|
|
bc4ae4 |
diff -up aide-0.15.1/src/aide.c.fipsfix aide-0.15.1/src/aide.c
|
|
|
bc4ae4 |
--- aide-0.15.1/src/aide.c.fipsfix 2010-08-08 19:39:31.000000000 +0200
|
|
|
bc4ae4 |
+++ aide-0.15.1/src/aide.c 2012-11-22 16:59:45.378713818 +0100
|
|
|
bc4ae4 |
@@ -484,9 +484,28 @@ int main(int argc,char**argv)
|
|
|
bc4ae4 |
#endif
|
|
|
bc4ae4 |
umask(0177);
|
|
|
bc4ae4 |
init_sighandler();
|
|
|
bc4ae4 |
-
|
|
|
bc4ae4 |
setdefaults_before_config();
|
|
|
bc4ae4 |
|
|
|
bc4ae4 |
+#if WITH_GCRYPT
|
|
|
bc4ae4 |
+ error(255,"Gcrypt library initialization\n");
|
|
|
bc4ae4 |
+ /*
|
|
|
bc4ae4 |
+ * Initialize libgcrypt as per
|
|
|
bc4ae4 |
+ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
|
|
|
bc4ae4 |
+ *
|
|
|
bc4ae4 |
+ *
|
|
|
bc4ae4 |
+ */
|
|
|
bc4ae4 |
+ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0);
|
|
|
bc4ae4 |
+ gcry_control(GCRYCTL_INIT_SECMEM, 1);
|
|
|
bc4ae4 |
+
|
|
|
bc4ae4 |
+ if(!gcry_check_version(GCRYPT_VERSION)) {
|
|
|
bc4ae4 |
+ error(0,"libgcrypt version mismatch\n");
|
|
|
bc4ae4 |
+ exit(VERSION_MISMATCH_ERROR);
|
|
|
bc4ae4 |
+ }
|
|
|
bc4ae4 |
+
|
|
|
bc4ae4 |
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
|
bc4ae4 |
+#endif /* WITH_GCRYPT */
|
|
|
bc4ae4 |
+
|
|
|
bc4ae4 |
+
|
|
|
bc4ae4 |
if(read_param(argc,argv)==RETFAIL){
|
|
|
bc4ae4 |
error(0, _("Invalid argument\n") );
|
|
|
bc4ae4 |
exit(INVALID_ARGUMENT_ERROR);
|
|
|
bc4ae4 |
@@ -641,6 +660,9 @@ int main(int argc,char**argv)
|
|
|
bc4ae4 |
}
|
|
|
bc4ae4 |
#endif
|
|
|
bc4ae4 |
}
|
|
|
bc4ae4 |
+#ifdef WITH_GCRYPT
|
|
|
bc4ae4 |
+ gcry_control(GCRYCTL_TERM_SECMEM, 0);
|
|
|
bc4ae4 |
+#endif /* WITH_GCRYPT */
|
|
|
bc4ae4 |
return RETOK;
|
|
|
bc4ae4 |
}
|
|
|
bc4ae4 |
const char* aide_key_3=CONFHMACKEY_03;
|
|
|
bc4ae4 |
diff -up aide-0.15.1/src/md.c.fipsfix aide-0.15.1/src/md.c
|
|
|
bc4ae4 |
--- aide-0.15.1/src/md.c.fipsfix 2010-08-08 19:39:31.000000000 +0200
|
|
|
bc4ae4 |
+++ aide-0.15.1/src/md.c 2012-11-22 16:59:33.166673632 +0100
|
|
|
bc4ae4 |
@@ -201,14 +201,7 @@ int init_md(struct md_container* md) {
|
|
|
bc4ae4 |
}
|
|
|
bc4ae4 |
#endif
|
|
|
bc4ae4 |
#ifdef WITH_GCRYPT
|
|
|
bc4ae4 |
- error(255,"Gcrypt library initialization\n");
|
|
|
bc4ae4 |
- if(!gcry_check_version(GCRYPT_VERSION)) {
|
|
|
bc4ae4 |
- error(0,"libgcrypt version mismatch\n");
|
|
|
bc4ae4 |
- exit(VERSION_MISMATCH_ERROR);
|
|
|
bc4ae4 |
- }
|
|
|
bc4ae4 |
- gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
|
|
|
bc4ae4 |
- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
|
bc4ae4 |
- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){
|
|
|
bc4ae4 |
+ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
|
|
|
bc4ae4 |
error(0,"gcrypt_md_open failed\n");
|
|
|
bc4ae4 |
exit(IO_ERROR);
|
|
|
bc4ae4 |
}
|
|
|
bc4ae4 |
@@ -299,7 +292,7 @@ int close_md(struct md_container* md) {
|
|
|
bc4ae4 |
|
|
|
bc4ae4 |
/*. There might be more hashes in the library. Add those here.. */
|
|
|
bc4ae4 |
|
|
|
bc4ae4 |
- gcry_md_reset(md->mdh);
|
|
|
bc4ae4 |
+ gcry_md_close(md->mdh);
|
|
|
bc4ae4 |
#endif
|
|
|
bc4ae4 |
|
|
|
bc4ae4 |
#ifdef WITH_MHASH
|
|
|
bc4ae4 |
diff -up aide-0.15.1/src/util.c.fipsfix aide-0.15.1/src/util.c
|
|
|
bc4ae4 |
--- aide-0.15.1/src/util.c.fipsfix 2010-08-08 19:39:31.000000000 +0200
|
|
|
bc4ae4 |
+++ aide-0.15.1/src/util.c 2012-11-22 16:59:33.166673632 +0100
|
|
|
bc4ae4 |
@@ -494,28 +494,5 @@ int syslog_facility_lookup(char *s)
|
|
|
bc4ae4 |
return(AIDE_SYSLOG_FACILITY);
|
|
|
bc4ae4 |
}
|
|
|
bc4ae4 |
|
|
|
bc4ae4 |
-/* We need these dummy stubs to fool the linker into believing that
|
|
|
bc4ae4 |
- we do not need them at link time */
|
|
|
bc4ae4 |
-
|
|
|
bc4ae4 |
-void* dlopen(char*filename,int flag)
|
|
|
bc4ae4 |
-{
|
|
|
bc4ae4 |
- return NULL;
|
|
|
bc4ae4 |
-}
|
|
|
bc4ae4 |
-
|
|
|
bc4ae4 |
-void* dlsym(void*handle,char*symbol)
|
|
|
bc4ae4 |
-{
|
|
|
bc4ae4 |
- return NULL;
|
|
|
bc4ae4 |
-}
|
|
|
bc4ae4 |
-
|
|
|
bc4ae4 |
-void* dlclose(void*handle)
|
|
|
bc4ae4 |
-{
|
|
|
bc4ae4 |
- return NULL;
|
|
|
bc4ae4 |
-}
|
|
|
bc4ae4 |
-
|
|
|
bc4ae4 |
-const char* dlerror(void)
|
|
|
bc4ae4 |
-{
|
|
|
bc4ae4 |
- return NULL;
|
|
|
bc4ae4 |
-}
|
|
|
bc4ae4 |
-
|
|
|
bc4ae4 |
const char* aide_key_2=CONFHMACKEY_02;
|
|
|
bc4ae4 |
const char* db_key_2=DBHMACKEY_02;
|