-
Notifications
You must be signed in to change notification settings - Fork 14.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FreeRDP crashes on system in FIPS mode #3412
Comments
I guess you have done your tests with master ? |
Yes, I did the tests with master and freerdp-1.0, both versions fail in the same way... |
@ondrejholy i might be mistaken but I think when you enable FIPS compliant security this applies only to the transport itself. MD4, MD5, .. might still be used/required in different other parts like for generating ntlm credentials. |
As far as I know, FIPS regulations applies on all used crypto algorithms. FreeRDP works correctly with server in FIPS mode, however doesn't work itself on a client system with enabled FIPS mode. NLA security can't be used with FIPS mode probably, because NTLM is not FIPS compliant, because it requires RC4 (see section 5.1 of [MS-NLMP]), and Kerberos is not implemented in FreeRDP. However TLS/RDP security should work with FIPS mode. Triple DES should be used for bulk encryption, and SHA-1 for any hashing operations (e.g. MAC generation). See sections 5.3.5/5.3.6 from [MS-RDPBCGR] for RDP security and section 5.4.1 for Enhanced RDP security. MD5/RC4 is still used in some cases, but I am convinced that it should be replaced by SHA-1 if FIPS encryption is used. Just a note that native Remote Desktop Connection client works correctly on system with enabled FIPS mode. |
Hello, From what @bmiklautz posted, does this mean we are just out of luck due to Windows RDP server services requiring bad cryptos? |
It fixes the following abortion on systems with enabled fips mode: md4_dgst.c(74): OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode! FreeRDP#3412
It fixes the following abortion on systems with enabled fips mode: md4_dgst.c(74): OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode! FreeRDP#3412
Hmm, FreeRDP seems to work for me on systems in FIPS mode with the patches I added in my fips branch. It can be used only with TLS security, because NLA is based on NTLM as I already mentioned and RDP security seems to use proprietary certificates which also needs MD5 (section 5.3.3 from [MS-RDPBCGR]). The first patch (63c6717) seems to be correct, however the second one (3c2a8fd) is just workaround to make it work. I am not really sure what to do with it, because the code (skipped by workaround) is needed by Platform Challenge messages. Those messages were not used when I was testing it, but I am afraid that they are used in some cases. Unfortunately [MS-RDPELE] doesn't contain notes regarding this :-( |
AFAICT FIPS mode is only in RDP security mode or I'm missing something ? |
Thanks for the reply @ondrejholy (though I'm not sure I fully grok it). I'll be tracking the issue via my Red Hat customer support ticket and I'll be on the lookout for a patched / QA package from them to test with. Our environment is moving toward full Windows 10 / WS2012+ and RHEL 7 so that'll be the client/server connection I'll be targeting for a fix and won't be making much effort to fix it on RHEL 6. |
I've tried wfreerdp on Windows with enabled "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" policy and it also works correctly, so it seems to me that this policy is something else than fips_mode on Linux... Maybe I am really trying to achieve something impossible. |
It fixes the following abortion on systems with enabled fips mode: md4_dgst.c(74): OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode! FreeRDP#3412
It fixes the following abortion on systems with enabled fips mode: md4_dgst.c(74): OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode! FreeRDP#3412
I have done some research here and have some comments/opinions on workarounds/solutions:
I think the big things here are missing kerberos support for NLA in freerdp and the RDP protocol continues to use bad cryptos in some case even when set to FIPS, and I believe the reason Microsoft has not bothered changing this is because these cases are not relied upon for security. Of course, this causes problems for freerdp since it relies on openssl for all crypto since openssl adheres strictly to fips. Any feedback or hole-punching in my opinions are welcome. |
Sorry, I had to stop working on that due to other issues, however, I will add a quick note. Yes, it is possible to use RC4/MD5 from OpenSSL even with fips=1 and I agree that it is ok for licensing code, because it is not relevant to security, and probably also the same for the certificate validation. It can be done over EVP_ functions (which needs to be used due to OpenSSL 1.1.0 anyway) thanks to the EVP_*_FLAG_NON_FIPS_ALLOW flags. Kerberos support is also on my todo... |
@ondrejholy Thanks for the info about the openssl override. It seems like overriding the particular cases deemed acceptable from a security standpoint would be the way to go. I would think freerdp should have a fips specific command-line argument to make sure openssl is in fips mode, force "/encryption-method:FIPS", force "-sec-nla" for now, and override crypto algorithms if absolutely necessary and not a security risk. Right now I am gathering up information on what we need to be done to get xfreerdp to work with FIPS, but am planning to look into doing some actual changes to that end in the near future time permitting. |
Do not generate keys which are not needed if FIPS encryption is used. It fixes the following abortion on systems with enabled FIPS mode: md4_dgst.c(74): OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode! FreeRDP#3412
FreeRDP crashes currently on systems with enabled FIPS mode because of the following abortion: md4_dgst.c(74): OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode! Crypto algorithms, which aren't FIPS-compliant (i.e. MD5, RC4), can be still used for some functionality, which isn't security-relevant (i.e. licensing). Let's add non_fips_allow parameter for crypto functions and allow weak ciphers in specific cases (i.e. licensing). The patch fixes OpenSSL abortions on systems with enabled FIPS mode. Consequently, FreeRDP works properly with RDP, or TLS security on systems with enabled FIPS mode. NLA security can't be used, because NTLM uses weak algorithms and it is security-relevant feature. FreeRDP#3412
The additional EVP_CipherInit_ex call is needed to handle EVP_CIPH_FLAG_NON_FIPS_ALLOW flag properly because of some bug in OpenSSL. FreeRDP#3412
See #3904 which will be merged hopefully soon. |
What kind of input needed to have it merged & released anytime soon? Launching full-blown windows install just to RDP to a few windows servers is quite a pita. |
My bad. Got to wait for release with this fix then. |
Closing as resolved, please reopen if still an issue. |
I enabled FIPS mode on Red Hat Enterprise Linux [1] and configured Microsoft Window Server to require FIPS-compliant encryption [2]. Consequently, xfreerdp crashes with the following error, when I try to connect to the server regardless of used security protocol:
md4_dgst.c(74): OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode!
I see several occurrences of MD4, MD5, RC4 algorithms in the FreeRDP codes. Those algorithms are not FIPS-compliant. However, I suppose that those algorithms should not be used if FIPS-compliant encryption is used...
[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/chap-Federal_Standards_and_Regulations.html
[2] https://technet.microsoft.com/en-us/library/cc770833.aspx
The text was updated successfully, but these errors were encountered: