rpms / qpdf

Clone
Source Code
GIT

Blame qpdf-relax.patch

el6 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 main rawhide
  1.   rawhide
  2.   qpdf-relax.patch
Blob History Raw
c9c41ed 
diff -up qpdf-9.0.1/libqpdf/QPDF.cc.relax qpdf-9.0.1/libqpdf/QPDF.cc
c9c41ed 
--- qpdf-9.0.1/libqpdf/QPDF.cc.relax	2019-09-20 14:07:56.000000000 +0200
c9c41ed 
+++ qpdf-9.0.1/libqpdf/QPDF.cc	2019-10-01 13:15:46.513551565 +0200
c9c41ed 
@@ -10,6 +10,10 @@
c9c41ed 
 #include <string.h>
c9c41ed 
 #include <memory.h>
c9c41ed
c9c41ed 
+#ifdef HAVE_GNUTLS
c9c41ed 
+# include <gnutls/crypto.h>
c9c41ed 
+#endif
c9c41ed 
+
c9c41ed 
 #include <qpdf/QTC.hh>
c9c41ed 
 #include <qpdf/QUtil.hh>
c9c41ed 
 #include <qpdf/Pipeline.hh>
c9c41ed 
@@ -207,7 +211,13 @@ QPDF::processFile(char const* filename,
c9c41ed 
 {
c9c41ed 
     FileInputSource* fi = new FileInputSource();
c9c41ed 
     fi->setFilename(filename);
c9c41ed 
+#ifdef HAVE_GNUTLS
c9c41ed 
+    GNUTLS_FIPS140_SET_LAX_MODE();
c9c41ed 
+#endif
c9c41ed 
     processInputSource(fi, password);
c9c41ed 
+#ifdef HAVE_GNUTLS
c9c41ed 
+    GNUTLS_FIPS140_SET_STRICT_MODE();
c9c41ed 
+#endif
c9c41ed 
 }
c9c41ed
c9c41ed 
 void
c9c41ed 
@@ -216,7 +226,13 @@ QPDF::processFile(char const* descriptio
c9c41ed 
 {
c9c41ed 
     FileInputSource* fi = new FileInputSource();
c9c41ed 
     fi->setFile(description, filep, close_file);
c9c41ed 
+#ifdef HAVE_GNUTLS
c9c41ed 
+    GNUTLS_FIPS140_SET_LAX_MODE();
c9c41ed 
+#endif
c9c41ed 
     processInputSource(fi, password);
c9c41ed 
+#ifdef HAVE_GNUTLS
c9c41ed 
+    GNUTLS_FIPS140_SET_STRICT_MODE();
c9c41ed 
+#endif
c9c41ed 
 }
c9c41ed
c9c41ed 
 void
c9c41ed 
diff -up qpdf-9.0.1/libqpdf/QPDF_encryption.cc.relax qpdf-9.0.1/libqpdf/QPDF_encryption.cc
c9c41ed 
--- qpdf-9.0.1/libqpdf/QPDF_encryption.cc.relax	2019-09-20 14:07:56.000000000 +0200
c9c41ed 
+++ qpdf-9.0.1/libqpdf/QPDF_encryption.cc	2019-10-01 13:19:56.086467631 +0200
c9c41ed 
@@ -1,6 +1,8 @@
c9c41ed 
 // This file implements methods from the QPDF class that involve
c9c41ed 
 // encryption.
c9c41ed
c9c41ed 
+#include <qpdf/qpdf-config.h>
c9c41ed 
+
c9c41ed 
 #include <qpdf/QPDF.hh>
c9c41ed
c9c41ed 
 #include <qpdf/QPDFExc.hh>
c9c41ed 
@@ -18,6 +20,10 @@
c9c41ed 
 #include <assert.h>
c9c41ed 
 #include <string.h>
c9c41ed
c9c41ed 
+#ifdef HAVE_GNUTLS
c9c41ed 
+# include <gnutls/crypto.h>
c9c41ed 
+#endif
c9c41ed 
+
c9c41ed 
 static unsigned char const padding_string[] = {
c9c41ed 
     0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
c9c41ed 
     0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
c9c41ed 
@@ -1140,6 +1146,12 @@ QPDF::getKeyForObject(
c9c41ed 
 void
c9c41ed 
 QPDF::decryptString(std::string& str, int objid, int generation)
c9c41ed 
 {
c9c41ed 
+#ifdef HAVE_GNUTLS
c9c41ed 
