|
|
c9c41ed |
diff -up qpdf-9.0.1/libqpdf/QPDF.cc.relax qpdf-9.0.1/libqpdf/QPDF.cc
|
|
|
c9c41ed |
--- qpdf-9.0.1/libqpdf/QPDF.cc.relax 2019-09-20 14:07:56.000000000 +0200
|
|
|
c9c41ed |
+++ qpdf-9.0.1/libqpdf/QPDF.cc 2019-10-01 13:15:46.513551565 +0200
|
|
|
c9c41ed |
@@ -10,6 +10,10 @@
|
|
|
c9c41ed |
#include <string.h>
|
|
|
c9c41ed |
#include <memory.h>
|
|
|
c9c41ed |
|
|
|
c9c41ed |
+#ifdef HAVE_GNUTLS
|
|
|
c9c41ed |
+# include <gnutls/crypto.h>
|
|
|
c9c41ed |
+#endif
|
|
|
c9c41ed |
+
|
|
|
c9c41ed |
#include <qpdf/QTC.hh>
|
|
|
c9c41ed |
#include <qpdf/QUtil.hh>
|
|
|
c9c41ed |
#include <qpdf/Pipeline.hh>
|
|
|
c9c41ed |
@@ -207,7 +211,13 @@ QPDF::processFile(char const* filename,
|
|
|
c9c41ed |
{
|
|
|
c9c41ed |
FileInputSource* fi = new FileInputSource();
|
|
|
c9c41ed |
fi->setFilename(filename);
|
|
|
c9c41ed |
+#ifdef HAVE_GNUTLS
|
|
|
c9c41ed |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
c9c41ed |
+#endif
|
|
|
c9c41ed |
processInputSource(fi, password);
|
|
|
c9c41ed |
+#ifdef HAVE_GNUTLS
|
|
|
c9c41ed |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
c9c41ed |
+#endif
|
|
|
c9c41ed |
}
|
|
|
c9c41ed |
|
|
|
c9c41ed |
void
|
|
|
c9c41ed |
@@ -216,7 +226,13 @@ QPDF::processFile(char const* descriptio
|
|
|
c9c41ed |
{
|
|
|
c9c41ed |
FileInputSource* fi = new FileInputSource();
|
|
|
c9c41ed |
fi->setFile(description, filep, close_file);
|
|
|
c9c41ed |
+#ifdef HAVE_GNUTLS
|
|
|
c9c41ed |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
c9c41ed |
+#endif
|
|
|
c9c41ed |
processInputSource(fi, password);
|
|
|
c9c41ed |
+#ifdef HAVE_GNUTLS
|
|
|
c9c41ed |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
c9c41ed |
+#endif
|
|
|
c9c41ed |
}
|
|
|
c9c41ed |
|
|
|
c9c41ed |
void
|
|
|
c9c41ed |
diff -up qpdf-9.0.1/libqpdf/QPDF_encryption.cc.relax qpdf-9.0.1/libqpdf/QPDF_encryption.cc
|
|
|
c9c41ed |
--- qpdf-9.0.1/libqpdf/QPDF_encryption.cc.relax 2019-09-20 14:07:56.000000000 +0200
|
|
|
c9c41ed |
+++ qpdf-9.0.1/libqpdf/QPDF_encryption.cc 2019-10-01 13:19:56.086467631 +0200
|
|
|
c9c41ed |
@@ -1,6 +1,8 @@
|
|
|
c9c41ed |
// This file implements methods from the QPDF class that involve
|
|
|
c9c41ed |
// encryption.
|
|
|
c9c41ed |
|
|
|
c9c41ed |
+#include <qpdf/qpdf-config.h>
|
|
|
c9c41ed |
+
|
|
|
c9c41ed |
#include <qpdf/QPDF.hh>
|
|
|
c9c41ed |
|
|
|
c9c41ed |
#include <qpdf/QPDFExc.hh>
|
|
|
c9c41ed |
@@ -18,6 +20,10 @@
|
|
|
c9c41ed |
#include <assert.h>
|
|
|
c9c41ed |
#include <string.h>
|
|
|
c9c41ed |
|
|
|
c9c41ed |
+#ifdef HAVE_GNUTLS
|
|
|
c9c41ed |
+# include <gnutls/crypto.h>
|
|
|
c9c41ed |
+#endif
|
|
|
c9c41ed |
+
|
|
|
c9c41ed |
static unsigned char const padding_string[] = {
|
|
|
c9c41ed |
0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
|
|
|
c9c41ed |
0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
|
|
|
c9c41ed |
@@ -1140,6 +1146,12 @@ QPDF::getKeyForObject(
|
|
|
c9c41ed |
void
|
|
|
c9c41ed |
QPDF::decryptString(std::string& str, int objid, int generation)
|
|
|
c9c41ed |
{
|
|
|
c9c41ed |
+#ifdef HAVE_GNUTLS
|
|
|
c9c41ed |
+ unsigned oldmode = gnutls_fips140_mode_enabled();
|
|
|
c9c41ed |
+
|
|
|
