From: Andreas Schneider Date: Tue, 6 Nov 2018 16:07:24 +0000 (+0100) Subject: s4:torture: Use GnuTLS MD5 in samr password tests X-Git-Tag: ldb-2.0.5~708 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4e6a277242a0acf2936d62f2d7d024d6c5ac08ef;p=thirdparty%2Fsamba.git s4:torture: Use GnuTLS MD5 in samr password tests Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett --- diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index cb4778ecd79..b9afce460c1 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -48,6 +48,18 @@ #define TEST_MACHINENAME "samrtestmach$" #define TEST_DOMAINNAME "samrtestdom$" +#include +#include + +/* Those macros are only available in GnuTLS >= 3.6.4 */ +#ifndef GNUTLS_FIPS140_SET_LAX_MODE +#define GNUTLS_FIPS140_SET_LAX_MODE() +#endif + +#ifndef GNUTLS_FIPS140_SET_STRICT_MODE +#define GNUTLS_FIPS140_SET_STRICT_MODE() +#endif + enum torture_samr_choice { TORTURE_SAMR_PASSWORDS, TORTURE_SAMR_PASSWORDS_PWDLASTSET, @@ -766,7 +778,7 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc uint8_t confounder[16]; char *newpass; struct dcerpc_binding_handle *b = p->binding_handle; - MD5_CTX ctx; + gnutls_hash_hd_t hash_hnd; struct samr_GetUserPwInfo pwp; struct samr_PwInfo info; int policy_min_pw_len = 0; @@ -800,10 +812,14 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc generate_random_buffer((uint8_t *)confounder, 16); - MD5Init(&ctx); - MD5Update(&ctx, confounder, 16); - MD5Update(&ctx, session_key.data, session_key.length); - MD5Final(confounded_session_key.data, &ctx); + GNUTLS_FIPS140_SET_LAX_MODE(); + + gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + gnutls_hash(hash_hnd, confounder, 16); + gnutls_hash(hash_hnd, session_key.data, session_key.length); + gnutls_hash_deinit(hash_hnd, confounded_session_key.data); + + GNUTLS_FIPS140_SET_STRICT_MODE(); arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key); memcpy(&u.info26.password.data[516], confounder, 16); @@ -857,7 +873,7 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t bool ret = true; DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); - MD5_CTX ctx; + gnutls_hash_hd_t hash_hnd; uint8_t confounder[16]; char *newpass; struct dcerpc_binding_handle *b = p->binding_handle; @@ -893,10 +909,14 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t generate_random_buffer((uint8_t *)confounder, 16); - MD5Init(&ctx); - MD5Update(&ctx, confounder, 16); - MD5Update(&ctx, session_key.data, session_key.length); - MD5Final(confounded_session_key.data, &ctx); + GNUTLS_FIPS140_SET_LAX_MODE(); + + gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + gnutls_hash(hash_hnd, confounder, 16); + gnutls_hash(hash_hnd, session_key.data, session_key.length); + gnutls_hash_deinit(hash_hnd, confounded_session_key.data); + + GNUTLS_FIPS140_SET_STRICT_MODE(); arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key); memcpy(&u.info25.password.data[516], confounder, 16); @@ -1147,7 +1167,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, bool ret = true; DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); - MD5_CTX ctx; + gnutls_hash_hd_t hash_hnd; uint8_t confounder[16]; char *newpass; struct dcerpc_binding_handle *b = p->binding_handle; @@ -1258,10 +1278,14 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, generate_random_buffer((uint8_t *)confounder, 16); - MD5Init(&ctx); - MD5Update(&ctx, confounder, 16); - MD5Update(&ctx, session_key.data, session_key.length); - MD5Final(confounded_session_key.data, &ctx); + GNUTLS_FIPS140_SET_LAX_MODE(); + + gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + gnutls_hash(hash_hnd, confounder, 16); + gnutls_hash(hash_hnd, session_key.data, session_key.length); + gnutls_hash_deinit(hash_hnd, confounded_session_key.data); + + GNUTLS_FIPS140_SET_STRICT_MODE(); switch (level) { case 18: @@ -2631,7 +2655,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex DATA_BLOB session_key; DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); uint8_t confounder[16]; - MD5_CTX ctx; + gnutls_hash_hd_t hash_hnd; bool ret = true; struct lsa_String server, account; @@ -2674,10 +2698,14 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex generate_random_buffer((uint8_t *)confounder, 16); - MD5Init(&ctx); - MD5Update(&ctx, confounder, 16); - MD5Update(&ctx, session_key.data, session_key.length); - MD5Final(confounded_session_key.data, &ctx); + GNUTLS_FIPS140_SET_LAX_MODE(); + + gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); + gnutls_hash(hash_hnd, confounder, 16); + gnutls_hash(hash_hnd, session_key.data, session_key.length); + gnutls_hash_deinit(hash_hnd, confounded_session_key.data); + + GNUTLS_FIPS140_SET_STRICT_MODE(); arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key); memcpy(&u.info25.password.data[516], confounder, 16);