CASE([$FIPS_VERSION],
|
|
|
AS_IF([test "$ENABLED_AESGCM" = "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm" != "no")],
|
|
|
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
|
|
|
|
|
|
- AS_IF([test "$ENABLED_MD5" != "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_md5" != "yes")],
|
|
|
- [ENABLED_MD5="no"; ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"])
|
|
|
-
|
|
|
- AS_IF([test "$ENABLED_DES3" != "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_des3" != "yes")],
|
|
|
- [ENABLED_DES3="no"])
|
|
|
+ # Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
|
|
|
+ AS_IF([test "$ENABLED_OLD_TLS" != "no"],
|
|
|
+ [ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
|
|
|
|
|
|
AS_IF([test $HAVE_FIPS_VERSION_MINOR -ge 2],
|
|
|
[AS_IF([test "x$ENABLED_AESOFB" = "xno" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesofb" != "no")],
|