From 4728c82b9a9d857bac4cf04434856daa8d739995 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 15 May 2019 08:41:12 +0200
Subject: [PATCH 004/187] s3:profile: Allow profile subsystem to use SHA1 in
 FIPS mode

This is non-cryptographic use.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul  9 13:31:46 UTC 2019 on sn-devel-184

(cherry picked from commit ccf3e76625c42f5aceea0882971a232a9f56a971)
---
 source3/profile/profile.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source3/profile/profile.c b/source3/profile/profile.c
index 90a30f01f58..7e17d065d75 100644
--- a/source3/profile/profile.c
+++ b/source3/profile/profile.c
@@ -35,6 +35,7 @@
 
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
+#include "lib/crypto/gnutls_helpers.h"
 
 struct profile_stats *profile_p;
 struct smbprofile_global_state smbprofile_state;
@@ -154,6 +155,8 @@ bool profile_setup(struct messaging_context *msg_ctx, bool rdonly)
 				   reqprofile_message);
 	}
 
+	GNUTLS_FIPS140_SET_LAX_MODE();
+
 	rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_SHA1);
 	if (rc < 0) {
 		goto out;
@@ -212,6 +215,8 @@ bool profile_setup(struct messaging_context *msg_ctx, bool rdonly)
 
 	gnutls_hash_deinit(hash_hnd, digest);
 
+	GNUTLS_FIPS140_SET_STRICT_MODE();
+
 	profile_p = &smbprofile_state.stats.global;
 
 	profile_p->magic = BVAL(digest, 0);
@@ -221,6 +226,8 @@ bool profile_setup(struct messaging_context *msg_ctx, bool rdonly)
 
 	ok = true;
 out:
+	GNUTLS_FIPS140_SET_STRICT_MODE();
+
 	return ok;
 }
 
-- 
2.23.0