Commit 7e95182c66afe1669fcab47b08549e934cc4b980
1 parent
91ad44eb
Update release notes for #1587
Showing
2 changed files
with
8 additions
and
5 deletions
libqpdf/QPDFCrypto_gnutls.cc
| ... | ... | @@ -18,9 +18,7 @@ QPDFCrypto_gnutls::QPDFCrypto_gnutls() : |
| 18 | 18 | |
| 19 | 19 | if (fips_mode) { |
| 20 | 20 | // Relax FIPS mode for the lifetime of this object |
| 21 | - gnutls_fips140_set_mode( | |
| 22 | - GNUTLS_FIPS140_LAX, | |
| 23 | - GNUTLS_FIPS140_SET_MODE_THREAD); | |
| 21 | + gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD); | |
| 24 | 22 | } |
| 25 | 23 | } |
| 26 | 24 | |
| ... | ... | @@ -38,8 +36,7 @@ QPDFCrypto_gnutls::~QPDFCrypto_gnutls() |
| 38 | 36 | if (fips_mode) { |
| 39 | 37 | // Restore saved FIPS mode |
| 40 | 38 | gnutls_fips140_set_mode( |
| 41 | - static_cast<gnutls_fips_mode_t>(fips_mode), | |
| 42 | - GNUTLS_FIPS140_SET_MODE_THREAD); | |
| 39 | + static_cast<gnutls_fips_mode_t>(fips_mode), GNUTLS_FIPS140_SET_MODE_THREAD); | |
| 43 | 40 | } |
| 44 | 41 | } |
| 45 | 42 | ... | ... |
manual/release-notes.rst
| ... | ... | @@ -71,6 +71,12 @@ more detail. |
| 71 | 71 | |
| 72 | 72 | - Other changes |
| 73 | 73 | |
| 74 | + - When running in a FIPS environment using the GnuTLS crypto provider, | |
| 75 | + calls to GnuTLS now use 'LAX' mode as the use of weak algorithms is | |
| 76 | + required to decrypt existing files and is specified by the PDF standards | |
| 77 | + for purposes unrelated to encryption. It is up to users to ensure | |
| 78 | + they comply with FIPS where required. | |
| 79 | + | |
| 74 | 80 | - Calling ``QPDF::getRoot`` on a file with invalid trailer now throws a |
| 75 | 81 | ``damaged_pdf`` error with message "unable to find /Root dictionary" |
| 76 | 82 | rather than an internal error. | ... | ... |