diff options
author | Michael R Sweet <michael.r.sweet@gmail.com> | 2019-08-01 14:24:58 -0400 |
---|---|---|
committer | Michael R Sweet <michael.r.sweet@gmail.com> | 2019-08-01 14:24:58 -0400 |
commit | 9ec6124c376bc0e12a711997264c886130510eda (patch) | |
tree | e4a9849d36b99ffcfaf821d5cfb8da96bd15e047 /cups | |
parent | 8e048e4d39bee9d6b0849d5804a625a064957459 (diff) | |
download | cups-9ec6124c376bc0e12a711997264c886130510eda.tar.gz |
GNU TLS FIPS140 support (Issue #5601, Issue #5622)
Diffstat (limited to 'cups')
-rw-r--r-- | cups/hash.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/cups/hash.c b/cups/hash.c index 061486076..7b3ea818e 100644 --- a/cups/hash.c +++ b/cups/hash.c @@ -185,6 +185,13 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ unsigned char temp[64]; /* Temporary hash buffer */ size_t tempsize = 0; /* Truncate to this size? */ + +# ifdef HAVE_GNUTLS_FIPS140_SET_MODE + unsigned oldmode = gnutls_fips140_mode_enabled(); + + gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD); +# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ + if (!strcmp(algorithm, "md5")) alg = GNUTLS_DIG_MD5; else if (!strcmp(algorithm, "sha")) @@ -222,6 +229,10 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ gnutls_hash_fast(alg, data, datalen, temp); memcpy(hash, temp, tempsize); +# ifdef HAVE_GNUTLS_FIPS140_SET_MODE + gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD); +# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ + return ((ssize_t)tempsize); } @@ -230,9 +241,17 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ gnutls_hash_fast(alg, data, datalen, hash); +# ifdef HAVE_GNUTLS_FIPS140_SET_MODE + gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD); +# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ + return ((ssize_t)gnutls_hash_get_len(alg)); } +# ifdef HAVE_GNUTLS_FIPS140_SET_MODE + gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD); +# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ + #else /* * No hash support beyond MD5 without CommonCrypto or GNU TLS... @@ -266,6 +285,10 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ too_small: +#ifdef HAVE_GNUTLS_FIPS140_SET_MODE + gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD); +#endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Hash buffer too small."), 1); return (-1); } |