PR#36: Resolves: #2227004 - capinfos aborts in FIPS - rpms/wireshark

rpms / wireshark

#36 Resolves: #2227004 - capinfos aborts in FIPS

Merged 11 months ago by mruprich. Opened 11 months ago by mruprich.

rpms/ mruprich/wireshark ripemd-fips-f37 into f37

Resolves: #2227004 - capinfos aborts in FIPS

Michal Ruprich • 11 months ago

3fa3df3

wireshark-0009-ripemd-fips-core-dump.patch

file added

+164

		`@@ -0,0 +1,164 @@`
		`+ diff --git a/capinfos.c b/capinfos.c`
		`+ index 3c7866befd..da576f88c5 100644`
		`+ --- a/capinfos.c`
		`+ +++ b/capinfos.c`
		`+ @@ -141,7 +141,6 @@ static gboolean cap_file_hashes = TRUE; /* Calculate file hashes */`
		`+`
		`+ // Strongest to weakest`
		`+ #define HASH_SIZE_SHA256 32`
		`+ -#define HASH_SIZE_RMD160 20`
		`+ #define HASH_SIZE_SHA1 20`
		`+`
		`+ #define HASH_STR_SIZE (65) /* Max hash size * 2 + '\0' */`
		`+ @@ -743,7 +742,6 @@ print_stats(const gchar filename, capture_info cf_info)`
		`+ }`
		`+ if (cap_file_hashes) {`
		`+ printf ("SHA256: %s\n", file_sha256);`
		`+ - printf ("RIPEMD160: %s\n", file_rmd160);`
		`+ printf ("SHA1: %s\n", file_sha1);`
		`+ }`
		`+ if (cap_order) printf ("Strict time order: %s\n", order_string(cf_info->order));`
		`+ @@ -857,7 +855,6 @@ print_stats_table_header(void)`
		`+ if (cap_packet_rate) print_stats_table_header_label("Average packet rate (packets/sec)");`
		`+ if (cap_file_hashes) {`
		`+ print_stats_table_header_label("SHA256");`
		`+ - print_stats_table_header_label("RIPEMD160");`
		`+ print_stats_table_header_label("SHA1");`
		`+ }`
		`+ if (cap_order) print_stats_table_header_label("Strict time order");`
		`+ @@ -1182,7 +1179,6 @@ calculate_hashes(const char *filename)`
		`+ }`
		`+ gcry_md_final(hd);`
		`+ hash_to_str(gcry_md_read(hd, GCRY_MD_SHA256), HASH_SIZE_SHA256, file_sha256);`
		`+ - hash_to_str(gcry_md_read(hd, GCRY_MD_RMD160), HASH_SIZE_RMD160, file_rmd160);`
		`+ hash_to_str(gcry_md_read(hd, GCRY_MD_SHA1), HASH_SIZE_SHA1, file_sha1);`
		`+ }`
		`+ if (fh) fclose(fh);`
		`+ @@ -1489,7 +1485,7 @@ print_usage(FILE *output)`
		`+ fprintf(output, " -E display the capture file encapsulation\n");`
		`+ fprintf(output, " -I display the capture file interface information\n");`
		`+ fprintf(output, " -F display additional capture file information\n");`
		`+ - fprintf(output, " -H display the SHA256, RIPEMD160, and SHA1 hashes of the file\n");`
		`+ + fprintf(output, " -H display the SHA256 and SHA1 hashes of the file\n");`
		`+ fprintf(output, " -k display the capture comment\n");`
		`+ fprintf(output, "\n");`
		`+ fprintf(output, "Size infos:\n");`
		`+ @@ -1842,10 +1838,9 @@ main(int argc, char *argv[])`
		`+ if (cap_file_hashes) {`
		`+ gcry_check_version(NULL);`
		`+ gcry_md_open(&hd, GCRY_MD_SHA256, 0);`
		`+ - if (hd) {`
		`+ - gcry_md_enable(hd, GCRY_MD_RMD160);`
		`+ + if (hd)`
		`+ gcry_md_enable(hd, GCRY_MD_SHA1);`
		`+ - }`
		`+ +`
		`+ hash_buf = (char *)g_malloc(HASH_BUF_SIZE);`
		`+ }`
		`+`
		`+ diff --git a/doc/capinfos.adoc b/doc/capinfos.adoc`
		`+ index 16ed2e300a..124fb56694 100644`
		`+ --- a/doc/capinfos.adoc`
		`+ +++ b/doc/capinfos.adoc`
		`+ @@ -200,7 +200,7 @@ Prints the help listing and exits.`
		`+ -H::`
		`+ +`
		`+ --`
		`+ -Displays the SHA256, RIPEMD160, and SHA1 hashes for the file.`
		`+ +Displays the SHA256 and SHA1 hashes for the file.`
		`+ SHA1 output may be removed in the future.`
		`+ --`
		`+`
		`+ diff --git a/capinfos.c b/capinfos.c`
		`+ index f0059f4e54..e153097219 100644`
		`+ --- a/capinfos.c`
		`+ +++ b/capinfos.c`