c9c41ed |
+ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
|
|
|
c9c41ed |
+#endif
|
|
|
c9c41ed |
+
|
|
|
c9c41ed |
if (objid == 0)
|
|
|
c9c41ed |
{
|
|
|
c9c41ed |
return;
|
|
|
c9c41ed |
@@ -1220,6 +1232,10 @@ QPDF::decryptString(std::string& str, in
|
|
|
c9c41ed |
QUtil::int_to_string(objid) + " " +
|
|
|
c9c41ed |
QUtil::int_to_string(generation) + ": " + e.what());
|
|
|
c9c41ed |
}
|
|
|
c9c41ed |
+
|
|
|
c9c41ed |
+#ifdef HAVE_GNUTLS
|
|
|
c9c41ed |
+ gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
|
|
|
c9c41ed |
+#endif
|
|
|
c9c41ed |
}
|
|
|
c9c41ed |
|
|
|
c9c41ed |
void
|
|
|
c9c41ed |
@@ -1231,6 +1247,12 @@ QPDF::decryptStream(PointerHolder
|
|
|
c9c41ed |
bool is_attachment_stream,
|
|
|
c9c41ed |
std::vector<PointerHolder<Pipeline> >& heap)
|
|
|
c9c41ed |
{
|
|
|
c9c41ed |
+#ifdef HAVE_GNUTLS
|
|
|
c9c41ed |
+ unsigned oldmode = gnutls_fips140_mode_enabled();
|
|
|
c9c41ed |
+
|
|
|
c9c41ed |
+ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
|
|
|
c9c41ed |
+#endif
|
|
|
c9c41ed |
+
|
|
|
c9c41ed |
std::string type;
|
|
|
c9c41ed |
if (stream_dict.getKey("/Type").isName())
|
|
|
c9c41ed |
{
|
|
|
c9c41ed |
@@ -1360,6 +1382,10 @@ QPDF::decryptStream(PointerHolder
|
|
|
c9c41ed |
toI(key.length()));
|
|
|
c9c41ed |
}
|
|
|
c9c41ed |
heap.push_back(pipeline);
|
|
|
c9c41ed |
+
|
|
|
c9c41ed |
+#ifdef HAVE_GNUTLS
|
|
|
c9c41ed |
+ gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
|
|
|
c9c41ed |
+#endif
|
|
|
c9c41ed |
}
|
|
|
c9c41ed |
|
|
|
c9c41ed |
void
|
|
|
c9c41ed |
diff -up qpdf-9.0.1/libqpdf/QPDFWriter.cc.relax qpdf-9.0.1/libqpdf/QPDFWriter.cc
|
|
|
c9c41ed |
--- qpdf-9.0.1/libqpdf/QPDFWriter.cc.relax 2019-09-20 14:07:56.000000000 +0200
|
|
|
c9c41ed |
+++ qpdf-9.0.1/libqpdf/QPDFWriter.cc 2019-10-01 13:16:49.665013937 +0200
|
|
|
c9c41ed |
@@ -24,6 +24,10 @@
|
|
|
c9c41ed |
#include <algorithm>
|
|
|
c9c41ed |
#include <stdlib.h>
|
|
|
c9c41ed |
|
|
|
c9c41ed |
+#ifdef HAVE_GNUTLS
|
|
|
c9c41ed |
+#include <gnutls/crypto.h>
|
|
|
c9c41ed |
+#endif
|
|
|
c9c41ed |
+
|
|
|
c9c41ed |
QPDFWriter::Members::Members(QPDF& pdf) :
|
|
|
c9c41ed |
pdf(pdf),
|
|
|
c9c41ed |
filename("unspecified"),
|
|
|
c9c41ed |
@@ -321,6 +325,13 @@ void
|
|
|
c9c41ed |
QPDFWriter::setDeterministicID(bool val)
|
|
|
c9c41ed |
{
|
|
|
c9c41ed |
this->m->deterministic_id = val;
|
|
|
c9c41ed |
+
|
|
|
c9c41ed |
+#ifdef HAVE_GNUTLS
|
|
|
c9c41ed |
+ if (val)
|
|
|
c9c41ed |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
c9c41ed |
+ else
|
|
|
c9c41ed |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
c9c41ed |
+#endif
|
|
|
c9c41ed |
}
|
|
|
c9c41ed |
|
|
|
c9c41ed |
void
|
|
|
c9c41ed |
@@ -342,6 +353,13 @@ void
|
|
|
c9c41ed |
QPDFWriter::setPreserveEncryption(bool val)
|
|
|
c9c41ed |
{
|
|
|
c9c41ed |
this->m->preserve_encryption = val;
|
|
|
c9c41ed |
+
|
|
|
c9c41ed |
+#ifdef HAVE_GNUTLS
|
|
|
c9c41ed |
+ if (val)
|
|
|
c9c41ed |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
c9c41ed |
+ else
|
|
|
c9c41ed |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
c9c41ed |
+#endif
|
|
|
c9c41ed |
}
|
|
|
c9c41ed |
|
|
|
c9c41ed |
void
|