summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Smith <git@kismith.co.uk>2012-02-22 11:00:19 (GMT)
committerKevin Smith <git@kismith.co.uk>2012-02-28 16:02:29 (GMT)
commit0e4f068273ecaa2be24a046812893698a06481bc (patch)
tree9c3b7dbd3609a866c2123ea0c5a539b5c49d67dd /Swiften/Base
parenteca0f020873f7620c5125101113e2c1eb25b273e (diff)
downloadswift-0e4f068273ecaa2be24a046812893698a06481bc.zip
swift-0e4f068273ecaa2be24a046812893698a06481bc.tar.bz2
Make Swift more usable in a FIPS-140 environment
Don't allow DIGEST-MD5 when Windows is set to FIPS mode. Use platform-provided hashing for SHA1.
Diffstat (limited to 'Swiften/Base')
-rw-r--r--Swiften/Base/WindowsRegistry.h57
1 files changed, 57 insertions, 0 deletions
diff --git a/Swiften/Base/WindowsRegistry.h b/Swiften/Base/WindowsRegistry.h
new file mode 100644
index 0000000..11a26b3
--- /dev/null
+++ b/Swiften/Base/WindowsRegistry.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2012 Kevin Smith
+ * Licensed under the GNU General Public License v3.
+ * See Documentation/Licenses/GPLv3.txt for more information.
+ */
+
+#pragma once
+
+#include <windows.h>
+
+namespace Swift {
+ class WindowsRegistry {
+ public:
+ static bool isFIPSEnabled() {
+ char* pathForXP = "System\\CurrentControlSet\\Control\\Lsa";
+ char* pathSinceVista = "System\\CurrentControlSet\\Control\\Lsa\\FIPSAlgorithmPolicy";
+ char* keyForXP = "FIPSAlgorithmPolicy";
+ char* keySinceVista = "Enabled";
+
+ OSVERSIONINFO osvi;
+ ZeroMemory(&osvi, sizeof(OSVERSIONINFO));
+ osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+ GetVersionEx(&osvi);
+
+ char* keyForOS = osvi.dwMajorVersion < 6 ? keyForXP : keySinceVista;
+ char* pathForOS = osvi.dwMajorVersion < 6 ? pathForXP : pathSinceVista;
+
+ /* http://support.microsoft.com/kb/811833 */
+ /* http://msdn.microsoft.com/en-us/library/ms724911%28VS.85%29.aspx */
+ HKEY key;
+ bool result = false;
+ if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+ pathForOS,
+ 0,
+ KEY_READ,
+ &key) != ERROR_SUCCESS) {
+ /* If we can't find the key that says we're FIPS, we're not FIPS */
+ return result;
+ }
+ DWORD keyType = REG_DWORD;
+ DWORD data;
+ DWORD length = sizeof(data);
+
+ if (RegQueryValueEx(key,
+ keyForOS,
+ NULL,
+ &keyType,
+ (LPBYTE)&data,
+ &length) == ERROR_SUCCESS) {
+ result = data != 0;
+ }
+
+ RegCloseKey(key);
+ return result;
+ }
+ };
+}