Blame SOURCES/vim-crypto-warning.patch

20b5ab
diff -up vim82/src/config.h.in.fips-warning vim82/src/config.h.in
20b5ab
--- vim82/src/config.h.in.fips-warning	2021-03-01 12:20:20.887162181 +0100
20b5ab
+++ vim82/src/config.h.in	2021-03-01 12:20:42.520977438 +0100
20b5ab
@@ -499,3 +499,12 @@
20b5ab
 
20b5ab
 /* Define if _SC_SIGSTKSZ is available via sysconf() */
20b5ab
 #undef HAVE_SYSCONF_SIGSTKSZ
20b5ab
+
20b5ab
+/* Do we need FIPS warning? */
20b5ab
+#undef HAVE_FIPS_WARNING
20b5ab
+
20b5ab
+/* Link to system-fips file */
20b5ab
+#undef SYSTEM_FIPS_FILE_LINK
20b5ab
+
20b5ab
+/* Link to fips_enabled file */
20b5ab
+#undef FIPS_ENABLED_FILE_LINK
20b5ab
diff -up vim82/src/configure.ac.fips-warning vim82/src/configure.ac
20b5ab
--- vim82/src/configure.ac.fips-warning	2021-03-01 12:20:20.885162198 +0100
20b5ab
+++ vim82/src/configure.ac	2021-03-01 12:20:20.888162173 +0100
20b5ab
@@ -541,6 +541,38 @@ else
20b5ab
   AC_MSG_RESULT(yes)
20b5ab
 fi
20b5ab
 
20b5ab
+dnl Checking if we want FIPS warning
20b5ab
+
20b5ab
+AC_MSG_CHECKING(--enable-fips-warning)
20b5ab
+AC_ARG_ENABLE([fips-warning],
20b5ab
+              AS_HELP_STRING([--enable-fips-warning], [Enable FIPS warning]),
20b5ab
+              ,[enable_fips_warning="no"])
20b5ab
+
20b5ab
+if test "$enable_fips_warning" = "yes"; then
20b5ab
+  AC_MSG_RESULT(yes)
20b5ab
+  AC_DEFINE([HAVE_FIPS_WARNING])
20b5ab
+
20b5ab
+  dnl Setting path for system-fips file
20b5ab
+
20b5ab
+  AC_MSG_CHECKING(--with-system-fips-file argument)
20b5ab
+  AC_ARG_WITH([system-fips-file], [  --with-system-fips-file=PATH       Link to system-fips file (default: /etc/system-fips)],
20b5ab
+	with_system_fips_file=$withval,
20b5ab
+       with_system_fips_file="/etc/system-fips")
20b5ab
+  AC_MSG_RESULT([$with_system_fips_file])
20b5ab
+  AC_DEFINE_UNQUOTED([SYSTEM_FIPS_FILE_LINK], ["$with_system_fips_file"])
20b5ab
+
20b5ab
+  dnl Setting link to fips_enabled file
20b5ab
+
20b5ab
+  AC_MSG_CHECKING(--with-fips-enabled-file argument)
20b5ab
+  AC_ARG_WITH([fips-enabled-file], [  --with-fips-enabled-file=PATH       Link to fibs_enabled file (default: /proc/sys/crypto/fips_enabled)],
20b5ab
+	with_fips_enabled_file=$withval,
20b5ab
+       with_fips_enabled_file="/proc/sys/crypto/fips_enabled")
20b5ab
+  AC_MSG_RESULT([$with_fips_enabled_file])
20b5ab
+  AC_DEFINE_UNQUOTED([FIPS_ENABLED_FILE_LINK], ["$with_fips_enabled_file"])
20b5ab
+else
20b5ab
+  AC_MSG_RESULT(no)
20b5ab
+fi
20b5ab
+
20b5ab
 dnl Check for Lua feature.
20b5ab
 AC_MSG_CHECKING(--enable-luainterp argument)
20b5ab
 AC_ARG_ENABLE(luainterp,
20b5ab
diff -up vim82/src/crypt.c.fips-warning vim82/src/crypt.c
20b5ab
--- vim82/src/crypt.c.fips-warning	2021-03-01 12:13:11.000000000 +0100
20b5ab
+++ vim82/src/crypt.c	2021-03-01 12:20:20.888162173 +0100
20b5ab
@@ -523,6 +523,21 @@ crypt_check_method(int method)
20b5ab
 	msg_scroll = TRUE;
20b5ab
 	msg(_("Warning: Using a weak encryption method; see :help 'cm'"));
20b5ab
     }
20b5ab
+#ifdef HAVE_FIPS_WARNING
20b5ab
+    FILE *fips_enable_fd = fopen(FIPS_ENABLED_FILE_LINK, "r");
20b5ab
+    if (fips_enable_fd == NULL)
20b5ab
+      return;
20b5ab
+
20b5ab
+    int enabled = fgetc(fips_enable_fd);
20b5ab
+
20b5ab
+    if ( access(SYSTEM_FIPS_FILE_LINK, F_OK) != -1 && enabled == '1')
20b5ab
+    {
20b5ab
+	msg_scroll = TRUE;
20b5ab
+	msg(_("Warning: This cryptography is not FIPS 140-2 compliant."));
20b5ab
+    }
20b5ab
+
20b5ab
+    fclose(fips_enable_fd);
20b5ab
+#endif
20b5ab
 }
20b5ab
 
20b5ab
     void