You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
85 lines
2.9 KiB
85 lines
2.9 KiB
diff -up vim82/src/config.h.in.fips-warning vim82/src/config.h.in |
|
--- vim82/src/config.h.in.fips-warning 2022-02-24 08:13:59.017280243 +0100 |
|
+++ vim82/src/config.h.in 2022-02-24 08:14:33.085580298 +0100 |
|
@@ -508,5 +508,14 @@ |
|
/* Define if _SC_SIGSTKSZ is available via sysconf() */ |
|
#undef HAVE_SYSCONF_SIGSTKSZ |
|
|
|
+/* Do we need FIPS warning? */ |
|
+#undef HAVE_FIPS_WARNING |
|
+ |
|
+/* Link to system-fips file */ |
|
+#undef SYSTEM_FIPS_FILE_LINK |
|
+ |
|
+/* Link to fips_enabled file */ |
|
+#undef FIPS_ENABLED_FILE_LINK |
|
+ |
|
/* Define if you want to load libgpm dynamically */ |
|
#undef DYNAMIC_GPM |
|
diff -up vim82/src/configure.ac.fips-warning vim82/src/configure.ac |
|
--- vim82/src/configure.ac.fips-warning 2022-02-24 08:13:59.014280304 +0100 |
|
+++ vim82/src/configure.ac 2022-02-24 08:13:59.018280222 +0100 |
|
@@ -583,6 +583,38 @@ else |
|
AC_SUBST(XDIFF_OBJS_USED) |
|
fi |
|
|
|
+dnl Checking if we want FIPS warning |
|
+ |
|
+AC_MSG_CHECKING(--enable-fips-warning) |
|
+AC_ARG_ENABLE([fips-warning], |
|
+ AS_HELP_STRING([--enable-fips-warning], [Enable FIPS warning]), |
|
+ ,[enable_fips_warning="no"]) |
|
+ |
|
+if test "$enable_fips_warning" = "yes"; then |
|
+ AC_MSG_RESULT(yes) |
|
+ AC_DEFINE([HAVE_FIPS_WARNING]) |
|
+ |
|
+ dnl Setting path for system-fips file |
|
+ |
|
+ AC_MSG_CHECKING(--with-system-fips-file argument) |
|
+ AC_ARG_WITH([system-fips-file], [ --with-system-fips-file=PATH Link to system-fips file (default: /etc/system-fips)], |
|
+ with_system_fips_file=$withval, |
|
+ with_system_fips_file="/etc/system-fips") |
|
+ AC_MSG_RESULT([$with_system_fips_file]) |
|
+ AC_DEFINE_UNQUOTED([SYSTEM_FIPS_FILE_LINK], ["$with_system_fips_file"]) |
|
+ |
|
+ dnl Setting link to fips_enabled file |
|
+ |
|
+ AC_MSG_CHECKING(--with-fips-enabled-file argument) |
|
+ AC_ARG_WITH([fips-enabled-file], [ --with-fips-enabled-file=PATH Link to fibs_enabled file (default: /proc/sys/crypto/fips_enabled)], |
|
+ with_fips_enabled_file=$withval, |
|
+ with_fips_enabled_file="/proc/sys/crypto/fips_enabled") |
|
+ AC_MSG_RESULT([$with_fips_enabled_file]) |
|
+ AC_DEFINE_UNQUOTED([FIPS_ENABLED_FILE_LINK], ["$with_fips_enabled_file"]) |
|
+else |
|
+ AC_MSG_RESULT(no) |
|
+fi |
|
+ |
|
dnl Check for Lua feature. |
|
AC_MSG_CHECKING(--enable-luainterp argument) |
|
AC_ARG_ENABLE(luainterp, |
|
diff -up vim82/src/crypt.c.fips-warning vim82/src/crypt.c |
|
--- vim82/src/crypt.c.fips-warning 2022-02-24 08:09:29.000000000 +0100 |
|
+++ vim82/src/crypt.c 2022-02-24 08:13:59.018280222 +0100 |
|
@@ -740,6 +740,21 @@ crypt_check_method(int method) |
|
msg_scroll = TRUE; |
|
msg(_("Warning: Using a weak encryption method; see :help 'cm'")); |
|
} |
|
+#ifdef HAVE_FIPS_WARNING |
|
+ FILE *fips_enable_fd = fopen(FIPS_ENABLED_FILE_LINK, "r"); |
|
+ if (fips_enable_fd == NULL) |
|
+ return; |
|
+ |
|
+ int enabled = fgetc(fips_enable_fd); |
|
+ |
|
+ if ( access(SYSTEM_FIPS_FILE_LINK, F_OK) != -1 && enabled == '1') |
|
+ { |
|
+ msg_scroll = TRUE; |
|
+ msg(_("Warning: This cryptography is not FIPS 140-2 compliant.")); |
|
+ } |
|
+ |
|
+ fclose(fips_enable_fd); |
|
+#endif |
|
} |
|
|
|
#ifdef FEAT_SODIUM
|
|
|