		`+ @@ -148,7 +148,6 @@ static gboolean cap_file_hashes = TRUE; /* Calculate file hashes */`
		`+`
		`+`
		`+ static gchar file_sha256[HASH_STR_SIZE];`
		`+ -static gchar file_rmd160[HASH_STR_SIZE];`
		`+ static gchar file_sha1[HASH_STR_SIZE];`
		`+`
		`+ static char *hash_buf = NULL;`
		`+ @@ -1024,11 +1023,6 @@ print_stats_table(const gchar filename, capture_info cf_info)`
		`+ printf("%s", file_sha256);`
		`+ putquote();`
		`+`
		`+ - putsep();`
		`+ - putquote();`
		`+ - printf("%s", file_rmd160);`
		`+ - putquote();`
		`+ -`
		`+ putsep();`
		`+ putquote();`
		`+ printf("%s", file_sha1);`
		`+ @@ -1168,7 +1162,6 @@ calculate_hashes(const char *filename)`
		`+ size_t hash_bytes;`
		`+`
		`+ (void) g_strlcpy(file_sha256, "<unknown>", HASH_STR_SIZE);`
		`+ - (void) g_strlcpy(file_rmd160, "<unknown>", HASH_STR_SIZE);`
		`+ (void) g_strlcpy(file_sha1, "<unknown>", HASH_STR_SIZE);`
		`+`
		`+ if (cap_file_hashes) {`
		`+ diff --git a/ui/qt/capture_file_properties_dialog.cpp b/ui/qt/capture_file_properties_dialog.cpp`
		`+ index 9e5b86a7fd..c77056818c 100644`
		`+ --- a/ui/qt/capture_file_properties_dialog.cpp`
		`+ +++ b/ui/qt/capture_file_properties_dialog.cpp`
		`+ @@ -175,11 +175,6 @@ QString CaptureFilePropertiesDialog::summaryToHtml()`
		`+ << table_data_tmpl.arg(summary.file_sha256)`
		`+ << table_row_end;`
		`+`
		`+ - out << table_row_begin`
		`+ - << table_vheader_tmpl.arg(tr("Hash (RIPEMD160)"))`
		`+ - << table_data_tmpl.arg(summary.file_rmd160)`
		`+ - << table_row_end;`
		`+ -`
		`+ out << table_row_begin`
		`+ << table_vheader_tmpl.arg(tr("Hash (SHA1)"))`
		`+ << table_data_tmpl.arg(summary.file_sha1)`
		`+ diff --git a/ui/summary.c b/ui/summary.c`
		`+ index 127698fd5c..58c7cd68a4 100644`
		`+ --- a/ui/summary.c`
		`+ +++ b/ui/summary.c`
		`+ @@ -21,7 +21,6 @@`
		`+`
		`+ // Strongest to weakest`
		`+ #define HASH_SIZE_SHA256 32`
		`+ -#define HASH_SIZE_RMD160 20`
		`+ #define HASH_SIZE_SHA1 20`
		`+`
		`+ #define HASH_BUF_SIZE (1024 * 1024)`
		`+ @@ -213,12 +212,10 @@ summary_fill_in(capture_file cf, summary_tally st)`
		`+ g_free(idb_info);`
		`+`
		`+ (void) g_strlcpy(st->file_sha256, "<unknown>", HASH_STR_SIZE);`
		`+ - (void) g_strlcpy(st->file_rmd160, "<unknown>", HASH_STR_SIZE);`
		`+ (void) g_strlcpy(st->file_sha1, "<unknown>", HASH_STR_SIZE);`
		`+`
		`+ gcry_md_open(&hd, GCRY_MD_SHA256, 0);`
		`+ if (hd) {`
		`+ - gcry_md_enable(hd, GCRY_MD_RMD160);`
		`+ gcry_md_enable(hd, GCRY_MD_SHA1);`
		`+ }`
		`+ hash_buf = (char *)g_malloc(HASH_BUF_SIZE);`
		`+ @@ -230,7 +227,6 @@ summary_fill_in(capture_file cf, summary_tally st)`
		`+ }`
		`+ gcry_md_final(hd);`
		`+ hash_to_str(gcry_md_read(hd, GCRY_MD_SHA256), HASH_SIZE_SHA256, st->file_sha256);`
		`+ - hash_to_str(gcry_md_read(hd, GCRY_MD_RMD160), HASH_SIZE_RMD160, st->file_rmd160);`
		`+ hash_to_str(gcry_md_read(hd, GCRY_MD_SHA1), HASH_SIZE_SHA1, st->file_sha1);`
		`+ }`
		`+ if (fh) fclose(fh);`
		`+ diff --git a/ui/summary.h b/ui/summary.h`
		`+ index 9063b99b77..95a51a38c0 100644`
		`+ --- a/ui/summary.h`
		`+ +++ b/ui/summary.h`
		`+ @@ -56,7 +56,6 @@ typedef struct _summary_tally {`
		`+ const char filename; /< path of capture file /`
		`+ gint64 file_length; /*< file length in bytes /`
		`+ gchar file_sha256[HASH_STR_SIZE]; /*< SHA256 hash of capture file /`
		`+ - gchar file_rmd160[HASH_STR_SIZE]; /*< RIPEMD160 hash of capture file /`
		`+ gchar file_sha1[HASH_STR_SIZE]; /*< SHA1 hash of capture file /`
		`+ int file_type; /*< wiretap file type /`
		`+ wtap_compression_type compression_type; /*< compression type of file, or uncompressed /`

