|
Zdenek Dohnal |
181cf8 |
diff -up vim82/src/config.h.in.fips-warning vim82/src/config.h.in
|
|
Zdenek Dohnal |
1efb73 |
--- vim82/src/config.h.in.fips-warning 2021-06-23 11:46:55.000000000 +0200
|
|
Zdenek Dohnal |
1efb73 |
+++ vim82/src/config.h.in 2021-06-23 11:55:03.165480970 +0200
|
|
Zdenek Dohnal |
1efb73 |
@@ -501,3 +501,12 @@
|
|
Zdenek Dohnal |
fd78a2 |
|
|
Zdenek Dohnal |
181cf8 |
/* Define if _SC_SIGSTKSZ is available via sysconf() */
|
|
Zdenek Dohnal |
181cf8 |
#undef HAVE_SYSCONF_SIGSTKSZ
|
|
Zdenek Dohnal |
fd78a2 |
+
|
|
Zdenek Dohnal |
fd78a2 |
+/* Do we need FIPS warning? */
|
|
Zdenek Dohnal |
fd78a2 |
+#undef HAVE_FIPS_WARNING
|
|
Zdenek Dohnal |
fd78a2 |
+
|
|
Zdenek Dohnal |
fd78a2 |
+/* Link to system-fips file */
|
|
Zdenek Dohnal |
fd78a2 |
+#undef SYSTEM_FIPS_FILE_LINK
|
|
Zdenek Dohnal |
fd78a2 |
+
|
|
Zdenek Dohnal |
fd78a2 |
+/* Link to fips_enabled file */
|
|
Zdenek Dohnal |
fd78a2 |
+#undef FIPS_ENABLED_FILE_LINK
|
|
Zdenek Dohnal |
181cf8 |
diff -up vim82/src/configure.ac.fips-warning vim82/src/configure.ac
|
|
Zdenek Dohnal |
1efb73 |
--- vim82/src/configure.ac.fips-warning 2021-06-23 11:55:03.163480985 +0200
|
|
Zdenek Dohnal |
1efb73 |
+++ vim82/src/configure.ac 2021-06-23 11:55:03.166480962 +0200
|
|
Zdenek Dohnal |
181cf8 |
@@ -541,6 +541,38 @@ else
|
|
Zdenek Dohnal |
fd78a2 |
AC_MSG_RESULT(yes)
|
|
Zdenek Dohnal |
fd78a2 |
fi
|
|
Zdenek Dohnal |
fd78a2 |
|
|
Zdenek Dohnal |
fd78a2 |
+dnl Checking if we want FIPS warning
|
|
Zdenek Dohnal |
fd78a2 |
+
|
|
Zdenek Dohnal |
fd78a2 |
+AC_MSG_CHECKING(--enable-fips-warning)
|
|
Zdenek Dohnal |
fd78a2 |
+AC_ARG_ENABLE([fips-warning],
|
|
Zdenek Dohnal |
fd78a2 |
+ AS_HELP_STRING([--enable-fips-warning], [Enable FIPS warning]),
|
|
Zdenek Dohnal |
fd78a2 |
+ ,[enable_fips_warning="no"])
|
|
Zdenek Dohnal |
fd78a2 |
+
|
|
Zdenek Dohnal |
fd78a2 |
+if test "$enable_fips_warning" = "yes"; then
|
|
Zdenek Dohnal |
fd78a2 |
+ AC_MSG_RESULT(yes)
|
|
Zdenek Dohnal |
fd78a2 |
+ AC_DEFINE([HAVE_FIPS_WARNING])
|
|
Zdenek Dohnal |
fd78a2 |
+
|
|
Zdenek Dohnal |
fd78a2 |
+ dnl Setting path for system-fips file
|
|
Zdenek Dohnal |
fd78a2 |
+
|
|
Zdenek Dohnal |
fd78a2 |
+ AC_MSG_CHECKING(--with-system-fips-file argument)
|
|
Zdenek Dohnal |
fd78a2 |
+ AC_ARG_WITH([system-fips-file], [ --with-system-fips-file=PATH Link to system-fips file (default: /etc/system-fips)],
|
|
Zdenek Dohnal |
fd78a2 |
+ with_system_fips_file=$withval,
|
|
Zdenek Dohnal |
fd78a2 |
+ with_system_fips_file="/etc/system-fips")
|
|
Zdenek Dohnal |
fd78a2 |
+ AC_MSG_RESULT([$with_system_fips_file])
