Commit Graph

61 Commits

Author SHA1 Message Date
akallabeth
00f2679eda [core,security] refactor functions to check lengths 2023-02-03 11:09:59 +01:00
akallabeth
da5080e557 [core] refactor rdp encryption lock 2023-02-03 11:09:59 +01:00
akallabeth
a082f2b78a [core] improve logging 2023-02-03 11:09:59 +01:00
akallabeth
4b0fcb3dac [core,licensing] replaced WINPR_MD5_DIGEST_LENGTH with sizeof() 2023-02-03 11:09:59 +01:00
akallabeth
2c2e9602b3 [core] refactor certificate handling
* Remove duplications in rdpRsaKey, reuse rdpCertificate for public
  components
* Move all private key and certificate code to certificate.c,
  remove the tssk_* variables from gcc
* Handle update of client and server random keys in wrapping functions
* Simplify gcc_write_server_security_data, use certificate.c functions
  to write the certificate data
* Refactor security_establish_keys, use the random values stored in
  settings directly
2023-02-03 11:09:59 +01:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message
prefer the log formatter to provide that information.
2023-01-25 16:26:39 +01:00
akallabeth
033ffff428 [core] initialize stack variables, improve logging 2023-01-24 10:16:55 +01:00
akallabeth
1304af4748 [core,rdp] Refactor rdp security encryption
Unify rc4 encryption key handling, use common free and reset functions
2022-11-25 12:35:14 +01:00
akallabeth
c8956513d6 [core,rdp] Add a check for broken RDP security
RDP security is rarely used nowadays, but there have been reports about
situations where the encryption key is missing.
Add this check to properly terminate the connection in case of such an
unexpected event.
2022-11-25 12:35:14 +01:00
akallabeth
73cdcdfe09
Logging and parser fixes (#7796)
* Fixed remdesk settings pointer

* Fixed sign warnings in display_write_monitor_layout_pdu

* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context

* Added and updates settings

* info assert/dynamic timezone

* mcs assert/log/flags

* Fixed and added assertions for wStream

* Unified stream length checks

* Added new function to check for lenght and log
* Replace all usages with this new function

* Cleaned up PER, added parser logging

* Cleaned up BER, added parser logging

* log messages

* Modified Stream_CheckAndLogRequiredLengthEx

* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list

* Improved Stream_CheckAndLogRequiredLength

* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected

* Fixed public API input checks
2022-04-19 14:29:17 +02:00
Armin Novak
4d03d7c0bf Freerdp remove #ifdef HAVE_CONFIG_H 2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809 Reorganized FreeRDP headers 2022-03-03 11:26:48 +01:00
Armin Novak
5afa592244 Fixed cast-qual warnings 2021-08-24 11:10:51 +02:00
Armin Novak
09111c9270 libfreerdp: Fixed warnings, added assertions 2021-06-18 11:32:16 +02:00
akallabeth
6490106600 Lock remaining occurances of security_encrypt/security_decrypt variables 2020-06-02 13:31:17 +02:00
akallabeth
a381dd1a27 Lock security_decrypt to avoid simultaneous counter manipulation 2020-06-02 13:31:17 +02:00
akallabeth
fe3e7eaa34 Fixed GHSL-2020-101 missing NULL check 2020-05-20 15:10:07 +02:00
akallabeth
a1f2c1e161 Fixed #6156: Enforce synchronized encrypt count
Old style RDP encryption uses a counter, synchronize this for
packets send from different threads.
2020-05-12 15:34:57 +02:00
Armin Novak
7c243da6e1 Remove symbols exported by accident. 2019-12-02 10:57:31 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Ondrej Holy
0389cb129e core: Fix array overrunning during FIPS keys generation
p is 20 and r is 1 in the last iteration of fips_expand_key_bits,
which means that buf[21] is read (of BYTE buf[21];). However,
the value is not needed, because it is consequently discarded by
"c & 0xfe" statement. Let's do not read buf[p + 1] when r is 1
to avoid this.
2017-12-19 10:29:16 +01:00
Armin Novak
4fe12b0ea3 Fix #4247: warnings introduced with #3904 2017-11-20 10:18:15 +01:00
Brent Collins
9ca9df1ead Make the new winpr_Digest*MD5_Allow_FIPS functions more generic to no longer be MD5 specific in design. This way the FIPS override
could easily be extended to more digests in the future. For now, an attempt to use these functions with anything other than MD5 will
not work.
2017-11-17 12:43:07 +01:00
Brent Collins
68ab485e63 Fix logic error in reworked MD5 call for establishing keys, and fix some minor whitespace issues. 2017-11-17 12:43:07 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode.
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
2017-11-17 12:43:06 +01:00
David Fort
a132922376 Add checks for DR channel 2017-10-04 10:30:47 +02:00
Armin Novak
8292b4558f Fix TALOS issues
Fix the following issues identified by the CISCO TALOS project:
 * TALOS-2017-0336 CVE-2017-2834
 * TALOS-2017-0337 CVE-2017-2834
 * TALOS-2017-0338 CVE-2017-2836
 * TALOS-2017-0339 CVE-2017-2837
 * TALOS-2017-0340 CVE-2017-2838
 * TALOS-2017-0341 CVE-2017-2839
2017-07-20 09:28:47 +02:00
Armin Novak
c33754ae1d Fixed unused and uninitialized warnings. 2016-12-01 15:36:49 +01:00
Norbert Federa
53bd98883e winpr/crypt api changes and memory leak fixes
- winpr_HMAC_New() now just returnes the opaque WINPR_HMAC_CTX* pointer
  which has to be passed to winpr_HMAC_Init() for (re)initialization
  and since winpr_HMAC_Final() no more frees the context you always have to
  use the new function winpr_HMAC_Free() once winpr_HMAC_New() has succeded

