set OPENSSL_FIPSSYMS for restricted buils and auto detect no-ec2m

diff --git a/Configure b/Configure
index 5c9e34707fa907125a5426916a18c48079237227..22a5793e24502669e5834875a8ba9ac9ab692393 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -693,17 +693,6 @@ my $default_ranlib;
 my $perl;
 my $fips=0;
 
-# If ssl directory missing assume truncated FIPS tarball
-if (! -d ssl)
-       {
-       print STDERR "Auto Configuring fipsonly\n";
-       $fips = 1;
-       $nofipscanistercheck = 1;
-       $fipslibdir="";
-       $fipscanisterinternal="y";
-       $fipscanisteronly = 1;
-       }
-
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
 my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
@@ -720,6 +709,21 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
                );
 my @experimental = ();
 
+# If ssl directory missing assume truncated FIPS tarball
+if (! -d ssl)
+       {
+       print STDERR "Auto Configuring fipsonly\n";
+       $fips = 1;
+       $nofipscanistercheck = 1;
+       $fipslibdir="";
+       $fipscanisterinternal="y";
+       $fipscanisteronly = 2;
+       if (! -f "crypto/bn/bn_gf2m.c" )
+               {
+               $disabled{ec2m} = "forced";
+               }
+       }
+
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
 my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE";
@@ -1117,6 +1121,12 @@ foreach (sort (keys %disabled))
        }
 
 my $exp_cflags = "";
+
+if ($fipscanisteronly == 2)
+       {
+       $exp_cflags .= " -DOPENSSL_FIPSSYMS";
+       }
+
 foreach (sort @experimental)
        {
        my $ALGO;