|
|
Zdenek Dohnal |
fd78a2 |
+ AC_DEFINE_UNQUOTED([SYSTEM_FIPS_FILE_LINK], ["$with_system_fips_file"])
|
|
Zdenek Dohnal |
fd78a2 |
+
|
|
Zdenek Dohnal |
fd78a2 |
+ dnl Setting link to fips_enabled file
|
|
Zdenek Dohnal |
fd78a2 |
+
|
|
Zdenek Dohnal |
fd78a2 |
+ AC_MSG_CHECKING(--with-fips-enabled-file argument)
|
|
Zdenek Dohnal |
fd78a2 |
+ AC_ARG_WITH([fips-enabled-file], [ --with-fips-enabled-file=PATH Link to fibs_enabled file (default: /proc/sys/crypto/fips_enabled)],
|
|
Zdenek Dohnal |
fd78a2 |
+ with_fips_enabled_file=$withval,
|
|
Zdenek Dohnal |
fd78a2 |
+ with_fips_enabled_file="/proc/sys/crypto/fips_enabled")
|
|
Zdenek Dohnal |
fd78a2 |
+ AC_MSG_RESULT([$with_fips_enabled_file])
|
|
Zdenek Dohnal |
fd78a2 |
+ AC_DEFINE_UNQUOTED([FIPS_ENABLED_FILE_LINK], ["$with_fips_enabled_file"])
|
|
Zdenek Dohnal |
fd78a2 |
+else
|
|
Zdenek Dohnal |
fd78a2 |
+ AC_MSG_RESULT(no)
|
|
Zdenek Dohnal |
fd78a2 |
+fi
|
|
Zdenek Dohnal |
fd78a2 |
+
|
|
Zdenek Dohnal |
fd78a2 |
dnl Check for Lua feature.
|
|
Zdenek Dohnal |
fd78a2 |
AC_MSG_CHECKING(--enable-luainterp argument)
|
|
Zdenek Dohnal |
fd78a2 |
AC_ARG_ENABLE(luainterp,
|
|
Zdenek Dohnal |
181cf8 |
diff -up vim82/src/crypt.c.fips-warning vim82/src/crypt.c
|
|
Zdenek Dohnal |
1efb73 |
--- vim82/src/crypt.c.fips-warning 2021-06-23 11:55:03.166480962 +0200
|
|
Zdenek Dohnal |
1efb73 |
+++ vim82/src/crypt.c 2021-06-23 12:36:22.295488425 +0200
|
|
Zdenek Dohnal |
1efb73 |
@@ -603,6 +603,21 @@ crypt_check_method(int method)
|
|
Zdenek Dohnal |
fd78a2 |
msg_scroll = TRUE;
|
|
Zdenek Dohnal |
fd78a2 |
msg(_("Warning: Using a weak encryption method; see :help 'cm'"));
|
|
Zdenek Dohnal |
fd78a2 |
}
|
|
Zdenek Dohnal |
fd78a2 |
+#ifdef HAVE_FIPS_WARNING
|
|
Zdenek Dohnal |
fd78a2 |
+ FILE *fips_enable_fd = fopen(FIPS_ENABLED_FILE_LINK, "r");
|
|
Zdenek Dohnal |
fd78a2 |
+ if (fips_enable_fd == NULL)
|
|
Zdenek Dohnal |
fd78a2 |
+ return;
|
|
Zdenek Dohnal |
fd78a2 |
+
|
|
Zdenek Dohnal |
fd78a2 |
+ int enabled = fgetc(fips_enable_fd);
|
|
Zdenek Dohnal |
fd78a2 |
+
|
|
Zdenek Dohnal |
fd78a2 |
+ if ( access(SYSTEM_FIPS_FILE_LINK, F_OK) != -1 && enabled == '1')
|
|
Zdenek Dohnal |
fd78a2 |
+ {
|
|
Zdenek Dohnal |
fd78a2 |
+ msg_scroll = TRUE;
|
|
Zdenek Dohnal |
fd78a2 |
+ msg(_("Warning: This cryptography is not FIPS 140-2 compliant."));
|
|
Zdenek Dohnal |
fd78a2 |
+ }
|
|
Zdenek Dohnal |
fd78a2 |
+
|
|
Zdenek Dohnal |
fd78a2 |
+ fclose(fips_enable_fd);
|
|
Zdenek Dohnal |
fd78a2 |
+#endif
|
|
Zdenek Dohnal |
fd78a2 |
}
|
|
Zdenek Dohnal |
fd78a2 |
|
|
Zdenek Dohnal |
1efb73 |
#ifdef FEAT_SODIUM
|