s4:torture: Use GnuTLS MD5 for samr password

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index b9afce460c16055a77802a2897fd26cfe42c5ccd..eb1bb14a55592fd5fc9e29dba7723e46ae79b543 100644 (file)
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -51,15 +51,6 @@
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
 
-/* Those macros are only available in GnuTLS >= 3.6.4 */
-#ifndef GNUTLS_FIPS140_SET_LAX_MODE
-#define GNUTLS_FIPS140_SET_LAX_MODE()
-#endif
-
-#ifndef GNUTLS_FIPS140_SET_STRICT_MODE
-#define GNUTLS_FIPS140_SET_STRICT_MODE()
-#endif
-
 enum torture_samr_choice {
        TORTURE_SAMR_PASSWORDS,
        TORTURE_SAMR_PASSWORDS_PWDLASTSET,
@@ -812,15 +803,11 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
 
        generate_random_buffer((uint8_t *)confounder, 16);
 
-       GNUTLS_FIPS140_SET_LAX_MODE();
-
        gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
        gnutls_hash(hash_hnd, confounder, 16);
        gnutls_hash(hash_hnd, session_key.data, session_key.length);
        gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
 
-       GNUTLS_FIPS140_SET_STRICT_MODE();
-
        arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
        memcpy(&u.info26.password.data[516], confounder, 16);
 
@@ -909,15 +896,11 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
 
        generate_random_buffer((uint8_t *)confounder, 16);
 
-       GNUTLS_FIPS140_SET_LAX_MODE();
-
        gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
        gnutls_hash(hash_hnd, confounder, 16);
        gnutls_hash(hash_hnd, session_key.data, session_key.length);
        gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
 
-       GNUTLS_FIPS140_SET_STRICT_MODE();
-
        arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
        memcpy(&u.info25.password.data[516], confounder, 16);
 
@@ -1278,15 +1261,11 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
 
        generate_random_buffer((uint8_t *)confounder, 16);
 
-       GNUTLS_FIPS140_SET_LAX_MODE();
-
        gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
        gnutls_hash(hash_hnd, confounder, 16);
        gnutls_hash(hash_hnd, session_key.data, session_key.length);
        gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
 
-       GNUTLS_FIPS140_SET_STRICT_MODE();
-
        switch (level) {
        case 18:
                {
@@ -2698,15 +2677,11 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
 
        generate_random_buffer((uint8_t *)confounder, 16);
 
-       GNUTLS_FIPS140_SET_LAX_MODE();
-
        gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
        gnutls_hash(hash_hnd, confounder, 16);
        gnutls_hash(hash_hnd, session_key.data, session_key.length);
        gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
 
-       GNUTLS_FIPS140_SET_STRICT_MODE();
-
        arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
        memcpy(&u.info25.password.data[516], confounder, 16);