OpenSystemsDevelopment / qpdf

Commit 8120a444758a463ba9e3b4d0d64e96d9075b9521

Authored by m-holger
Committed by GitHub
2 parents b2c95960 d4d3254d

Merge pull request #1587 from dargad/relax-gnutls 

Utilize the GNUTLS_FIPS140_LAX around MD5 initialization.
Inline Side-by-side
Showing 2 changed files with 17 additions and 1 deletions
libqpdf/QPDFCrypto_gnutls.cc
  View file @8120a44
@@ -11,9 +11,17 @@ QPDFCrypto_gnutls::QPDFCrypto_gnutls() : @@ -11,9 +11,17 @@ QPDFCrypto_gnutls::QPDFCrypto_gnutls() :
11 encrypt(false), 11 encrypt(false),
12 cbc_mode(false), 12 cbc_mode(false),
13 aes_key_data(nullptr), 13 aes_key_data(nullptr),
14 - aes_key_len(0) 14 + aes_key_len(0),
  15 + fips_mode(gnutls_fips140_mode_enabled())
15 { 16 {
16 memset(digest, 0, sizeof(digest)); 17 memset(digest, 0, sizeof(digest));
  18 +
  19 + if (fips_mode) {
  20 + // Relax FIPS mode for the lifetime of this object
  21 + gnutls_fips140_set_mode(
  22 + GNUTLS_FIPS140_LAX,
  23 + GNUTLS_FIPS140_SET_MODE_THREAD);
  24 + }
17 } 25 }
18 26
19 QPDFCrypto_gnutls::~QPDFCrypto_gnutls() 27 QPDFCrypto_gnutls::~QPDFCrypto_gnutls()
@@ -26,6 +34,13 @@ QPDFCrypto_gnutls::~QPDFCrypto_gnutls() @@ -26,6 +34,13 @@ QPDFCrypto_gnutls::~QPDFCrypto_gnutls()
26 } 34 }
27 aes_key_data = nullptr; 35 aes_key_data = nullptr;
28 aes_key_len = 0; 36 aes_key_len = 0;
  37 +
  38 + if (fips_mode) {
  39 + // Restore saved FIPS mode
  40 + gnutls_fips140_set_mode(
  41 + static_cast<gnutls_fips_mode_t>(fips_mode),
  42 + GNUTLS_FIPS140_SET_MODE_THREAD);
  43 + }
29 } 44 }
30 45
31 void 46 void
libqpdf/qpdf/QPDFCrypto_gnutls.hh
  View file @8120a44
@@ -53,6 +53,7 @@ class QPDFCrypto_gnutls: public QPDFCryptoImpl @@ -53,6 +53,7 @@ class QPDFCrypto_gnutls: public QPDFCryptoImpl
53 char digest[64]; 53 char digest[64];
54 unsigned char const* aes_key_data; 54 unsigned char const* aes_key_data;
55 size_t aes_key_len; 55 size_t aes_key_len;
  56 + unsigned fips_mode;
56 }; 57 };
57 58
58 #endif // QPDFCRYPTO_GNUTLS_HH 59 #endif // QPDFCRYPTO_GNUTLS_HH