diff options
Diffstat (limited to 'cups/hash.c')
-rw-r--r-- | cups/hash.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/cups/hash.c b/cups/hash.c index a31372595..621d119d4 100644 --- a/cups/hash.c +++ b/cups/hash.c @@ -190,6 +190,13 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ unsigned char temp[64]; /* Temporary hash buffer */ size_t tempsize = 0; /* Truncate to this size? */ + +# ifdef HAVE_GNUTLS_FIPS140_SET_MODE + unsigned oldmode = gnutls_fips140_mode_enabled(); + + gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD); +# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ + if (!strcmp(algorithm, "md5")) alg = GNUTLS_DIG_MD5; else if (!strcmp(algorithm, "sha")) @@ -227,6 +234,10 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ gnutls_hash_fast(alg, data, datalen, temp); memcpy(hash, temp, tempsize); +# ifdef HAVE_GNUTLS_FIPS140_SET_MODE + gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD); +# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ + return ((ssize_t)tempsize); } @@ -235,9 +246,17 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ gnutls_hash_fast(alg, data, datalen, hash); +# ifdef HAVE_GNUTLS_FIPS140_SET_MODE + gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD); +# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ + return ((ssize_t)gnutls_hash_get_len(alg)); } +# ifdef HAVE_GNUTLS_FIPS140_SET_MODE + gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD); +# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ + #else /* * No hash support beyond MD5 without CommonCrypto or GNU TLS... @@ -271,6 +290,10 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ too_small: +#ifdef HAVE_GNUTLS_FIPS140_SET_MODE + gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD); +#endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Hash buffer too small."), 1); return (-1); } |