Revert GNU TLS FIPS-140 changes.

diff --git a/config-scripts/cups-ssl.m4 b/config-scripts/cups-ssl.m4
index 4ce926f517e64bda233941a639756255957910a2..c1648b1c10e7439ba5018d2d9b1e22eb5eac4e10 100644 (file)
--- a/config-scripts/cups-ssl.m4
+++ b/config-scripts/cups-ssl.m4
@@ -58,7 +58,6 @@ if test x$enable_ssl != xno; then
 
            SAVELIBS="$LIBS"
            LIBS="$LIBS $SSLLIBS"
-           AC_CHECK_FUNC(gnutls_fips140_set_mode, AC_DEFINE(HAVE_GNUTLS_FIPS140_SET_MODE))
            AC_CHECK_FUNC(gnutls_transport_set_pull_timeout_function, AC_DEFINE(HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION))
            AC_CHECK_FUNC(gnutls_priority_set_direct, AC_DEFINE(HAVE_GNUTLS_PRIORITY_SET_DIRECT))
            LIBS="$SAVELIBS"

diff --git a/config.h.in b/config.h.in
index 5e93a9dac0211da9a34531933055fed3a9d7a748..1c2d7a826c5711ed4637d3e3bca8d9693a3f51e2 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -301,13 +301,6 @@
 #undef HAVE_SSL
 
 
-/*
- * Do we have the gnutls_fips140_set_mode function?
- */
-
-#undef HAVE_GNUTLS_FIPS140_SET_MODE
-
-
 /*
  * Do we have the gnutls_transport_set_pull_timeout_function function?
  */

diff --git a/configure b/configure
index ac0646f10a27926c74b9cbb24653d9e38b73c94d..8c6e6e8f4d43b6fc2eefe4965698f156004cd1f0 100755 (executable)
--- a/configure
+++ b/configure
@@ -8308,12 +8308,6 @@ fi
 
            SAVELIBS="$LIBS"
            LIBS="$LIBS $SSLLIBS"
-           ac_fn_c_check_func "$LINENO" "gnutls_fips140_set_mode" "ac_cv_func_gnutls_fips140_set_mode"
-if test "x$ac_cv_func_gnutls_fips140_set_mode" = xyes; then :
-  $as_echo "#define HAVE_GNUTLS_FIPS140_SET_MODE 1" >>confdefs.h
-
-fi
-
            ac_fn_c_check_func "$LINENO" "gnutls_transport_set_pull_timeout_function" "ac_cv_func_gnutls_transport_set_pull_timeout_function"
 if test "x$ac_cv_func_gnutls_transport_set_pull_timeout_function" = xyes; then :
   $as_echo "#define HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION 1" >>confdefs.h

diff --git a/cups/hash.c b/cups/hash.c
index 7b3ea818eafefff577111c2aae5cdc9d3f021313..bfec994aabae7ac6ca733dff6ed21eb263888ad9 100644 (file)
--- a/cups/hash.c
+++ b/cups/hash.c
@@ -186,12 +186,6 @@ cupsHashData(const char    *algorithm,     /* I - Algorithm name */
   size_t       tempsize = 0;           /* Truncate to this size? */
 
 
-#  ifdef HAVE_GNUTLS_FIPS140_SET_MODE
-  unsigned oldmode = gnutls_fips140_mode_enabled();
-
-  gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
-#  endif /* HAVE_GNUTLS_FIPS140_SET_MODE */
-
   if (!strcmp(algorithm, "md5"))
     alg = GNUTLS_DIG_MD5;
   else if (!strcmp(algorithm, "sha"))
@@ -229,10 +223,6 @@ cupsHashData(const char    *algorithm,     /* I - Algorithm name */
       gnutls_hash_fast(alg, data, datalen, temp);
       memcpy(hash, temp, tempsize);
 
-#  ifdef HAVE_GNUTLS_FIPS140_SET_MODE
-      gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD);
-#  endif /* HAVE_GNUTLS_FIPS140_SET_MODE */
-
       return ((ssize_t)tempsize);
     }
 
@@ -241,17 +231,9 @@ cupsHashData(const char    *algorithm,     /* I - Algorithm name */
 
     gnutls_hash_fast(alg, data, datalen, hash);
 
-#  ifdef HAVE_GNUTLS_FIPS140_SET_MODE
-    gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD);
-#  endif /* HAVE_GNUTLS_FIPS140_SET_MODE */
-
     return ((ssize_t)gnutls_hash_get_len(alg));
   }
 
-#  ifdef HAVE_GNUTLS_FIPS140_SET_MODE
-  gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD);
-#  endif /* HAVE_GNUTLS_FIPS140_SET_MODE */
-
 #else
  /*
   * No hash support beyond MD5 without CommonCrypto or GNU TLS...
@@ -285,10 +267,6 @@ cupsHashData(const char    *algorithm,     /* I - Algorithm name */
 
   too_small:
 
-#ifdef HAVE_GNUTLS_FIPS140_SET_MODE
-  gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD);
-#endif /* HAVE_GNUTLS_FIPS140_SET_MODE */
-
   _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Hash buffer too small."), 1);
   return (-1);
 }

diff --git a/vcnet/config.h b/vcnet/config.h
index 993470fe9e68446e7cd3ec076bd7eb8a18e743eb..d85865a6ffcddd958ca33f23812104ddee065044 100644 (file)
--- a/vcnet/config.h
+++ b/vcnet/config.h
@@ -375,13 +375,6 @@ typedef unsigned long useconds_t;
 #define HAVE_SSL 1
 
 
-/*
- * Do we have the gnutls_fips140_set_mode function?
- */
-
-/* #undef HAVE_GNUTLS_FIPS140_SET_MODE */
-
-
 /*
  * Do we have the gnutls_transport_set_pull_timeout_function function?
  */

diff --git a/xcode/config.h b/xcode/config.h
index ea6035194ed5f7788a6a98ef1c808aceb96fd274..38998eee645d423f8ee0259070947531849d0e13 100644 (file)
--- a/xcode/config.h
+++ b/xcode/config.h
@@ -305,13 +305,6 @@
 #define HAVE_SSL 1
 
 
-/*
- * Do we have the gnutls_fips140_set_mode function?
- */
-
-/* #undef HAVE_GNUTLS_FIPS140_SET_MODE */
-
-
 /*
  * Do we have the gnutls_transport_set_pull_timeout_function function?
  */