Zdenek Dohnal fd78a2
diff -up vim81/src/config.h.in.crypto vim81/src/config.h.in
Zdenek Dohnal fd78a2
--- vim81/src/config.h.in.crypto	2019-07-26 07:58:51.000000000 +0200
Zdenek Dohnal fd78a2
+++ vim81/src/config.h.in	2019-09-16 14:18:32.994110646 +0200
Zdenek Dohnal fd78a2
@@ -490,3 +490,12 @@
Zdenek Dohnal fd78a2
 
Zdenek Dohnal fd78a2
 /* Define to inline symbol or empty */
Zdenek Dohnal fd78a2
 #undef inline
Zdenek Dohnal fd78a2
+
Zdenek Dohnal fd78a2
+/* Do we need FIPS warning? */
Zdenek Dohnal fd78a2
+#undef HAVE_FIPS_WARNING
Zdenek Dohnal fd78a2
+
Zdenek Dohnal fd78a2
+/* Link to system-fips file */
Zdenek Dohnal fd78a2
+#undef SYSTEM_FIPS_FILE_LINK
Zdenek Dohnal fd78a2
+
Zdenek Dohnal fd78a2
+/* Link to fips_enabled file */
Zdenek Dohnal fd78a2
+#undef FIPS_ENABLED_FILE_LINK
Zdenek Dohnal fd78a2
diff -up vim81/src/configure.ac.crypto vim81/src/configure.ac
Zdenek Dohnal fd78a2
--- vim81/src/configure.ac.crypto	2019-09-16 14:18:32.990110675 +0200
Zdenek Dohnal fd78a2
+++ vim81/src/configure.ac	2019-09-16 14:18:32.996110631 +0200
Zdenek Dohnal fd78a2
@@ -534,6 +534,38 @@ else
Zdenek Dohnal fd78a2
   AC_MSG_RESULT(yes)
Zdenek Dohnal fd78a2
 fi
Zdenek Dohnal fd78a2
 
Zdenek Dohnal fd78a2
+dnl Checking if we want FIPS warning
Zdenek Dohnal fd78a2
+
Zdenek Dohnal fd78a2
+AC_MSG_CHECKING(--enable-fips-warning)
Zdenek Dohnal fd78a2
+AC_ARG_ENABLE([fips-warning],
Zdenek Dohnal fd78a2
+              AS_HELP_STRING([--enable-fips-warning], [Enable FIPS warning]),
Zdenek Dohnal fd78a2
+              ,[enable_fips_warning="no"])
Zdenek Dohnal fd78a2
+
Zdenek Dohnal fd78a2
+if test "$enable_fips_warning" = "yes"; then
Zdenek Dohnal fd78a2
+  AC_MSG_RESULT(yes)
Zdenek Dohnal fd78a2
+  AC_DEFINE([HAVE_FIPS_WARNING])
Zdenek Dohnal fd78a2
+
Zdenek Dohnal fd78a2
+  dnl Setting path for system-fips file
Zdenek Dohnal fd78a2
+
Zdenek Dohnal fd78a2
+  AC_MSG_CHECKING(--with-system-fips-file argument)
Zdenek Dohnal fd78a2
+  AC_ARG_WITH([system-fips-file], [  --with-system-fips-file=PATH       Link to system-fips file (default: /etc/system-fips)],
Zdenek Dohnal fd78a2
+	with_system_fips_file=$withval,
Zdenek Dohnal fd78a2
+       with_system_fips_file="/etc/system-fips")
Zdenek Dohnal fd78a2
+  AC_MSG_RESULT([$with_system_fips_file])
Zdenek Dohnal fd78a2
+  AC_DEFINE_UNQUOTED([SYSTEM_FIPS_FILE_LINK], ["$with_system_fips_file"])
Zdenek Dohnal fd78a2
+
Zdenek Dohnal fd78a2
+  dnl Setting link to fips_enabled file
Zdenek Dohnal fd78a2
+
Zdenek Dohnal fd78a2
+  AC_MSG_CHECKING(--with-fips-enabled-file argument)
Zdenek Dohnal fd78a2
+  AC_ARG_WITH([fips-enabled-file], [  --with-fips-enabled-file=PATH       Link to fibs_enabled file (default: /proc/sys/crypto/fips_enabled)],
Zdenek Dohnal fd78a2
+	with_fips_enabled_file=$withval,
Zdenek Dohnal fd78a2
+       with_fips_enabled_file="/proc/sys/crypto/fips_enabled")
Zdenek Dohnal fd78a2
+  AC_MSG_RESULT([$with_fips_enabled_file])
Zdenek Dohnal fd78a2
+  AC_DEFINE_UNQUOTED([FIPS_ENABLED_FILE_LINK], ["$with_fips_enabled_file"])
Zdenek Dohnal fd78a2
+else
Zdenek Dohnal fd78a2
+  AC_MSG_RESULT(no)
Zdenek Dohnal fd78a2
+fi
Zdenek Dohnal fd78a2
+
Zdenek Dohnal fd78a2
 dnl Check for Lua feature.
Zdenek Dohnal fd78a2
 AC_MSG_CHECKING(--enable-luainterp argument)
Zdenek Dohnal fd78a2
 AC_ARG_ENABLE(luainterp,
Zdenek Dohnal fd78a2
diff -up vim81/src/crypt.c.crypto vim81/src/crypt.c
Zdenek Dohnal fd78a2
--- vim81/src/crypt.c.crypto	2019-09-16 14:18:32.996110631 +0200
Zdenek Dohnal fd78a2
+++ vim81/src/crypt.c	2019-09-16 14:19:48.953550617 +0200
Zdenek Dohnal fd78a2
@@ -524,6 +524,21 @@ crypt_check_method(int method)
Zdenek Dohnal fd78a2
 	msg_scroll = TRUE;
Zdenek Dohnal fd78a2
 	msg(_("Warning: Using a weak encryption method; see :help 'cm'"));
Zdenek Dohnal fd78a2
     }
Zdenek Dohnal fd78a2
+#ifdef HAVE_FIPS_WARNING
Zdenek Dohnal fd78a2
+    FILE *fips_enable_fd = fopen(FIPS_ENABLED_FILE_LINK, "r");
Zdenek Dohnal fd78a2
+    if (fips_enable_fd == NULL)
Zdenek Dohnal fd78a2
+      return;
Zdenek Dohnal fd78a2
+
Zdenek Dohnal fd78a2
+    int enabled = fgetc(fips_enable_fd);
Zdenek Dohnal fd78a2
+
Zdenek Dohnal fd78a2
+    if ( access(SYSTEM_FIPS_FILE_LINK, F_OK) != -1 && enabled == '1')
Zdenek Dohnal fd78a2
+    {
Zdenek Dohnal fd78a2
+	msg_scroll = TRUE;
Zdenek Dohnal fd78a2
+	msg(_("Warning: This cryptography is not FIPS 140-2 compliant."));
Zdenek Dohnal fd78a2
+    }
Zdenek Dohnal fd78a2
+
Zdenek Dohnal fd78a2
+    fclose(fips_enable_fd);
Zdenek Dohnal fd78a2
+#endif
Zdenek Dohnal fd78a2
 }
Zdenek Dohnal fd78a2
 
Zdenek Dohnal fd78a2
     void