diff options
| author | CoprDistGit <infra@openeuler.org> | 2024-08-01 10:17:22 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2024-08-01 10:17:22 +0000 |
| commit | bd1b9654a597b2214071c1188ad683e708721f4b (patch) | |
| tree | fcc22946609eb505eadb3fb5cfcea61369a50d2c /aide-0.16b1-fipsfix.patch | |
| parent | 374ae3091442fd5cd7442a65ca2bffeada2fb3bc (diff) | |
automatic import of aideopeneuler24.03_LTSopeneuler23.09
Diffstat (limited to 'aide-0.16b1-fipsfix.patch')
| -rw-r--r-- | aide-0.16b1-fipsfix.patch | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/aide-0.16b1-fipsfix.patch b/aide-0.16b1-fipsfix.patch new file mode 100644 index 0000000..434d74e --- /dev/null +++ b/aide-0.16b1-fipsfix.patch @@ -0,0 +1,103 @@ +diff -up ./src/aide.c.orig ./aide-0.16b1/src/aide.c +--- ./src/aide.c.orig 2016-07-12 11:10:08.013158385 +0200 ++++ ./src/aide.c 2016-07-12 11:30:54.867833064 +0200 +@@ -511,9 +511,28 @@ int main(int argc,char**argv) + #endif + umask(0177); + init_sighandler(); +- + setdefaults_before_config(); + ++#if WITH_GCRYPT ++ error(255,"Gcrypt library initialization\n"); ++ /* ++ * Initialize libgcrypt as per ++ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html ++ * ++ * ++ */ ++ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0); ++ gcry_control(GCRYCTL_INIT_SECMEM, 1); ++ ++ if(!gcry_check_version(GCRYPT_VERSION)) { ++ error(0,"libgcrypt version mismatch\n"); ++ exit(VERSION_MISMATCH_ERROR); ++ } ++ ++ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); ++#endif /* WITH_GCRYPT */ ++ ++ + if(read_param(argc,argv)==RETFAIL){ + error(0, _("Invalid argument\n") ); + exit(INVALID_ARGUMENT_ERROR); +@@ -646,6 +665,9 @@ int main(int argc,char**argv) + } + #endif + } ++#ifdef WITH_GCRYPT ++ gcry_control(GCRYCTL_TERM_SECMEM, 0); ++#endif /* WITH_GCRYPT */ + return RETOK; + } + const char* aide_key_3=CONFHMACKEY_03; +diff -up ./src/md.c.orig ./aide-0.16b1/src/md.c +--- ./src/md.c.orig 2016-04-15 23:30:16.000000000 +0200 ++++ ./src/md.c 2016-07-12 11:35:04.007675329 +0200 +@@ -201,14 +201,7 @@ int init_md(struct md_container* md) { + } + #endif + #ifdef WITH_GCRYPT +- error(255,"Gcrypt library initialization\n"); +- if(!gcry_check_version(GCRYPT_VERSION)) { +- error(0,"libgcrypt version mismatch\n"); +- exit(VERSION_MISMATCH_ERROR); +- } +- gcry_control(GCRYCTL_DISABLE_SECMEM, 0); +- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); +- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){ ++ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ + error(0,"gcrypt_md_open failed\n"); + exit(IO_ERROR); + } +@@ -299,7 +292,7 @@ int close_md(struct md_container* md) { + + /*. There might be more hashes in the library. Add those here.. */ + +- gcry_md_reset(md->mdh); ++ gcry_md_close(md->mdh); + #endif + + #ifdef WITH_MHASH +diff -up ./src/util.c.orig ./aide-0.16b1/src/util.c +--- ./src/util.c.orig 2016-07-12 11:39:17.023437355 +0200 ++++ ./src/util.c 2016-07-12 11:39:51.618721157 +0200 +@@ -519,28 +519,5 @@ int syslog_facility_lookup(char *s) + return(AIDE_SYSLOG_FACILITY); + } + +-/* We need these dummy stubs to fool the linker into believing that +- we do not need them at link time */ +- +-void* dlopen(char*filename,int flag) +-{ +- return NULL; +-} +- +-void* dlsym(void*handle,char*symbol) +-{ +- return NULL; +-} +- +-void* dlclose(void*handle) +-{ +- return NULL; +-} +- +-const char* dlerror(void) +-{ +- return NULL; +-} +- + const char* aide_key_2=CONFHMACKEY_02; + const char* db_key_2=DBHMACKEY_02; |