From eb8be250c7ea7ee39673f558d1d1fa17f0b885e4 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 6 Nov 2018 16:30:39 +0100
Subject: [PATCH] s4:torture: Use GnuTLS MD5 for samr password

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/torture/rpc/samr.c | 25 -------------------------
 1 file changed, 25 deletions(-)

diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index b9afce460c1..eb1bb14a555 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -51,15 +51,6 @@
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
 
-/* Those macros are only available in GnuTLS >= 3.6.4 */
-#ifndef GNUTLS_FIPS140_SET_LAX_MODE
-#define GNUTLS_FIPS140_SET_LAX_MODE()
-#endif
-
-#ifndef GNUTLS_FIPS140_SET_STRICT_MODE
-#define GNUTLS_FIPS140_SET_STRICT_MODE()
-#endif
-
 enum torture_samr_choice {
 	TORTURE_SAMR_PASSWORDS,
 	TORTURE_SAMR_PASSWORDS_PWDLASTSET,
@@ -812,15 +803,11 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
 
 	generate_random_buffer((uint8_t *)confounder, 16);
 
-	GNUTLS_FIPS140_SET_LAX_MODE();
-
 	gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
 	gnutls_hash(hash_hnd, confounder, 16);
 	gnutls_hash(hash_hnd, session_key.data, session_key.length);
 	gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
 
-	GNUTLS_FIPS140_SET_STRICT_MODE();
-
 	arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
 	memcpy(&u.info26.password.data[516], confounder, 16);
 
@@ -909,15 +896,11 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
 
 	generate_random_buffer((uint8_t *)confounder, 16);
 
-	GNUTLS_FIPS140_SET_LAX_MODE();
-
 	gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
 	gnutls_hash(hash_hnd, confounder, 16);
 	gnutls_hash(hash_hnd, session_key.data, session_key.length);
 	gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
 
-	GNUTLS_FIPS140_SET_STRICT_MODE();
-
 	arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
 	memcpy(&u.info25.password.data[516], confounder, 16);
 
@@ -1278,15 +1261,11 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
 
 	generate_random_buffer((uint8_t *)confounder, 16);
 
-	GNUTLS_FIPS140_SET_LAX_MODE();
-
 	gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
 	gnutls_hash(hash_hnd, confounder, 16);
 	gnutls_hash(hash_hnd, session_key.data, session_key.length);
 	gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
 
-	GNUTLS_FIPS140_SET_STRICT_MODE();
-
 	switch (level) {
 	case 18:
 		{
@@ -2698,15 +2677,11 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
 
 	generate_random_buffer((uint8_t *)confounder, 16);
 
-	GNUTLS_FIPS140_SET_LAX_MODE();
-
 	gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
 	gnutls_hash(hash_hnd, confounder, 16);
 	gnutls_hash(hash_hnd, session_key.data, session_key.length);
 	gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
 
-	GNUTLS_FIPS140_SET_STRICT_MODE();
-
 	arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
 	memcpy(&u.info25.password.data[516], confounder, 16);
 
-- 
2.47.3