Created attachment 1878294 [details] Testing pcap Description of problem: When capinfos is used in FIPS mode, it aborts. Version-Release number of selected component (if applicable): wireshark-3.4.10-1.el9 How reproducible: 100% in FIPS Steps to Reproduce: 1. Enable FIPS mode. # fips-mode-setup --enable && reboot 2. Use capinfos on attached pcap file: # capinfos ./testsetpackets.pcap ./testsetpackets.pcap Actual results: fatal error in libgcrypt, file misc.c, line 92, function _gcry_fatal_error: requested algo not in md context Fatal error: requested algo not in md context Aborted (core dumped)
Created attachment 1898725 [details] Patch
Folks, I still see the aborts in RHEL-9.2.0-20230327.16: # rpm -q wireshark wireshark-3.4.10-4.el9.x86_64 # fips-mode-setup --check FIPS mode is enabled. # tshark -nVxr segfault-pcap/fuzz-2010-05-02-27948.pcap >/dev/null Running as user "root" and group "root". This could be dangerous. (process:69782): packet-wireguard-WARNING **: 10:45:16.996: proto_register_wg: decryption will not be possible due to lack of algorithms support Ohhhh jeeee: gcry_md_open failed for algo 301: Invalid digest algorithmfatal error in libgcrypt, file misc.c, line 146, function _gcry_logv: internal error (fatal or bug) Aborted (core dumped) # tshark -nVxr sample_captures/Obsolete_Packets.cap >/dev/null Running as user "root" and group "root". This could be dangerous. (process:69798): packet-wireguard-WARNING **: 10:45:43.863: proto_register_wg: decryption will not be possible due to lack of algorithms support Ohhhh jeeee: gcry_md_open failed for algo 301: Invalid digest algorithmfatal error in libgcrypt, file misc.c, line 146, function _gcry_logv: internal error (fatal or bug) Aborted (core dumped) # tshark -nVxr sample_captures/smbtorture.cap.gz >/dev/null Running as user "root" and group "root". This could be dangerous. (process:69806): packet-wireguard-WARNING **: 10:46:04.948: proto_register_wg: decryption will not be possible due to lack of algorithms support Ohhhh jeeee: gcry_md_open failed for algo 301: Invalid digest algorithmfatal error in libgcrypt, file misc.c, line 146, function _gcry_logv: internal error (fatal or bug) Aborted (core dumped) # tshark -nVxr segfault-pcap/fuzz-2010-05-02-27948.pcap >/dev/null Running as user "root" and group "root". This could be dangerous. (process:69814): packet-wireguard-WARNING **: 10:46:22.923: proto_register_wg: decryption will not be possible due to lack of algorithms support Ohhhh jeeee: gcry_md_open failed for algo 301: Invalid digest algorithmfatal error in libgcrypt, file misc.c, line 146, function _gcry_logv: internal error (fatal or bug) Aborted (core dumped) Is this wireshark or libgcrypt issue?
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: wireshark security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:2373
After looking at this in a Fedora bug for this, it seems to me that there is not much to do with the last core dump. This one is actually a result of reading a packet capture with crypto that is not permitted by FIPS. Not sure if there is a mechanism to allow this particular case in RHEL?