#define TEST_MACHINENAME "samrtestmach$"
#define TEST_DOMAINNAME "samrtestdom$"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+/* Those macros are only available in GnuTLS >= 3.6.4 */
+#ifndef GNUTLS_FIPS140_SET_LAX_MODE
+#define GNUTLS_FIPS140_SET_LAX_MODE()
+#endif
+
+#ifndef GNUTLS_FIPS140_SET_STRICT_MODE
+#define GNUTLS_FIPS140_SET_STRICT_MODE()
+#endif
+
enum torture_samr_choice {
TORTURE_SAMR_PASSWORDS,
TORTURE_SAMR_PASSWORDS_PWDLASTSET,
uint8_t confounder[16];
char *newpass;
struct dcerpc_binding_handle *b = p->binding_handle;
- MD5_CTX ctx;
+ gnutls_hash_hd_t hash_hnd;
struct samr_GetUserPwInfo pwp;
struct samr_PwInfo info;
int policy_min_pw_len = 0;
generate_random_buffer((uint8_t *)confounder, 16);
- MD5Init(&ctx);
- MD5Update(&ctx, confounder, 16);
- MD5Update(&ctx, session_key.data, session_key.length);
- MD5Final(confounded_session_key.data, &ctx);
+ GNUTLS_FIPS140_SET_LAX_MODE();
+
+ gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+ gnutls_hash(hash_hnd, confounder, 16);
+ gnutls_hash(hash_hnd, session_key.data, session_key.length);
+ gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
+
+ GNUTLS_FIPS140_SET_STRICT_MODE();
arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
memcpy(&u.info26.password.data[516], confounder, 16);
bool ret = true;
DATA_BLOB session_key;
DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
- MD5_CTX ctx;
+ gnutls_hash_hd_t hash_hnd;
uint8_t confounder[16];
char *newpass;
struct dcerpc_binding_handle *b = p->binding_handle;
generate_random_buffer((uint8_t *)confounder, 16);
- MD5Init(&ctx);
- MD5Update(&ctx, confounder, 16);
- MD5Update(&ctx, session_key.data, session_key.length);
- MD5Final(confounded_session_key.data, &ctx);
+ GNUTLS_FIPS140_SET_LAX_MODE();
+
+ gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+ gnutls_hash(hash_hnd, confounder, 16);
+ gnutls_hash(hash_hnd, session_key.data, session_key.length);
+ gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
+
+ GNUTLS_FIPS140_SET_STRICT_MODE();
arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
memcpy(&u.info25.password.data[516], confounder, 16);
bool ret = true;
DATA_BLOB session_key;
DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
- MD5_CTX ctx;
+ gnutls_hash_hd_t hash_hnd;
uint8_t confounder[16];
char *newpass;
struct dcerpc_binding_handle *b = p->binding_handle;
generate_random_buffer((uint8_t *)confounder, 16);
- MD5Init(&ctx);
- MD5Update(&ctx, confounder, 16);
- MD5Update(&ctx, session_key.data, session_key.length);
- MD5Final(confounded_session_key.data, &ctx);
+ GNUTLS_FIPS140_SET_LAX_MODE();
+
+ gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+ gnutls_hash(hash_hnd, confounder, 16);
+ gnutls_hash(hash_hnd, session_key.data, session_key.length);
+ gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
+
+ GNUTLS_FIPS140_SET_STRICT_MODE();
switch (level) {
case 18:
DATA_BLOB session_key;
DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
uint8_t confounder[16];
- MD5_CTX ctx;
+ gnutls_hash_hd_t hash_hnd;
bool ret = true;
struct lsa_String server, account;
generate_random_buffer((uint8_t *)confounder, 16);
- MD5Init(&ctx);
- MD5Update(&ctx, confounder, 16);
- MD5Update(&ctx, session_key.data, session_key.length);
- MD5Final(confounded_session_key.data, &ctx);
+ GNUTLS_FIPS140_SET_LAX_MODE();
+
+ gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+ gnutls_hash(hash_hnd, confounder, 16);
+ gnutls_hash(hash_hnd, session_key.data, session_key.length);
+ gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
+
+ GNUTLS_FIPS140_SET_STRICT_MODE();
arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
memcpy(&u.info25.password.data[516], confounder, 16);