diff -up ./include/md.h.crypto ./include/md.h

--- ./include/md.h.crypto	2016-07-25 22:56:55.000000000 +0200

+++ ./include/md.h	2018-08-29 15:00:30.827491299 +0200

@@ -149,6 +149,7 @@ int init_md(struct md_container*);

 int update_md(struct md_container*,void*,ssize_t);

 int close_md(struct md_container*);

 void md2line(struct md_container*,struct db_line*);

+DB_ATTR_TYPE get_available_crypto();

 #endif /*_MD_H_INCLUDED*/

diff -up ./src/aide.c.crypto ./src/aide.c

--- ./src/aide.c.crypto	2018-08-29 15:00:30.825491309 +0200

+++ ./src/aide.c	2018-08-29 15:00:30.827491299 +0200

@@ -349,7 +349,7 @@ static void setdefaults_before_config()

   conf->db_attrs = 0;

 #if defined(WITH_MHASH) || defined(WITH_GCRYPT)

-  conf->db_attrs |= DB_MD5|DB_TIGER|DB_HAVAL|DB_CRC32|DB_SHA1|DB_RMD160|DB_SHA256|DB_SHA512;

+  conf->db_attrs |= get_available_crypto();

 #ifdef WITH_MHASH

   conf->db_attrs |= DB_GOST;

 #ifdef HAVE_MHASH_WHIRLPOOL

diff -up ./src/md.c.crypto ./src/md.c

--- ./src/md.c.crypto	2018-08-29 15:00:30.823491319 +0200

+++ ./src/md.c	2018-08-29 15:02:28.013903479 +0200

@@ -78,6 +78,49 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) {

   return r;

 }

+const char * hash_gcrypt2str(int i) {

+  char * r = "?";

+#ifdef WITH_GCRYPT

+  switch (i) {

+  case GCRY_MD_MD5: {

+    r = "MD5";

+    break;

+  }

+  case GCRY_MD_SHA1: {

+    r = "SHA1";

+    break;

+  }

+  case GCRY_MD_RMD160: {

+    r = "RMD160";

+    break;

+  }

+  case GCRY_MD_TIGER: {

+    r = "TIGER";

+    break;

+  }

+  case GCRY_MD_HAVAL: {

+    r = "HAVAL";

+    break;

+  }

+  case GCRY_MD_SHA256: {

+    r = "SHA256";

+    break;

+  }

+  case GCRY_MD_SHA512: {

+    r = "SHA512";

+    break;

+  }

+  case GCRY_MD_CRC32: {

+    r = "CRC32";

+    break;

+  }

+  default:

+    break;

+  }

+#endif

+  return r;

+}

+

 DB_ATTR_TYPE hash_mhash2attr(int i) {

   DB_ATTR_TYPE r=0;

 #ifdef WITH_MHASH

@@ -163,6 +206,44 @@ DB_ATTR_TYPE hash_mhash2attr(int i) {

   Initialise md_container according it's todo_attr field

  */

+DB_ATTR_TYPE get_available_crypto() {

+  

+  DB_ATTR_TYPE ret = 0;

+

+/*

+ * This function is usually called before config processing

+ * and default verbose level is 5

+ */

+#define lvl 255

+

+  error(lvl, "get_available_crypto called\n");

+

+#ifdef WITH_GCRYPT

+

+  /*

+ * some initialization for FIPS

+ */

+  gcry_check_version(NULL);

+  error(lvl, "Found algos:");

+

+  for(int i=0;i<=HASH_GCRYPT_COUNT;i++) {

+

+    if ( (hash_gcrypt2attr(i) & HASH_USE_GCRYPT) == 0 )

+      continue;

+  

+    if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) == 0) {

+      ret |= hash_gcrypt2attr(i);

+      error(lvl, " %s", hash_gcrypt2str(i));

+    }

+  }

+  error(lvl, "\n");

+

+#endif

+

+  error(lvl, "get_available_crypto_returned with %lld\n", ret);

+  return ret;

+}

+

 int init_md(struct md_container* md) {

   int i;

@@ -201,18 +282,27 @@ int init_md(struct md_container* md) {

   }

 #endif 

 #ifdef WITH_GCRYPT

-        if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){

+  if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){

 		error(0,"gcrypt_md_open failed\n");

 		exit(IO_ERROR);

 	}

   for(i=0;i<=HASH_GCRYPT_COUNT;i++) {

+

+

     if (((hash_gcrypt2attr(i)&HASH_USE_GCRYPT)&md->todo_attr)!=0) {

-      DB_ATTR_TYPE h=hash_gcrypt2attr(i);

-      error(255,"inserting %llu\n",h);

+

+        DB_ATTR_TYPE h=hash_gcrypt2attr(i);

+

+        if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) != 0) {

+            error(0,"Algo %s is not available\n", hash_gcrypt2str(i));

+            exit(-1);

+        }

+

+        error(255,"inserting %llu\n",h);

 			if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){

 				md->calc_attr|=h;

 			} else {

-				error(0,"gcry_md_enable %i failed",i);

+				error(0,"gcry_md_enable %i failed\n",i);

 				md->todo_attr&=~h;

 			}

 		}