- winpr_Digest_New() now just returns the opaque WINPR_DIGEST_CTX* pointer
  which has to be passed to winpr_Digest_Init() for (re)initialization
  and since winpr_Digest_Final() no more frees the context you always have to
  use the new function winpr_Digest_Free() once winpr_Digest_New() has succeded
2016-11-24 18:27:29 +01:00
Norbert Federa
7befab856c Support for OpenSSL 1.1.0 2016-11-24 17:50:09 +01:00
Armin Novak
b429d230cb Refactored crypto *_New functions. 2016-02-29 09:00:02 +01:00
Armin Novak
92c15783dc Updated RC4 API, fixed crashing bug. 2016-02-28 11:19:29 +01:00
Armin Novak
238ff3b315 Unified encryption functions. 2016-02-27 23:28:49 +01:00
Armin Novak
7a253bae42 Replaced magic numbers with defines. 2016-02-26 09:27:53 +01:00
Armin Novak
f997421098 Unified hmac functions. 2016-02-24 21:50:08 +01:00
Armin Novak
ada2b16c50 Unified RC4 functions. 2016-02-24 17:04:03 +01:00
Armin Novak
06da644007 Unified md5 functions. 2016-02-24 16:46:25 +01:00
Armin Novak
0e4ea3943a Unified sha1 functions. 2016-02-24 16:36:15 +01:00
David FORT
c03bf75896 Take in account @nfedera's comments 2015-04-07 21:06:53 +02:00
David FORT
0eb399a717 Treat return values for security.c
This patch make functions in security.c return values when they should instead of
beeing void. And it also fix the callers of these functions.
2015-04-01 11:11:37 +02:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Armin Novak
2f519d7f16 Replaced logging in libfreerdp with wlog defines. 2014-09-15 08:48:46 +02:00
Armin Novak
f4c133eaf8 Replaced custom logging mechanism with WLog wrapper. 2014-08-07 16:51:24 +02:00
Norbert Federa
18cb418c81 core: FIPS for fastpath and RDP security fixes
- fixed invalid stream position if extEncryptionMethods is not used
- enabled 56bit rdp security method
- fixed entropy reduction of the keys for 40 bit and 56 bit
- added rdp security incl. FIPS for fastpath output
- added FIPS encryption to fast path input
- fixed FIPS key generation in server mode
- fixed stream length correction in FIPS mode
- added rdp encryption for licensing packets (apparently some clients,
  specifically cetsc, require the license packets received from the
  server to be encrypted under certain RDP encryption levels)
- replace errnous virtual extended mouse event in focus in event
2014-04-02 14:17:39 +02:00
Hardening
ac7507ab8d Adds some check to treat OOM problems + RDP security fix
Malloc can fail so it will, this patch adds some check in some places
where malloc/strdup results were not checked.

This patch also contains a server side fix for RDP security (credit to nfedera).
The signature len was badly set in the GCC packet. And some other RDP security
oriented fixes are also there.
2014-03-25 23:13:08 +01:00
Hardening
7701c9d934 Replace printf(...) by fprintf(stderr, ...) 2013-03-28 23:06:34 +01:00
Vic Lee
7d58aac24f security: add a NULL pointer check to fix a server crash. 2013-03-05 15:08:03 +08:00
rdp.effort
dc967dcc89 adding const qualifiers for security.[c|h] helps understand inputs and
outputs
2013-01-11 01:15:52 +01:00
Marc-André Moreau
335add832d libfreerdp-core: split code from rpc.c to rpc_bind.c and rpc_fault.c 2012-11-28 00:32:12 -05:00
Marc-André Moreau
410b7ab867 libfreerdp-core: rdpSettings refactoring (part 4) 2012-11-07 23:29:24 -05:00