summaryrefslogtreecommitdiff
path: root/aide-0.16b1-fipsfix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'aide-0.16b1-fipsfix.patch')
-rw-r--r--aide-0.16b1-fipsfix.patch103
1 files changed, 103 insertions, 0 deletions
diff --git a/aide-0.16b1-fipsfix.patch b/aide-0.16b1-fipsfix.patch
new file mode 100644
index 0000000..434d74e
--- /dev/null
+++ b/aide-0.16b1-fipsfix.patch
@@ -0,0 +1,103 @@
+diff -up ./src/aide.c.orig ./aide-0.16b1/src/aide.c
+--- ./src/aide.c.orig 2016-07-12 11:10:08.013158385 +0200
++++ ./src/aide.c 2016-07-12 11:30:54.867833064 +0200
+@@ -511,9 +511,28 @@ int main(int argc,char**argv)
+ #endif
+ umask(0177);
+ init_sighandler();
+-
+ setdefaults_before_config();
+
++#if WITH_GCRYPT
++ error(255,"Gcrypt library initialization\n");
++ /*
++ * Initialize libgcrypt as per
++ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
++ *
++ *
++ */
++ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0);
++ gcry_control(GCRYCTL_INIT_SECMEM, 1);
++
++ if(!gcry_check_version(GCRYPT_VERSION)) {
++ error(0,"libgcrypt version mismatch\n");
++ exit(VERSION_MISMATCH_ERROR);
++ }
++
++ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
++#endif /* WITH_GCRYPT */
++
++
+ if(read_param(argc,argv)==RETFAIL){
+ error(0, _("Invalid argument\n") );
+ exit(INVALID_ARGUMENT_ERROR);
+@@ -646,6 +665,9 @@ int main(int argc,char**argv)
+ }
+ #endif
+ }
++#ifdef WITH_GCRYPT
++ gcry_control(GCRYCTL_TERM_SECMEM, 0);
++#endif /* WITH_GCRYPT */
+ return RETOK;
+ }
+ const char* aide_key_3=CONFHMACKEY_03;
+diff -up ./src/md.c.orig ./aide-0.16b1/src/md.c
+--- ./src/md.c.orig 2016-04-15 23:30:16.000000000 +0200
++++ ./src/md.c 2016-07-12 11:35:04.007675329 +0200
+@@ -201,14 +201,7 @@ int init_md(struct md_container* md) {
+ }
+ #endif
+ #ifdef WITH_GCRYPT
+- error(255,"Gcrypt library initialization\n");
+- if(!gcry_check_version(GCRYPT_VERSION)) {
+- error(0,"libgcrypt version mismatch\n");
+- exit(VERSION_MISMATCH_ERROR);
+- }
+- gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
+- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){
++ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
+ error(0,"gcrypt_md_open failed\n");
+ exit(IO_ERROR);
+ }
+@@ -299,7 +292,7 @@ int close_md(struct md_container* md) {
+
+ /*. There might be more hashes in the library. Add those here.. */
+
+- gcry_md_reset(md->mdh);
++ gcry_md_close(md->mdh);
+ #endif
+
+ #ifdef WITH_MHASH
+diff -up ./src/util.c.orig ./aide-0.16b1/src/util.c
+--- ./src/util.c.orig 2016-07-12 11:39:17.023437355 +0200
++++ ./src/util.c 2016-07-12 11:39:51.618721157 +0200
+@@ -519,28 +519,5 @@ int syslog_facility_lookup(char *s)
+ return(AIDE_SYSLOG_FACILITY);
+ }
+
+-/* We need these dummy stubs to fool the linker into believing that
+- we do not need them at link time */
+-
+-void* dlopen(char*filename,int flag)
+-{
+- return NULL;
+-}
+-
+-void* dlsym(void*handle,char*symbol)
+-{
+- return NULL;
+-}
+-
+-void* dlclose(void*handle)
+-{
+- return NULL;
+-}
+-
+-const char* dlerror(void)
+-{
+- return NULL;
+-}
+-
+ const char* aide_key_2=CONFHMACKEY_02;
+ const char* db_key_2=DBHMACKEY_02;
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-30 15:21:17 +0000