rpms / aide

Clone
Source Code
GIT

Blame aide-0.15.1-fipsfix.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-ppc64le c8-beta f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 fc6 master
  1.   dbdf983cd9187d4efd861018b9168ad2cad05c94
  2.   aide-0.15.1-fipsfix.patch
Blob History Raw
Daniel Kopecek 0c33c3 
diff -up aide-0.15.1/src/aide.c.fipsfix aide-0.15.1/src/aide.c
Daniel Kopecek 0c33c3 
--- aide-0.15.1/src/aide.c.fipsfix	2010-08-08 19:39:31.000000000 +0200
Daniel Kopecek 0c33c3 
+++ aide-0.15.1/src/aide.c	2012-11-22 16:59:45.378713818 +0100
Daniel Kopecek 0c33c3 
@@ -484,9 +484,28 @@ int main(int argc,char**argv)
Daniel Kopecek 0c33c3 
 #endif
Daniel Kopecek 0c33c3 
   umask(0177);
Daniel Kopecek 0c33c3 
   init_sighandler();
Daniel Kopecek 0c33c3 
-
Daniel Kopecek 0c33c3 
   setdefaults_before_config();
Daniel Kopecek 0c33c3
Daniel Kopecek 0c33c3 
+#if WITH_GCRYPT
Daniel Kopecek 0c33c3 
+  error(255,"Gcrypt library initialization\n");
Daniel Kopecek 0c33c3 
+  /*
Daniel Kopecek 0c33c3 
+   *  Initialize libgcrypt as per
Daniel Kopecek 0c33c3 
+   *  http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
Daniel Kopecek 0c33c3 
+   *
Daniel Kopecek 0c33c3 
+   *
Daniel Kopecek 0c33c3 
+   */
Daniel Kopecek 0c33c3 
+  gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0);
Daniel Kopecek 0c33c3 
+  gcry_control(GCRYCTL_INIT_SECMEM, 1);
Daniel Kopecek 0c33c3 
+
Daniel Kopecek 0c33c3 
+  if(!gcry_check_version(GCRYPT_VERSION)) {
Daniel Kopecek 0c33c3 
+      error(0,"libgcrypt version mismatch\n");
Daniel Kopecek 0c33c3 
+      exit(VERSION_MISMATCH_ERROR);
Daniel Kopecek 0c33c3 
+  }
Daniel Kopecek 0c33c3 
+
Daniel Kopecek 0c33c3 
+  gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
Daniel Kopecek 0c33c3 
+#endif /* WITH_GCRYPT */
Daniel Kopecek 0c33c3 
+
Daniel Kopecek 0c33c3 
+
Daniel Kopecek 0c33c3 
   if(read_param(argc,argv)==RETFAIL){
Daniel Kopecek 0c33c3 
     error(0, _("Invalid argument\n") );
Daniel Kopecek 0c33c3 
     exit(INVALID_ARGUMENT_ERROR);
Daniel Kopecek 0c33c3 
@@ -641,6 +660,9 @@ int main(int argc,char**argv)
Daniel Kopecek 0c33c3 
     }
Daniel Kopecek 0c33c3 
 #endif
Daniel Kopecek 0c33c3 
   }
Daniel Kopecek 0c33c3 
+#ifdef WITH_GCRYPT
Daniel Kopecek 0c33c3 
+  gcry_control(GCRYCTL_TERM_SECMEM, 0);
Daniel Kopecek 0c33c3 
+#endif /* WITH_GCRYPT */
Daniel Kopecek 0c33c3 
   return RETOK;
Daniel Kopecek 0c33c3 
 }
Daniel Kopecek 0c33c3 
 const char* aide_key_3=CONFHMACKEY_03;
Daniel Kopecek 0c33c3 
diff -up aide-0.15.1/src/md.c.fipsfix aide-0.15.1/src/md.c
Daniel Kopecek 0c33c3 
--- aide-0.15.1/src/md.c.fipsfix	2010-08-08 19:39:31.000000000 +0200
Daniel Kopecek 0c33c3 
+++ aide-0.15.1/src/md.c	2012-11-22 16:59:33.166673632 +0100
Daniel Kopecek 0c33c3 
@@ -201,14 +201,7 @@ int init_md(struct md_container* md) {