+    unsigned oldmode = gnutls_fips140_mode_enabled();
c9c41ed 
+
c9c41ed 
+    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
c9c41ed 
+#endif
c9c41ed 
+
c9c41ed 
     if (objid == 0)
c9c41ed 
     {
c9c41ed 
 	return;
c9c41ed 
@@ -1220,6 +1232,10 @@ QPDF::decryptString(std::string& str, in
c9c41ed 
 		      QUtil::int_to_string(objid) + " " +
c9c41ed 
 		      QUtil::int_to_string(generation) + ": " + e.what());
c9c41ed 
     }
c9c41ed 
+
c9c41ed 
+#ifdef HAVE_GNUTLS
c9c41ed 
+    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
c9c41ed 
+#endif
c9c41ed 
 }
c9c41ed
c9c41ed 
 void
c9c41ed 
@@ -1231,6 +1247,12 @@ QPDF::decryptStream(PointerHolder
c9c41ed 
                     bool is_attachment_stream,
c9c41ed 
 		    std::vector<PointerHolder<Pipeline> >& heap)
c9c41ed 
 {
c9c41ed 
+#ifdef HAVE_GNUTLS
c9c41ed 
+    unsigned oldmode = gnutls_fips140_mode_enabled();
c9c41ed 
+
c9c41ed 
+    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
c9c41ed 
+#endif
c9c41ed 
+
c9c41ed 
     std::string type;
c9c41ed 
     if (stream_dict.getKey("/Type").isName())
c9c41ed 
     {
c9c41ed 
@@ -1360,6 +1382,10 @@ QPDF::decryptStream(PointerHolder
c9c41ed 
                               toI(key.length()));
c9c41ed 
     }
c9c41ed 
     heap.push_back(pipeline);
c9c41ed 
+
c9c41ed 
+#ifdef HAVE_GNUTLS
c9c41ed 
+    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
c9c41ed 
+#endif
c9c41ed 
 }
c9c41ed
c9c41ed 
 void
c9c41ed 
diff -up qpdf-9.0.1/libqpdf/QPDFWriter.cc.relax qpdf-9.0.1/libqpdf/QPDFWriter.cc
c9c41ed 
--- qpdf-9.0.1/libqpdf/QPDFWriter.cc.relax	2019-09-20 14:07:56.000000000 +0200
c9c41ed 
+++ qpdf-9.0.1/libqpdf/QPDFWriter.cc	2019-10-01 13:16:49.665013937 +0200
c9c41ed 
@@ -24,6 +24,10 @@
c9c41ed 
 #include <algorithm>
c9c41ed 
 #include <stdlib.h>
c9c41ed
c9c41ed 
+#ifdef HAVE_GNUTLS
c9c41ed 
+#include <gnutls/crypto.h>
c9c41ed 
+#endif
c9c41ed 
+
c9c41ed 
 QPDFWriter::Members::Members(QPDF& pdf) :
c9c41ed 
     pdf(pdf),
c9c41ed 
     filename("unspecified"),
c9c41ed 
@@ -321,6 +325,13 @@ void
c9c41ed 
 QPDFWriter::setDeterministicID(bool val)
c9c41ed 
 {
c9c41ed 
     this->m->deterministic_id = val;
c9c41ed 
+
c9c41ed 
+#ifdef HAVE_GNUTLS
c9c41ed 
+    if (val)
c9c41ed 
+	GNUTLS_FIPS140_SET_LAX_MODE();
c9c41ed 
+    else
c9c41ed 
+	GNUTLS_FIPS140_SET_STRICT_MODE();
c9c41ed 
+#endif
c9c41ed 
 }
c9c41ed
c9c41ed 
 void
c9c41ed 
@@ -342,6 +353,13 @@ void
c9c41ed 
 QPDFWriter::setPreserveEncryption(bool val)
c9c41ed 
 {
c9c41ed 
     this->m->preserve_encryption = val;
c9c41ed 
+
c9c41ed 
+#ifdef HAVE_GNUTLS
c9c41ed 
+    if (val)
c9c41ed 
+	GNUTLS_FIPS140_SET_STRICT_MODE();
c9c41ed 
+    else
c9c41ed 
+	GNUTLS_FIPS140_SET_LAX_MODE();
c9c41ed 
+#endif
c9c41ed 
 }
c9c41ed
c9c41ed 
 void
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.