OpenSystemsDevelopment / qpdf

Commit 8120a444758a463ba9e3b4d0d64e96d9075b9521

Authored by m-holger
Committed by GitHub
2 parents b2c95960 d4d3254d

Merge pull request #1587 from dargad/relax-gnutls 

Utilize the GNUTLS_FIPS140_LAX around MD5 initialization.
Inline Side-by-side
Showing 2 changed files with 17 additions and 1 deletions
libqpdf/QPDFCrypto_gnutls.cc
  View file @8120a44
... ... @@ -11,9 +11,17 @@ QPDFCrypto_gnutls::QPDFCrypto_gnutls() :
11 11 encrypt(false),
12 12 cbc_mode(false),
13 13 aes_key_data(nullptr),
14   - aes_key_len(0)
  14 + aes_key_len(0),
  15 + fips_mode(gnutls_fips140_mode_enabled())
15 16 {
16 17 memset(digest, 0, sizeof(digest));
  18 +
  19 + if (fips_mode) {
  20 + // Relax FIPS mode for the lifetime of this object
  21 + gnutls_fips140_set_mode(
  22 + GNUTLS_FIPS140_LAX,
  23 + GNUTLS_FIPS140_SET_MODE_THREAD);
  24 + }
17 25 }
18 26  
19 27 QPDFCrypto_gnutls::~QPDFCrypto_gnutls()
... ... @@ -26,6 +34,13 @@ QPDFCrypto_gnutls::~QPDFCrypto_gnutls()
26 34 }
27 35 aes_key_data = nullptr;
28 36 aes_key_len = 0;
  37 +
  38 + if (fips_mode) {
  39 + // Restore saved FIPS mode
  40 + gnutls_fips140_set_mode(
  41 + static_cast<gnutls_fips_mode_t>(fips_mode),
  42 + GNUTLS_FIPS140_SET_MODE_THREAD);
  43 + }
29 44 }
30 45  
31 46 void
... ...
libqpdf/qpdf/QPDFCrypto_gnutls.hh
  View file @8120a44
... ... @@ -53,6 +53,7 @@ class QPDFCrypto_gnutls: public QPDFCryptoImpl
53 53 char digest[64];
54 54 unsigned char const* aes_key_data;
55 55 size_t aes_key_len;
  56 + unsigned fips_mode;
56 57 };
57 58  
58 59 #endif // QPDFCRYPTO_GNUTLS_HH
... ...