Utilize the GNUTLS_FIPS140_LAX around MD5 initialization.

Since QPDFCrypto_gnutls is a short-lived object, it makes sense to store the current FIPS mode value, set mode to LAX and restore the original mode in the destructor. If FIPS is not enabled the behavior should remain unchanged. Fixes #1566.

Utilize the GNUTLS_FIPS140_LAX around MD5 initialization.
Since QPDFCrypto_gnutls is a short-lived object, it makes sense to store the current FIPS mode value, set mode to LAX and restore the original mode in the destructor. If FIPS is not enabled the behavior should remain unchanged. Fixes #1566.
Dariusz Gadomski
1 parent 3b6b3213
Showing 2 changed files with 17 additions and 1 deletions
libqpdf/QPDFCrypto_gnutls.cc
libqpdf/qpdf/QPDFCrypto_gnutls.hh
@@ -11,9 +11,17 @@ QPDFCrypto_gnutls::QPDFCrypto_gnutls() :
     encrypt(false),
     cbc_mode(false),
     aes_key_data(nullptr),
-    aes_key_len(0)
+    aes_key_len(0),
+    fips_mode(gnutls_fips140_mode_enabled())
 {
     memset(digest, 0, sizeof(digest));
+
+    if (fips_mode) {
+        // Relax FIPS mode for the lifetime of this object
+        gnutls_fips140_set_mode(
+            GNUTLS_FIPS140_LAX,
+            GNUTLS_FIPS140_SET_MODE_THREAD);
+    }
 }
 QPDFCrypto_gnutls::~QPDFCrypto_gnutls()
@@ -26,6 +34,13 @@ QPDFCrypto_gnutls::~QPDFCrypto_gnutls()
     }
     aes_key_data = nullptr;
     aes_key_len = 0;
+
+    if (fips_mode) {
+        // Restore saved FIPS mode
+        gnutls_fips140_set_mode(
+            static_cast<gnutls_fips_mode_t>(fips_mode),
+            GNUTLS_FIPS140_SET_MODE_THREAD);
+    }
 }
 void
@@ -53,6 +53,7 @@ class QPDFCrypto_gnutls: public QPDFCryptoImpl
     char digest[64];
     unsigned char const* aes_key_data;
     size_t aes_key_len;
+    unsigned fips_mode;
 };
 #endif // QPDFCRYPTO_GNUTLS_HH