qpdf/qpdf-relax.patch

diff -up qpdf-10.2.0/libqpdf/QPDF.cc.relax qpdf-10.2.0/libqpdf/QPDF.cc
--- qpdf-10.2.0/libqpdf/QPDF.cc.relax	2021-02-23 16:41:58.000000000 +0100
+++ qpdf-10.2.0/libqpdf/QPDF.cc	2021-02-24 12:35:50.715329461 +0100
@@ -11,6 +11,10 @@
 #include <string.h>
 #include <memory.h>
 
+#ifdef HAVE_GNUTLS
+# include <gnutls/crypto.h>
+#endif
+
 #include <qpdf/QTC.hh>
 #include <qpdf/QUtil.hh>
 #include <qpdf/Pipeline.hh>
@@ -261,7 +265,13 @@ QPDF::processFile(char const* filename,
 {
     FileInputSource* fi = new FileInputSource();
     fi->setFilename(filename);
+#ifdef HAVE_GNUTLS
+    GNUTLS_FIPS140_SET_LAX_MODE();
+#endif
     processInputSource(fi, password);
+#ifdef HAVE_GNUTLS
+    GNUTLS_FIPS140_SET_STRICT_MODE();
+#endif
 }
 
 void
@@ -270,7 +280,13 @@ QPDF::processFile(char const* descriptio
 {
     FileInputSource* fi = new FileInputSource();
     fi->setFile(description, filep, close_file);
+#ifdef HAVE_GNUTLS
+    GNUTLS_FIPS140_SET_LAX_MODE();
+#endif
     processInputSource(fi, password);
+#ifdef HAVE_GNUTLS
+    GNUTLS_FIPS140_SET_STRICT_MODE();
+#endif
 }
 
 void
diff -up qpdf-10.2.0/libqpdf/QPDF_encryption.cc.relax qpdf-10.2.0/libqpdf/QPDF_encryption.cc
--- qpdf-10.2.0/libqpdf/QPDF_encryption.cc.relax	2021-02-23 16:41:58.000000000 +0100
+++ qpdf-10.2.0/libqpdf/QPDF_encryption.cc	2021-02-24 12:37:17.267561185 +0100
@@ -1,6 +1,8 @@
 // This file implements methods from the QPDF class that involve
 // encryption.
 
+#include <qpdf/qpdf-config.h>
+
 #include <qpdf/QPDF.hh>
 
 #include <qpdf/QPDFExc.hh>
@@ -18,6 +20,10 @@
 #include <assert.h>
 #include <string.h>
 
+#ifdef HAVE_GNUTLS
+# include <gnutls/crypto.h>
+#endif
+
 static unsigned char const padding_string[] = {
     0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
     0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
@@ -1150,6 +1156,12 @@ QPDF::getKeyForObject(
 void
 QPDF::decryptString(std::string& str, int objid, int generation)
 {
+#ifdef HAVE_GNUTLS
+    unsigned oldmode = gnutls_fips140_mode_enabled();
+
+    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
+#endif
+
     if (objid == 0)
     {
 	return;
@@ -1230,6 +1242,10 @@ QPDF::decryptString(std::string& str, in
 		      QUtil::int_to_string(objid) + " " +
 		      QUtil::int_to_string(generation) + ": " + e.what());
     }
+
+#ifdef HAVE_GNUTLS
+    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
+#endif
 }
 
 void
@@ -1240,6 +1256,12 @@ QPDF::decryptStream(PointerHolder<Encryp
 		    QPDFObjectHandle& stream_dict,
 		    std::vector<PointerHolder<Pipeline> >& heap)
 {
+#ifdef HAVE_GNUTLS
+    unsigned oldmode = gnutls_fips140_mode_enabled();
+
+    gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD);
+#endif
+
     std::string type;
     if (stream_dict.getKey("/Type").isName())
     {
@@ -1361,6 +1383,10 @@ QPDF::decryptStream(PointerHolder<Encryp
                               toI(key.length()));
     }
     heap.push_back(pipeline);
+
+#ifdef HAVE_GNUTLS
+    gnutls_fips140_set_mode(static_cast<gnutls_fips_mode_t>(oldmode), GNUTLS_FIPS140_SET_MODE_THREAD);
+#endif
 }
 
 void
diff -up qpdf-10.2.0/libqpdf/QPDFWriter.cc.relax qpdf-10.2.0/libqpdf/QPDFWriter.cc
--- qpdf-10.2.0/libqpdf/QPDFWriter.cc.relax	2021-02-23 16:41:58.000000000 +0100
+++ qpdf-10.2.0/libqpdf/QPDFWriter.cc	2021-02-24 12:35:50.716329452 +0100
@@ -24,6 +24,10 @@
 #include <algorithm>
 #include <stdlib.h>
 
+#ifdef HAVE_GNUTLS
+#include <gnutls/crypto.h>
+#endif
+
 QPDFWriter::Members::Members(QPDF& pdf) :
     pdf(pdf),
     filename("unspecified"),
@@ -321,6 +325,13 @@ void
 QPDFWriter::setDeterministicID(bool val)
 {
     this->m->deterministic_id = val;
+
+#ifdef HAVE_GNUTLS
+    if (val)
+	GNUTLS_FIPS140_SET_LAX_MODE();
+    else
+	GNUTLS_FIPS140_SET_STRICT_MODE();
+#endif
 }
 
 void
@@ -342,6 +353,13 @@ void
 QPDFWriter::setPreserveEncryption(bool val)
 {
     this->m->preserve_encryption = val;
+
+#ifdef HAVE_GNUTLS
+    if (val)
+	GNUTLS_FIPS140_SET_STRICT_MODE();
+    else
+	GNUTLS_FIPS140_SET_LAX_MODE();
+#endif
 }
 
 void