wireshark.spec

file modified

+5 -1

		`@@ -6,7 +6,7 @@`
		`Summary: Network traffic analyzer`
		`Name: wireshark`
		`Version: 4.0.7`
		`- Release: 1%{?dist}`
		`+ Release: 2%{?dist}`
		`Epoch: 1`
		`License: GPL+`
		`Url: http://www.wireshark.org/`
		`@@ -28,6 +28,7 @@`
		`Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch`
		`Patch7: wireshark-0007-cmakelists.patch`
		`Patch8: wireshark-0008-glib2-g_strdup-build.patch`
		`+ Patch9: wireshark-0009-ripemd-fips-core-dump.patch`

		`#install tshark together with wireshark GUI`
		`Requires: %{name}-cli = %{epoch}:%{version}-%{release}`
		`@@ -279,6 +280,9 @@`
		`%{_libdir}/pkgconfig/%{name}.pc`

		`%changelog`
		`+ * Fri Jul 28 2023 Michal Ruprich <mruprich@redhat.com> - 1:4.0.7-2`
		`+ - Resolves: #2227004 - capinfos aborts in FIPS`
		`+`
		`* Fri Jul 14 2023 Michal Ruprich <mruprich@redhat.com> - 1:4.0.7-1`
		`- New version 4.0.7`