SAVELIBS="$LIBS"
LIBS="$LIBS $SSLLIBS"
+ ac_fn_c_check_func "$LINENO" "gnutls_fips140_set_mode" "ac_cv_func_gnutls_fips140_set_mode"
+if test "x$ac_cv_func_gnutls_fips140_set_mode" = xyes; then :
+ $as_echo "#define HAVE_GNUTLS_FIPS140_SET_MODE 1" >>confdefs.h
+
+fi
+
ac_fn_c_check_func "$LINENO" "gnutls_transport_set_pull_timeout_function" "ac_cv_func_gnutls_transport_set_pull_timeout_function"
if test "x$ac_cv_func_gnutls_transport_set_pull_timeout_function" = xyes; then :
$as_echo "#define HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION 1" >>confdefs.h
unsigned char temp[64]; /* Temporary hash buffer */
size_t tempsize = 0; /* Truncate to this size? */
+
+# ifdef HAVE_GNUTLS_FIPS140_SET_MODE
+ unsigned oldmode = gnutls_fips140_mode_enabled();
+
+ gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
+# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */
+
if (!strcmp(algorithm, "md5"))
alg = GNUTLS_DIG_MD5;
else if (!strcmp(algorithm, "sha"))
gnutls_hash_fast(alg, data, datalen, temp);
memcpy(hash, temp, tempsize);
+# ifdef HAVE_GNUTLS_FIPS140_SET_MODE
+ gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD);
+# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */
+
return ((ssize_t)tempsize);
}
gnutls_hash_fast(alg, data, datalen, hash);
+# ifdef HAVE_GNUTLS_FIPS140_SET_MODE
+ gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD);
+# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */
+
return ((ssize_t)gnutls_hash_get_len(alg));
}
+# ifdef HAVE_GNUTLS_FIPS140_SET_MODE
+ gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD);
+# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */
+
#else
/*
* No hash support beyond MD5 without CommonCrypto or GNU TLS...
too_small:
+#ifdef HAVE_GNUTLS_FIPS140_SET_MODE
+ gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD);
+#endif /* HAVE_GNUTLS_FIPS140_SET_MODE */
+
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Hash buffer too small."), 1);
return (-1);
}