Daniel Kopecek 0c33c3 
   }
Daniel Kopecek 0c33c3 
 #endif
Daniel Kopecek 0c33c3 
 #ifdef WITH_GCRYPT
Daniel Kopecek 0c33c3 
-  error(255,"Gcrypt library initialization\n");
Daniel Kopecek 0c33c3 
-  	if(!gcry_check_version(GCRYPT_VERSION)) {
Daniel Kopecek 0c33c3 
-		error(0,"libgcrypt version mismatch\n");
Daniel Kopecek 0c33c3 
-		exit(VERSION_MISMATCH_ERROR);
Daniel Kopecek 0c33c3 
-	}
Daniel Kopecek 0c33c3 
-	gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
Daniel Kopecek 0c33c3 
-	gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
Daniel Kopecek 0c33c3 
-	if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){
Daniel Kopecek 0c33c3 
+	if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
Daniel Kopecek 0c33c3 
 		error(0,"gcrypt_md_open failed\n");
Daniel Kopecek 0c33c3 
 		exit(IO_ERROR);
Daniel Kopecek 0c33c3 
 	}
Daniel Kopecek 0c33c3 
@@ -299,7 +292,7 @@ int close_md(struct md_container* md) {
Daniel Kopecek 0c33c3
Daniel Kopecek 0c33c3 
   /*.    There might be more hashes in the library. Add those here..   */
Daniel Kopecek 0c33c3
Daniel Kopecek 0c33c3 
-  gcry_md_reset(md->mdh);
Daniel Kopecek 0c33c3 
+  gcry_md_close(md->mdh);
Daniel Kopecek 0c33c3 
 #endif
Daniel Kopecek 0c33c3
Daniel Kopecek 0c33c3 
 #ifdef WITH_MHASH
Daniel Kopecek 0c33c3 
diff -up aide-0.15.1/src/util.c.fipsfix aide-0.15.1/src/util.c
Daniel Kopecek 0c33c3 
--- aide-0.15.1/src/util.c.fipsfix	2010-08-08 19:39:31.000000000 +0200
Daniel Kopecek 0c33c3 
+++ aide-0.15.1/src/util.c	2012-11-22 16:59:33.166673632 +0100
Daniel Kopecek 0c33c3 
@@ -494,28 +494,5 @@ int syslog_facility_lookup(char *s)
Daniel Kopecek 0c33c3 
 	return(AIDE_SYSLOG_FACILITY);
Daniel Kopecek 0c33c3 
 }
Daniel Kopecek 0c33c3
Daniel Kopecek 0c33c3 
-/* We need these dummy stubs to fool the linker into believing that
Daniel Kopecek 0c33c3 
-   we do not need them at link time */
Daniel Kopecek 0c33c3 
-
Daniel Kopecek 0c33c3 
-void* dlopen(char*filename,int flag)
Daniel Kopecek 0c33c3 
-{
Daniel Kopecek 0c33c3 
-  return NULL;
Daniel Kopecek 0c33c3 
-}
Daniel Kopecek 0c33c3 
-
Daniel Kopecek 0c33c3 
-void* dlsym(void*handle,char*symbol)
Daniel Kopecek 0c33c3 
-{
Daniel Kopecek 0c33c3 
-  return NULL;
Daniel Kopecek 0c33c3 
-}
Daniel Kopecek 0c33c3 
-
Daniel Kopecek 0c33c3 
-void* dlclose(void*handle)
Daniel Kopecek 0c33c3 
-{
Daniel Kopecek 0c33c3 
-  return NULL;
Daniel Kopecek 0c33c3 
-}
Daniel Kopecek 0c33c3 
-
Daniel Kopecek 0c33c3 
-const char* dlerror(void)
Daniel Kopecek 0c33c3 
-{
Daniel Kopecek 0c33c3 
-  return NULL;
Daniel Kopecek 0c33c3 
-}
Daniel Kopecek 0c33c3 
-
Daniel Kopecek 0c33c3 
 const char* aide_key_2=CONFHMACKEY_02;
Daniel Kopecek 0c33c3 
 const char* db_key_2=DBHMACKEY_02;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation