diff -up ./include/md.h.crypto ./include/md.h --- ./include/md.h.crypto 2016-07-25 22:56:55.000000000 +0200 +++ ./include/md.h 2018-08-29 15:00:30.827491299 +0200 @@ -149,6 +149,7 @@ int init_md(struct md_container*); int update_md(struct md_container*,void*,ssize_t); int close_md(struct md_container*); void md2line(struct md_container*,struct db_line*); +DB_ATTR_TYPE get_available_crypto(); #endif /*_MD_H_INCLUDED*/ diff -up ./src/aide.c.crypto ./src/aide.c --- ./src/aide.c.crypto 2018-08-29 15:00:30.825491309 +0200 +++ ./src/aide.c 2018-08-29 15:00:30.827491299 +0200 @@ -349,7 +349,7 @@ static void setdefaults_before_config() conf->db_attrs = 0; #if defined(WITH_MHASH) || defined(WITH_GCRYPT) - conf->db_attrs |= DB_MD5|DB_TIGER|DB_HAVAL|DB_CRC32|DB_SHA1|DB_RMD160|DB_SHA256|DB_SHA512; + conf->db_attrs |= get_available_crypto(); #ifdef WITH_MHASH conf->db_attrs |= DB_GOST; #ifdef HAVE_MHASH_WHIRLPOOL diff -up ./src/md.c.crypto ./src/md.c --- ./src/md.c.crypto 2018-08-29 15:00:30.823491319 +0200 +++ ./src/md.c 2018-08-29 15:02:28.013903479 +0200 @@ -78,6 +78,49 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) { return r; } +const char * hash_gcrypt2str(int i) { + char * r = "?"; +#ifdef WITH_GCRYPT + switch (i) { + case GCRY_MD_MD5: { + r = "MD5"; + break; + } + case GCRY_MD_SHA1: { + r = "SHA1"; + break; + } + case GCRY_MD_RMD160: { + r = "RMD160"; + break; + } + case GCRY_MD_TIGER: { + r = "TIGER"; + break; + } + case GCRY_MD_HAVAL: { + r = "HAVAL"; + break; + } + case GCRY_MD_SHA256: { + r = "SHA256"; + break; + } + case GCRY_MD_SHA512: { + r = "SHA512"; + break; + } + case GCRY_MD_CRC32: { + r = "CRC32"; + break; + } + default: + break; + } +#endif + return r; +} + DB_ATTR_TYPE hash_mhash2attr(int i) { DB_ATTR_TYPE r=0; #ifdef WITH_MHASH @@ -163,6 +206,44 @@ DB_ATTR_TYPE hash_mhash2attr(int i) { Initialise md_container according it's todo_attr field */ +DB_ATTR_TYPE get_available_crypto() { + + DB_ATTR_TYPE ret = 0; + +/* + * This function is usually called before config processing + * and default verbose level is 5 + */ +#define lvl 255 + + error(lvl, "get_available_crypto called\n"); + +#ifdef WITH_GCRYPT + + /* + * some initialization for FIPS + */ + gcry_check_version(NULL); + error(lvl, "Found algos:"); + + for(int i=0;i<=HASH_GCRYPT_COUNT;i++) { + + if ( (hash_gcrypt2attr(i) & HASH_USE_GCRYPT) == 0 ) + continue; + + if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) == 0) { + ret |= hash_gcrypt2attr(i); + error(lvl, " %s", hash_gcrypt2str(i)); + } + } + error(lvl, "\n"); + +#endif + + error(lvl, "get_available_crypto_returned with %lld\n", ret); + return ret; +} + int init_md(struct md_container* md) { int i; @@ -201,18 +282,27 @@ int init_md(struct md_container* md) { } #endif #ifdef WITH_GCRYPT - if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ + if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ error(0,"gcrypt_md_open failed\n"); exit(IO_ERROR); } for(i=0;i<=HASH_GCRYPT_COUNT;i++) { + + if (((hash_gcrypt2attr(i)&HASH_USE_GCRYPT)&md->todo_attr)!=0) { - DB_ATTR_TYPE h=hash_gcrypt2attr(i); - error(255,"inserting %llu\n",h); + + DB_ATTR_TYPE h=hash_gcrypt2attr(i); + + if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) != 0) { + error(0,"Algo %s is not available\n", hash_gcrypt2str(i)); + exit(-1); + } + + error(255,"inserting %llu\n",h); if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){ md->calc_attr|=h; } else { - error(0,"gcry_md_enable %i failed",i); + error(0,"gcry_md_enable %i failed\n",i); md->todo_attr&=~h; } }