2 files changed, 20 insertions, 9 deletions

diff --git a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile
index 0b6443191..7d676146a 100644
--- a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile
+++ b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile
@@ -5,8 +5,8 @@ LIB64DIR ?= $(PREFIX)/lib64/$(DIRSRV)/plugins
 SHAREDIR = $(DESTDIR)/usr/share/ipa
 
 SONAME = libipa_pwd_extop.so
-LDFLAGS += -lkrb5 -llber -lldap -lmhash -llber -lssl
-CFLAGS ?= -Wall -Wshadow -O2
+LDFLAGS += -lkrb5 -llber -lldap -llber -lssl
+CFLAGS ?= -g -Wall -Wshadow
 CFLAGS += -I/usr/include/$(DIRSRV) -I/usr/include/nss3 -I/usr/include/mozldap -I/usr/include/nspr4 -fPIC -DPIC
 
 OBJS = $(patsubst %.c,%.o,$(wildcard *.c))
diff --git a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index b4dafb847..f3771204a 100644
--- a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -66,8 +66,8 @@
 #include <lber.h>
 #include <time.h>
 #include <iconv.h>
-#include <mhash.h>
 #include <openssl/des.h>
+#include <openssl/md4.h>
 
 /* Type of connection for this operation;*/
 #define LDAP_EXTOP_PASSMOD_CONN_SECURE
@@ -576,7 +576,7 @@ static int encode_ntlm_keys(char *newPasswd, unsigned int flags, struct ntlm_key
 		size_t cs, il, ol, sl;
 		char *inc, *outc;
 		char *ucs2Passwd;
-		MHASH td;
+		MD4_CTX md4ctx;
 
 		/* TODO: must store the dos charset somewhere in the directory */
 		cd = iconv_open(KTF_UCS2, KTF_UTF8);
@@ -615,20 +615,31 @@ static int encode_ntlm_keys(char *newPasswd, unsigned int flags, struct ntlm_key
 			sl = 28;
 		}
 		
-		td = mhash_init(MHASH_MD4);
-		if (td == MHASH_FAILED) {
+		ret = MD4_Init(&md4ctx);
+		if (ret == 0) {
+			ret = -1;
+			free(ucs2Passwd);
+			goto done;
+		}
+		ret = MD4_Update(&md4ctx, ucs2Passwd, sl);
+		if (ret == 0) {
+			ret = -1;
+			free(ucs2Passwd);
+			goto done;
+		}
+		ret = MD4_Final(keys->nt, &md4ctx);
+		if (ret == 0) {
 			ret = -1;
 			free(ucs2Passwd);
 			goto done;
 		}
-
-		mhash(td, ucs2Passwd, sl);
-		mhash_deinit(td, keys->nt);
 
 	} else {
 		memset(keys->nt, 0, 16);
 	}
 
+	ret = 0;
+
 done:
 	return ret;
 }