diff options
Diffstat (limited to 'aide-0.16-crypto-disable-haval-and-others.patch')
| -rw-r--r-- | aide-0.16-crypto-disable-haval-and-others.patch | 153 |
1 files changed, 153 insertions, 0 deletions
diff --git a/aide-0.16-crypto-disable-haval-and-others.patch b/aide-0.16-crypto-disable-haval-and-others.patch new file mode 100644 index 0000000..a066fd9 --- /dev/null +++ b/aide-0.16-crypto-disable-haval-and-others.patch @@ -0,0 +1,153 @@ +diff -up ./include/md.h.crypto ./include/md.h +--- ./include/md.h.crypto 2016-07-25 22:56:55.000000000 +0200 ++++ ./include/md.h 2018-08-29 15:00:30.827491299 +0200 +@@ -149,6 +149,7 @@ int init_md(struct md_container*); + int update_md(struct md_container*,void*,ssize_t); + int close_md(struct md_container*); + void md2line(struct md_container*,struct db_line*); ++DB_ATTR_TYPE get_available_crypto(); + + + #endif /*_MD_H_INCLUDED*/ +diff -up ./src/aide.c.crypto ./src/aide.c +--- ./src/aide.c.crypto 2018-08-29 15:00:30.825491309 +0200 ++++ ./src/aide.c 2018-08-29 15:00:30.827491299 +0200 +@@ -349,7 +349,7 @@ static void setdefaults_before_config() + + conf->db_attrs = 0; + #if defined(WITH_MHASH) || defined(WITH_GCRYPT) +- conf->db_attrs |= DB_MD5|DB_TIGER|DB_HAVAL|DB_CRC32|DB_SHA1|DB_RMD160|DB_SHA256|DB_SHA512; ++ conf->db_attrs |= get_available_crypto(); + #ifdef WITH_MHASH + conf->db_attrs |= DB_GOST; + #ifdef HAVE_MHASH_WHIRLPOOL +diff -up ./src/md.c.crypto ./src/md.c +--- ./src/md.c.crypto 2018-08-29 15:00:30.823491319 +0200 ++++ ./src/md.c 2018-08-29 15:02:28.013903479 +0200 +@@ -78,6 +78,49 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) { + return r; + } + ++const char * hash_gcrypt2str(int i) { ++ char * r = "?"; ++#ifdef WITH_GCRYPT ++ switch (i) { ++ case GCRY_MD_MD5: { ++ r = "MD5"; ++ break; ++ } ++ case GCRY_MD_SHA1: { ++ r = "SHA1"; ++ break; ++ } ++ case GCRY_MD_RMD160: { ++ r = "RMD160"; ++ break; ++ } ++ case GCRY_MD_TIGER: { ++ r = "TIGER"; ++ break; ++ } ++ case GCRY_MD_HAVAL: { ++ r = "HAVAL"; ++ break; ++ } ++ case GCRY_MD_SHA256: { ++ r = "SHA256"; ++ break; ++ } ++ case GCRY_MD_SHA512: { ++ r = "SHA512"; ++ break; ++ } ++ case GCRY_MD_CRC32: { ++ r = "CRC32"; ++ break; ++ } ++ default: ++ break; ++ } ++#endif ++ return r; ++} ++ + DB_ATTR_TYPE hash_mhash2attr(int i) { + DB_ATTR_TYPE r=0; + #ifdef WITH_MHASH +@@ -163,6 +206,44 @@ DB_ATTR_TYPE hash_mhash2attr(int i) { + Initialise md_container according it's todo_attr field + */ + ++DB_ATTR_TYPE get_available_crypto() { ++ ++ DB_ATTR_TYPE ret = 0; ++ ++/* ++ * This function is usually called before config processing ++ * and default verbose level is 5 ++ */ ++#define lvl 255 ++ ++ error(lvl, "get_available_crypto called\n"); ++ ++#ifdef WITH_GCRYPT ++ ++ /* ++ * some initialization for FIPS ++ */ ++ gcry_check_version(NULL); ++ error(lvl, "Found algos:"); ++ ++ for(int i=0;i<=HASH_GCRYPT_COUNT;i++) { ++ ++ if ( (hash_gcrypt2attr(i) & HASH_USE_GCRYPT) == 0 ) ++ continue; ++ ++ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) == 0) { ++ ret |= hash_gcrypt2attr(i); ++ error(lvl, " %s", hash_gcrypt2str(i)); ++ } ++ } ++ error(lvl, "\n"); ++ ++#endif ++ ++ error(lvl, "get_available_crypto_returned with %lld\n", ret); ++ return ret; ++} ++ + int init_md(struct md_container* md) { + + int i; +@@ -201,18 +282,27 @@ int init_md(struct md_container* md) { + } + #endif + #ifdef WITH_GCRYPT +- if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ ++ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ + error(0,"gcrypt_md_open failed\n"); + exit(IO_ERROR); + } + for(i=0;i<=HASH_GCRYPT_COUNT;i++) { ++ ++ + if (((hash_gcrypt2attr(i)&HASH_USE_GCRYPT)&md->todo_attr)!=0) { +- DB_ATTR_TYPE h=hash_gcrypt2attr(i); +- error(255,"inserting %llu\n",h); ++ ++ DB_ATTR_TYPE h=hash_gcrypt2attr(i); ++ ++ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) != 0) { ++ error(0,"Algo %s is not available\n", hash_gcrypt2str(i)); ++ exit(-1); ++ } ++ ++ error(255,"inserting %llu\n",h); + if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){ + md->calc_attr|=h; + } else { +- error(0,"gcry_md_enable %i failed",i); ++ error(0,"gcry_md_enable %i failed\n",i); + md->todo_attr&=~h; + } + } |