From: Michael R Sweet Date: Tue, 3 Sep 2019 14:29:07 +0000 (-0400) Subject: Revert GNU TLS FIPS-140 changes. X-Git-Tag: v2.3.1~59 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=998a43a0ddc6fa4675e31c5d7fb61736e6a78125;p=thirdparty%2Fcups.git Revert GNU TLS FIPS-140 changes. --- diff --git a/config-scripts/cups-ssl.m4 b/config-scripts/cups-ssl.m4 index 4ce926f517..c1648b1c10 100644 --- a/config-scripts/cups-ssl.m4 +++ b/config-scripts/cups-ssl.m4 @@ -58,7 +58,6 @@ if test x$enable_ssl != xno; then SAVELIBS="$LIBS" LIBS="$LIBS $SSLLIBS" - AC_CHECK_FUNC(gnutls_fips140_set_mode, AC_DEFINE(HAVE_GNUTLS_FIPS140_SET_MODE)) AC_CHECK_FUNC(gnutls_transport_set_pull_timeout_function, AC_DEFINE(HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION)) AC_CHECK_FUNC(gnutls_priority_set_direct, AC_DEFINE(HAVE_GNUTLS_PRIORITY_SET_DIRECT)) LIBS="$SAVELIBS" diff --git a/config.h.in b/config.h.in index 5e93a9dac0..1c2d7a826c 100644 --- a/config.h.in +++ b/config.h.in @@ -301,13 +301,6 @@ #undef HAVE_SSL -/* - * Do we have the gnutls_fips140_set_mode function? - */ - -#undef HAVE_GNUTLS_FIPS140_SET_MODE - - /* * Do we have the gnutls_transport_set_pull_timeout_function function? */ diff --git a/configure b/configure index ac0646f10a..8c6e6e8f4d 100755 --- a/configure +++ b/configure @@ -8308,12 +8308,6 @@ fi SAVELIBS="$LIBS" LIBS="$LIBS $SSLLIBS" - ac_fn_c_check_func "$LINENO" "gnutls_fips140_set_mode" "ac_cv_func_gnutls_fips140_set_mode" -if test "x$ac_cv_func_gnutls_fips140_set_mode" = xyes; then : - $as_echo "#define HAVE_GNUTLS_FIPS140_SET_MODE 1" >>confdefs.h - -fi - ac_fn_c_check_func "$LINENO" "gnutls_transport_set_pull_timeout_function" "ac_cv_func_gnutls_transport_set_pull_timeout_function" if test "x$ac_cv_func_gnutls_transport_set_pull_timeout_function" = xyes; then : $as_echo "#define HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION 1" >>confdefs.h diff --git a/cups/hash.c b/cups/hash.c index 7b3ea818ea..bfec994aab 100644 --- a/cups/hash.c +++ b/cups/hash.c @@ -186,12 +186,6 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ size_t tempsize = 0; /* Truncate to this size? */ -# ifdef HAVE_GNUTLS_FIPS140_SET_MODE - unsigned oldmode = gnutls_fips140_mode_enabled(); - - gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD); -# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ - if (!strcmp(algorithm, "md5")) alg = GNUTLS_DIG_MD5; else if (!strcmp(algorithm, "sha")) @@ -229,10 +223,6 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ gnutls_hash_fast(alg, data, datalen, temp); memcpy(hash, temp, tempsize); -# ifdef HAVE_GNUTLS_FIPS140_SET_MODE - gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD); -# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ - return ((ssize_t)tempsize); } @@ -241,17 +231,9 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ gnutls_hash_fast(alg, data, datalen, hash); -# ifdef HAVE_GNUTLS_FIPS140_SET_MODE - gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD); -# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ - return ((ssize_t)gnutls_hash_get_len(alg)); } -# ifdef HAVE_GNUTLS_FIPS140_SET_MODE - gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD); -# endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ - #else /* * No hash support beyond MD5 without CommonCrypto or GNU TLS... @@ -285,10 +267,6 @@ cupsHashData(const char *algorithm, /* I - Algorithm name */ too_small: -#ifdef HAVE_GNUTLS_FIPS140_SET_MODE - gnutls_fips140_set_mode(oldmode, GNUTLS_FIPS140_SET_MODE_THREAD); -#endif /* HAVE_GNUTLS_FIPS140_SET_MODE */ - _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Hash buffer too small."), 1); return (-1); } diff --git a/vcnet/config.h b/vcnet/config.h index 993470fe9e..d85865a6ff 100644 --- a/vcnet/config.h +++ b/vcnet/config.h @@ -375,13 +375,6 @@ typedef unsigned long useconds_t; #define HAVE_SSL 1 -/* - * Do we have the gnutls_fips140_set_mode function? - */ - -/* #undef HAVE_GNUTLS_FIPS140_SET_MODE */ - - /* * Do we have the gnutls_transport_set_pull_timeout_function function? */ diff --git a/xcode/config.h b/xcode/config.h index ea6035194e..38998eee64 100644 --- a/xcode/config.h +++ b/xcode/config.h @@ -305,13 +305,6 @@ #define HAVE_SSL 1 -/* - * Do we have the gnutls_fips140_set_mode function? - */ - -/* #undef HAVE_GNUTLS_FIPS140_SET_MODE */ - - /* * Do we have the gnutls_transport_set_pull_timeout_function function? */