From f1fe9abde9375d06cd4b6f0265ee1af483bbfd14 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 15 May 2019 08:46:56 +0200
Subject: [PATCH 203/208] s4:samdb: Allow to hash password using MD5 in samdb

Those passwords are stored in the local database.

Signed-off-by: Andreas Schneider <asn@samba.org>
---
 source4/dsdb/samdb/ldb_modules/password_hash.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 006e35c46d5..1e94bb8f01c 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -48,7 +48,7 @@
 #include "auth/common_auth.h"
 #include "lib/messaging/messaging.h"
 
-#include <gnutls/gnutls.h>
+#include "lib/crypto/gnutls_helpers.h"
 #include <gnutls/crypto.h>
 
 #ifdef ENABLE_GPGME
@@ -1372,6 +1372,8 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io,
 	for (i=0; i < ARRAY_SIZE(wdigest); i++) {
 		gnutls_hash_hd_t hash_hnd = NULL;
 
+		GNUTLS_FIPS140_SET_LAX_MODE();
+
 		rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
 		if (rc < 0) {
 			rc = ldb_oom(ldb);
@@ -1436,10 +1438,13 @@ static int setup_primary_wdigest(struct setup_password_fields_io *io,
 		}
 
 		gnutls_hash_deinit(hash_hnd, pdb->hashes[i].hash);
+
+		GNUTLS_FIPS140_SET_STRICT_MODE();
 	}
 
 	rc = LDB_SUCCESS;
 out:
+	GNUTLS_FIPS140_SET_STRICT_MODE();
 	return rc;
 }
 
-- 
2.23.0