diff options
author | Kevin Smith <git@kismith.co.uk> | 2012-02-22 11:00:19 (GMT) |
---|---|---|
committer | Kevin Smith <git@kismith.co.uk> | 2012-02-28 16:02:29 (GMT) |
commit | 0e4f068273ecaa2be24a046812893698a06481bc (patch) | |
tree | 9c3b7dbd3609a866c2123ea0c5a539b5c49d67dd /Swiften/Base | |
parent | eca0f020873f7620c5125101113e2c1eb25b273e (diff) | |
download | swift-0e4f068273ecaa2be24a046812893698a06481bc.zip swift-0e4f068273ecaa2be24a046812893698a06481bc.tar.bz2 |
Make Swift more usable in a FIPS-140 environment
Don't allow DIGEST-MD5 when Windows is set to FIPS mode. Use
platform-provided hashing for SHA1.
Diffstat (limited to 'Swiften/Base')
-rw-r--r-- | Swiften/Base/WindowsRegistry.h | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/Swiften/Base/WindowsRegistry.h b/Swiften/Base/WindowsRegistry.h new file mode 100644 index 0000000..11a26b3 --- /dev/null +++ b/Swiften/Base/WindowsRegistry.h @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2012 Kevin Smith + * Licensed under the GNU General Public License v3. + * See Documentation/Licenses/GPLv3.txt for more information. + */ + +#pragma once + +#include <windows.h> + +namespace Swift { + class WindowsRegistry { + public: + static bool isFIPSEnabled() { + char* pathForXP = "System\\CurrentControlSet\\Control\\Lsa"; + char* pathSinceVista = "System\\CurrentControlSet\\Control\\Lsa\\FIPSAlgorithmPolicy"; + char* keyForXP = "FIPSAlgorithmPolicy"; + char* keySinceVista = "Enabled"; + + OSVERSIONINFO osvi; + ZeroMemory(&osvi, sizeof(OSVERSIONINFO)); + osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); + GetVersionEx(&osvi); + + char* keyForOS = osvi.dwMajorVersion < 6 ? keyForXP : keySinceVista; + char* pathForOS = osvi.dwMajorVersion < 6 ? pathForXP : pathSinceVista; + + /* http://support.microsoft.com/kb/811833 */ + /* http://msdn.microsoft.com/en-us/library/ms724911%28VS.85%29.aspx */ + HKEY key; + bool result = false; + if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, + pathForOS, + 0, + KEY_READ, + &key) != ERROR_SUCCESS) { + /* If we can't find the key that says we're FIPS, we're not FIPS */ + return result; + } + DWORD keyType = REG_DWORD; + DWORD data; + DWORD length = sizeof(data); + + if (RegQueryValueEx(key, + keyForOS, + NULL, + &keyType, + (LPBYTE)&data, + &length) == ERROR_SUCCESS) { + result = data != 0; + } + + RegCloseKey(key); + return result; + } + }; +} |