|
|
b6b438 |
From 4728c82b9a9d857bac4cf04434856daa8d739995 Mon Sep 17 00:00:00 2001
|
|
|
b6b438 |
From: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
Date: Wed, 15 May 2019 08:41:12 +0200
|
|
|
b6b438 |
Subject: [PATCH 004/187] s3:profile: Allow profile subsystem to use SHA1 in
|
|
|
b6b438 |
FIPS mode
|
|
|
b6b438 |
|
|
|
b6b438 |
This is non-cryptographic use.
|
|
|
b6b438 |
|
|
|
b6b438 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
|
|
b6b438 |
|
|
|
b6b438 |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
|
b6b438 |
|
|
|
b6b438 |
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
|
|
|
b6b438 |
Autobuild-Date(master): Tue Jul 9 13:31:46 UTC 2019 on sn-devel-184
|
|
|
b6b438 |
|
|
|
b6b438 |
(cherry picked from commit ccf3e76625c42f5aceea0882971a232a9f56a971)
|
|
|
b6b438 |
---
|
|
|
b6b438 |
source3/profile/profile.c | 7 +++++++
|
|
|
b6b438 |
1 file changed, 7 insertions(+)
|
|
|
b6b438 |
|
|
|
b6b438 |
diff --git a/source3/profile/profile.c b/source3/profile/profile.c
|
|
|
b6b438 |
index 90a30f01f58..7e17d065d75 100644
|
|
|
b6b438 |
--- a/source3/profile/profile.c
|
|
|
b6b438 |
+++ b/source3/profile/profile.c
|
|
|
b6b438 |
@@ -35,6 +35,7 @@
|
|
|
b6b438 |
|
|
|
b6b438 |
#include <gnutls/gnutls.h>
|
|
|
b6b438 |
#include <gnutls/crypto.h>
|
|
|
b6b438 |
+#include "lib/crypto/gnutls_helpers.h"
|
|
|
b6b438 |
|
|
|
b6b438 |
struct profile_stats *profile_p;
|
|
|
b6b438 |
struct smbprofile_global_state smbprofile_state;
|
|
|
b6b438 |
@@ -154,6 +155,8 @@ bool profile_setup(struct messaging_context *msg_ctx, bool rdonly)
|
|
|
b6b438 |
reqprofile_message);
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
|
b6b438 |
+
|
|
|
b6b438 |
rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_SHA1);
|
|
|
b6b438 |
if (rc < 0) {
|
|
|
b6b438 |
goto out;
|
|
|
b6b438 |
@@ -212,6 +215,8 @@ bool profile_setup(struct messaging_context *msg_ctx, bool rdonly)
|
|
|
b6b438 |
|
|
|
b6b438 |
gnutls_hash_deinit(hash_hnd, digest);
|
|
|
b6b438 |
|
|
|
b6b438 |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
b6b438 |
+
|
|
|
b6b438 |
profile_p = &smbprofile_state.stats.global;
|
|
|
b6b438 |
|
|
|
b6b438 |
profile_p->magic = BVAL(digest, 0);
|
|
|
b6b438 |
@@ -221,6 +226,8 @@ bool profile_setup(struct messaging_context *msg_ctx, bool rdonly)
|
|
|
b6b438 |
|
|
|
b6b438 |
ok = true;
|
|
|
b6b438 |
out:
|
|
|
b6b438 |
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
|
b6b438 |
+
|
|
|
b6b438 |
return ok;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
--
|
|
|
b6b438 |
2.23.0
|
|
|
b6b438 |
|