Blame SOURCES/aide-0.15.1-fipsfix.patch

bc4ae4
diff -up aide-0.15.1/src/aide.c.fipsfix aide-0.15.1/src/aide.c
bc4ae4
--- aide-0.15.1/src/aide.c.fipsfix	2010-08-08 19:39:31.000000000 +0200
bc4ae4
+++ aide-0.15.1/src/aide.c	2012-11-22 16:59:45.378713818 +0100
bc4ae4
@@ -484,9 +484,28 @@ int main(int argc,char**argv)
bc4ae4
 #endif
bc4ae4
   umask(0177);
bc4ae4
   init_sighandler();
bc4ae4
-
bc4ae4
   setdefaults_before_config();
bc4ae4
 
bc4ae4
+#if WITH_GCRYPT
bc4ae4
+  error(255,"Gcrypt library initialization\n");
bc4ae4
+  /*
bc4ae4
+   *  Initialize libgcrypt as per
bc4ae4
+   *  http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
bc4ae4
+   *
bc4ae4
+   *
bc4ae4
+   */
bc4ae4
+  gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0);
bc4ae4
+  gcry_control(GCRYCTL_INIT_SECMEM, 1);
bc4ae4
+
bc4ae4
+  if(!gcry_check_version(GCRYPT_VERSION)) {
bc4ae4
+      error(0,"libgcrypt version mismatch\n");
bc4ae4
+      exit(VERSION_MISMATCH_ERROR);
bc4ae4
+  }
bc4ae4
+
bc4ae4
+  gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
bc4ae4
+#endif /* WITH_GCRYPT */
bc4ae4
+
bc4ae4
+
bc4ae4
   if(read_param(argc,argv)==RETFAIL){
bc4ae4
     error(0, _("Invalid argument\n") );
bc4ae4
     exit(INVALID_ARGUMENT_ERROR);
bc4ae4
@@ -641,6 +660,9 @@ int main(int argc,char**argv)
bc4ae4
     }
bc4ae4
 #endif
bc4ae4
   }
bc4ae4
+#ifdef WITH_GCRYPT
bc4ae4
+  gcry_control(GCRYCTL_TERM_SECMEM, 0);
bc4ae4
+#endif /* WITH_GCRYPT */
bc4ae4
   return RETOK;
bc4ae4
 }
bc4ae4
 const char* aide_key_3=CONFHMACKEY_03;
bc4ae4
diff -up aide-0.15.1/src/md.c.fipsfix aide-0.15.1/src/md.c
bc4ae4
--- aide-0.15.1/src/md.c.fipsfix	2010-08-08 19:39:31.000000000 +0200
bc4ae4
+++ aide-0.15.1/src/md.c	2012-11-22 16:59:33.166673632 +0100
bc4ae4
@@ -201,14 +201,7 @@ int init_md(struct md_container* md) {
bc4ae4
   }
bc4ae4
 #endif 
bc4ae4
 #ifdef WITH_GCRYPT
bc4ae4
-  error(255,"Gcrypt library initialization\n");
bc4ae4
-  	if(!gcry_check_version(GCRYPT_VERSION)) {
bc4ae4
-		error(0,"libgcrypt version mismatch\n");
bc4ae4
-		exit(VERSION_MISMATCH_ERROR);
bc4ae4
-	}
bc4ae4
-	gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
bc4ae4
-	gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
bc4ae4
-	if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){
bc4ae4
+	if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
bc4ae4
 		error(0,"gcrypt_md_open failed\n");
bc4ae4
 		exit(IO_ERROR);
bc4ae4
 	}
bc4ae4
@@ -299,7 +292,7 @@ int close_md(struct md_container* md) {
bc4ae4
   
bc4ae4
   /*.    There might be more hashes in the library. Add those here..   */
bc4ae4
   
bc4ae4
-  gcry_md_reset(md->mdh);
bc4ae4
+  gcry_md_close(md->mdh);
bc4ae4
 #endif  
bc4ae4
 
bc4ae4
 #ifdef WITH_MHASH
bc4ae4
diff -up aide-0.15.1/src/util.c.fipsfix aide-0.15.1/src/util.c
bc4ae4
--- aide-0.15.1/src/util.c.fipsfix	2010-08-08 19:39:31.000000000 +0200
bc4ae4
+++ aide-0.15.1/src/util.c	2012-11-22 16:59:33.166673632 +0100
bc4ae4
@@ -494,28 +494,5 @@ int syslog_facility_lookup(char *s)
bc4ae4
 	return(AIDE_SYSLOG_FACILITY);
bc4ae4
 }
bc4ae4
 
bc4ae4
-/* We need these dummy stubs to fool the linker into believing that
bc4ae4
-   we do not need them at link time */
bc4ae4
-
bc4ae4
-void* dlopen(char*filename,int flag)
bc4ae4
-{
bc4ae4
-  return NULL;
bc4ae4
-}
bc4ae4
-
bc4ae4
-void* dlsym(void*handle,char*symbol)
bc4ae4
-{
bc4ae4
-  return NULL;
bc4ae4
-}
bc4ae4
-
bc4ae4
-void* dlclose(void*handle)
bc4ae4
-{
bc4ae4
-  return NULL;
bc4ae4
-}
bc4ae4
-
bc4ae4
-const char* dlerror(void)
bc4ae4
-{
bc4ae4
-  return NULL;
bc4ae4
-}
bc4ae4
-
bc4ae4
 const char* aide_key_2=CONFHMACKEY_02;
bc4ae4
 const char* db_key_2=DBHMACKEY_02;