You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
155 lines
4.0 KiB
155 lines
4.0 KiB
diff -up qpdf-10.2.0/libqpdf/QPDF.cc.relax qpdf-10.2.0/libqpdf/QPDF.cc |
|
--- qpdf-10.2.0/libqpdf/QPDF.cc.relax 2021-02-23 16:41:58.000000000 +0100 |
|
+++ qpdf-10.2.0/libqpdf/QPDF.cc 2021-02-24 12:35:50.715329461 +0100 |
|
@@ -11,6 +11,10 @@ |
|
#include <string.h> |
|
#include <memory.h> |
|
|
|
+#ifdef HAVE_GNUTLS |
|
+# include <gnutls/crypto.h> |
|
+#endif |
|
+ |
|
#include <qpdf/QTC.hh> |
|
#include <qpdf/QUtil.hh> |
|
#include <qpdf/Pipeline.hh> |
|
@@ -261,7 +265,13 @@ QPDF::processFile(char const* filename, |
|
{ |
|
FileInputSource* fi = new FileInputSource(); |
|
fi->setFilename(filename); |
|
+#ifdef HAVE_GNUTLS |
|
+ GNUTLS_FIPS140_SET_LAX_MODE(); |
|
+#endif |
|
processInputSource(fi, password); |
|
+#ifdef HAVE_GNUTLS |
|
+ GNUTLS_FIPS140_SET_STRICT_MODE(); |
|
+#endif |
|
} |
|
|
|
void |
|
@@ -270,7 +280,13 @@ QPDF::processFile(char const* descriptio |
|
{ |
|
FileInputSource* fi = new FileInputSource(); |
|
fi->setFile(description, filep, close_file); |
|
+#ifdef HAVE_GNUTLS |
|
+ GNUTLS_FIPS140_SET_LAX_MODE(); |
|
+#endif |
|
processInputSource(fi, password); |
|
+#ifdef HAVE_GNUTLS |
|
+ GNUTLS_FIPS140_SET_STRICT_MODE(); |
|
+#endif |
|
} |
|
|
|
void |
|
diff -up qpdf-10.2.0/libqpdf/QPDF_encryption.cc.relax qpdf-10.2.0/libqpdf/QPDF_encryption.cc |
|
--- qpdf-10.2.0/libqpdf/QPDF_encryption.cc.relax 2021-02-23 16:41:58.000000000 +0100 |
|
+++ qpdf-10.2.0/libqpdf/QPDF_encryption.cc 2021-02-24 12:37:17.267561185 +0100 |
|
@@ -1,6 +1,8 @@ |
|
// This file implements methods from the QPDF class that involve |
|
// encryption. |
|
|
|
+#include <qpdf/qpdf-config.h> |
|
+ |
|
#include <qpdf/QPDF.hh> |
|
|
|
#include <qpdf/QPDFExc.hh> |
|
@@ -18,6 +20,10 @@ |
|
#include <assert.h> |
|
#include <string.h> |
|
|
|
+#ifdef HAVE_GNUTLS |
|
+# include <gnutls/crypto.h> |
|
+#endif |
|
+ |
|
static unsigned char const padding_string[] = { |
|
0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41, |
|
0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08, |
|
@@ -1150,6 +1156,12 @@ QPDF::getKeyForObject( |
|
void |
|
QPDF::decryptString(std::string& str, int objid, int generation) |
|
{ |
|
+#ifdef HAVE_GNUTLS |
|
+ unsigned oldmode = gnutls_fips140_mode_enabled(); |
|
+ |
|
+ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD); |
|
+#endif |
|
+ |
|
if (objid == 0) |
|
{ |
|
return; |
|
@@ -1230,6 +1242,10 @@ QPDF::decryptString(std::string& str, in |
|
QUtil::int_to_string(objid) + " " + |
|
QUtil::int_to_string(generation) + ": " + e.what()); |
|
} |
|
+ |
|
+#ifdef HAVE_GNUTLS |
|
+ gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD); |
|
+#endif |
|
} |
|
|
|
void |
|
@@ -1240,6 +1256,12 @@ QPDF::decryptStream(PointerHolder<Encryp |
|
QPDFObjectHandle& stream_dict, |
|
std::vector<PointerHolder<Pipeline> >& heap) |
|
{ |
|
+#ifdef HAVE_GNUTLS |
|
+ unsigned oldmode = gnutls_fips140_mode_enabled(); |
|
+ |
|
+ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD); |
|
+#endif |
|
+ |
|
std::string type; |
|
if (stream_dict.getKey("/Type").isName()) |
|
{ |
|
@@ -1361,6 +1383,10 @@ QPDF::decryptStream(PointerHolder<Encryp |
|
toI(key.length())); |
|
} |
|
heap.push_back(pipeline); |
|
+ |
|
+#ifdef HAVE_GNUTLS |
|
+ gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD); |
|
+#endif |
|
} |
|
|
|
void |
|
diff -up qpdf-10.2.0/libqpdf/QPDFWriter.cc.relax qpdf-10.2.0/libqpdf/QPDFWriter.cc |
|
--- qpdf-10.2.0/libqpdf/QPDFWriter.cc.relax 2021-02-23 16:41:58.000000000 +0100 |
|
+++ qpdf-10.2.0/libqpdf/QPDFWriter.cc 2021-02-24 12:35:50.716329452 +0100 |
|
@@ -24,6 +24,10 @@ |
|
#include <algorithm> |
|
#include <stdlib.h> |
|
|
|
+#ifdef HAVE_GNUTLS |
|
+#include <gnutls/crypto.h> |
|
+#endif |
|
+ |
|
QPDFWriter::Members::Members(QPDF& pdf) : |
|
pdf(pdf), |
|
filename("unspecified"), |
|
@@ -321,6 +325,13 @@ void |
|
QPDFWriter::setDeterministicID(bool val) |
|
{ |
|
this->m->deterministic_id = val; |
|
+ |
|
+#ifdef HAVE_GNUTLS |
|
+ if (val) |
|
+ GNUTLS_FIPS140_SET_LAX_MODE(); |
|
+ else |
|
+ GNUTLS_FIPS140_SET_STRICT_MODE(); |
|
+#endif |
|
} |
|
|
|
void |
|
@@ -342,6 +353,13 @@ void |
|
QPDFWriter::setPreserveEncryption(bool val) |
|
{ |
|
this->m->preserve_encryption = val; |
|
+ |
|
+#ifdef HAVE_GNUTLS |
|
+ if (val) |
|
+ GNUTLS_FIPS140_SET_STRICT_MODE(); |
|
+ else |
|
+ GNUTLS_FIPS140_SET_LAX_MODE(); |
|
+#endif |
|
} |
|
|
|
void
|
|
|