Bug 2083581
| Summary: | capinfos aborts in FIPS | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Ondrej Moriš <omoris> | ||||||
| Component: | wireshark | Assignee: | Michal Ruprich <mruprich> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | František Hrdina <fhrdina> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 9.0 | CC: | fhrdina | ||||||
| Target Milestone: | rc | Keywords: | AutoVerified, Patch, Reproducer, Triaged | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | wireshark-3.4.10-4.el9 | Doc Type: | If docs needed, set a value | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 2227004 (view as bug list) | Environment: | |||||||
| Last Closed: | 2023-05-09 07:52:12 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 2227004 | ||||||||
| Attachments: |
|
||||||||
Created attachment 1898725 [details]
Patch
Folks, I still see the aborts in RHEL-9.2.0-20230327.16: # rpm -q wireshark wireshark-3.4.10-4.el9.x86_64 # fips-mode-setup --check FIPS mode is enabled. # tshark -nVxr segfault-pcap/fuzz-2010-05-02-27948.pcap >/dev/null Running as user "root" and group "root". This could be dangerous. (process:69782): packet-wireguard-WARNING **: 10:45:16.996: proto_register_wg: decryption will not be possible due to lack of algorithms support Ohhhh jeeee: gcry_md_open failed for algo 301: Invalid digest algorithmfatal error in libgcrypt, file misc.c, line 146, function _gcry_logv: internal error (fatal or bug) Aborted (core dumped) # tshark -nVxr sample_captures/Obsolete_Packets.cap >/dev/null Running as user "root" and group "root". This could be dangerous. (process:69798): packet-wireguard-WARNING **: 10:45:43.863: proto_register_wg: decryption will not be possible due to lack of algorithms support Ohhhh jeeee: gcry_md_open failed for algo 301: Invalid digest algorithmfatal error in libgcrypt, file misc.c, line 146, function _gcry_logv: internal error (fatal or bug) Aborted (core dumped) # tshark -nVxr sample_captures/smbtorture.cap.gz >/dev/null Running as user "root" and group "root". This could be dangerous. (process:69806): packet-wireguard-WARNING **: 10:46:04.948: proto_register_wg: decryption will not be possible due to lack of algorithms support Ohhhh jeeee: gcry_md_open failed for algo 301: Invalid digest algorithmfatal error in libgcrypt, file misc.c, line 146, function _gcry_logv: internal error (fatal or bug) Aborted (core dumped) # tshark -nVxr segfault-pcap/fuzz-2010-05-02-27948.pcap >/dev/null Running as user "root" and group "root". This could be dangerous. (process:69814): packet-wireguard-WARNING **: 10:46:22.923: proto_register_wg: decryption will not be possible due to lack of algorithms support Ohhhh jeeee: gcry_md_open failed for algo 301: Invalid digest algorithmfatal error in libgcrypt, file misc.c, line 146, function _gcry_logv: internal error (fatal or bug) Aborted (core dumped) Is this wireshark or libgcrypt issue? Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: wireshark security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:2373 After looking at this in a Fedora bug for this, it seems to me that there is not much to do with the last core dump. This one is actually a result of reading a packet capture with crypto that is not permitted by FIPS. Not sure if there is a mechanism to allow this particular case in RHEL? |
Created attachment 1878294 [details] Testing pcap Description of problem: When capinfos is used in FIPS mode, it aborts. Version-Release number of selected component (if applicable): wireshark-3.4.10-1.el9 How reproducible: 100% in FIPS Steps to Reproduce: 1. Enable FIPS mode. # fips-mode-setup --enable && reboot 2. Use capinfos on attached pcap file: # capinfos ./testsetpackets.pcap ./testsetpackets.pcap Actual results: fatal error in libgcrypt, file misc.c, line 92, function _gcry_fatal_error: requested algo not in md context Fatal error: requested algo not in md context Aborted (core dumped)