RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1585191 - Cockpit dashboard fails when run on a FIPS 140-2 compliant system.
Summary: Cockpit dashboard fails when run on a FIPS 140-2 compliant system.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: cockpit
Version: 7.4
Hardware: x86_64
OS: Linux
low
low
Target Milestone: rc
: 7.6
Assignee: Martin Pitt
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On: 1637182
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-06-01 12:56 UTC by Anthony Zone
Modified: 2022-03-13 15:04 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1637069 (view as bug list)
Environment:
Last Closed: 2018-11-28 08:01:31 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Patch to suppor sha256 hashes for pubkeys on libssh-0.7.x (5.52 KB, patch)
2018-08-24 11:14 UTC, Andreas Schneider 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3712 0 None None None 2018-11-28 08:01:37 UTC

Description Anthony Zone 2018-06-01 12:56:42 UTC 
Description of problem:  Cockpit dashboard fails with "Cockpit is not installed" when attempting to connect to a remote system, when the dashboard is being run on a FIPS 140-2 compliant system.

Version-Release number of selected component (if applicable):


How reproducible:
Every time

Steps to Reproduce:
1. Install cockpit and cockpit-bridge
2. Enable FIPS
3. Attempt to add a remote system to the dashboard

Actual results:
Cockpit dashboard fails with "Cockpit is not installed" when attempting to connect to a remote system, when the dashboard is being run on a FIPS 140-2 compliant system.

The following error is seen in the logs:

OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!

Expected results:
Cockpit connects to remote systems and displays them on the dashboard while FIPS is enabled on the dashboard system.

Additional info:
(gdb) bt
#0  0x00007f0d5e274207 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007f0d5e2758f8 in __GI_abort () at abort.c:90
#2  0x00007f0d5bc1598f in OpenSSLDie () from /lib64/libcrypto.so.10
#3  0x00007f0d5bc1c209 in MD5_Init () from /lib64/libcrypto.so.10
#4  0x00007f0d5e843ceb in md5_init () at /usr/src/debug/libssh-0.7.1/src/libcrypto.c:243
#5  0x00007f0d5e83f827 in ssh_get_publickey_hash (key=<optimized out>, type=type@entry=SSH_PUBLICKEY_HASH_MD5, hash=hash@entry=0x7ffc5b6fbee8, hlen=hlen@entry=0x7ffc5b6fbef0)
    at /usr/src/debug/libssh-0.7.1/src/dh.c:1052
#6  0x00005628157639dd in verify_knownhost (host=0x562816108140 "server", port=<optimized out>, data=0x5628161054b0) at src/ssh/cockpitsshrelay.c:677
#7  cockpit_ssh_connect (out_channel=0x562816102080, host_arg=<optimized out>, data=0x5628161054b0) at src/ssh/cockpitsshrelay.c:1356
#8  cockpit_ssh_relay_start (outfd=4, self=0x562816102000) at src/ssh/cockpitsshrelay.c:2101
#9  cockpit_ssh_relay_new (connection_string=<optimized out>, outfd=outfd@entry=4) at src/ssh/cockpitsshrelay.c:2235
#10 0x0000562815760ad3 in main (argc=2, argv=0x7ffc5b6fc088) at src/ssh/ssh.c:93
#6  0x00005628157639dd in verify_knownhost (host=0x562816108140 "server", port=<optimized out>, data=0x5628161054b0) at src/ssh/cockpitsshrelay.c:677

(gdb) f
677	  if (ssh_get_publickey_hash (key, SSH_PUBLICKEY_HASH_MD5, &hash, &len) < 0)
(gdb) list
672	      g_warning ("Couldn't lookup host key type");
673	      ret = "internal-error";
674	      goto done;
675	    }
676	
677	  if (ssh_get_publickey_hash (key, SSH_PUBLICKEY_HASH_MD5, &hash, &len) < 0) <- This operation is not allowed in FIPS mode
678	    {
679	      g_warning ("Couldn't hash ssh public key");
680	      ret = "internal-error";
681	      goto done;
Comment 2 Martin Pitt 2018-06-15 09:12:04 UTC 
Thanks for the detailled report! Indeed cockpit-ssh only checks for MD5, but today's SSH offers and defaults to other hashes (in particular, SHA2). So we should detect the hash type, or at least try all of them (it seems current libssh only supports HASH_MD5 and HASH_SHA1 anyway, both of which are already broken).

To ensure that we can reproduce/verify this properly: How do you enable FIPS mode?
Comment 3 Anthony Zone 2018-06-19 13:05:49 UTC 
Good day Martin,

There's a series of steps to make sure a system is FIPS compliant.  Here's the steps that I used when I set it up on my end:

How can I make RHEL 6 or RHEL 7 FIPS 140-2 compliant?
https://access.redhat.com/solutions/137833

If that doesn't work for you or you need steps directly in the case, please let me know and I can update that.

Thanks and have a great day!
Best Regards,

Anthony Zone, RHCE
Senior Technical Support Engineer, Services Support Team
Customer Experience & Engagement - North America
Red Hat, Inc.
1.888.GO.REDHAT
Comment 8 Andreas Schneider 2018-08-20 17:57:51 UTC 
This has already be implemented and will be in libssh-0.8.2 later this week:

https://git.libssh.org/users/asn/libssh.git/log/?h=master-pubkey-hash
Comment 9 Martin Pitt 2018-08-23 09:37:27 UTC 
I tried to reproduce this on Fedora 28 with enabling FIPS, and this crash does not happen there. Adding an unknown host and showing its fingerprint works fine.

But I can reproduce this on current RHEL 7.6. To fix this in RHEL 7, we can't make use of the new libssh 0.8 API, but we can just use a more modern hash and use glib's hash functions instead of libssh's.
Comment 10 Andreas Schneider 2018-08-23 11:37:21 UTC 
We could also backport the patch to libssh-0.7 that you have the function available there ...
Comment 11 Martin Pitt 2018-08-23 15:15:29 UTC 
There's actually two separate aspects here:

 * For stable releases like RHEL 7, I don't actually think we should change the hash away from MD5. Even modern ssh still shows fingerprints with both MD5 (for historical reasons) and sha256 these days, and presenting the hash differently in a stable OS update seems somewhat unfriendly.

  So for fixing this *particular* crash but keeping MD5, using glib's MD5 method might be an option (I still need to verify that this actually works, and does not use the very same MD5 function from OpenSSL). Of course that means to implement the hashing of the ssh_key in cockpit-ssh, which is something I'd much rather avoid.

 * For future releases and upstream, using the libssh 0.8 API and moving to SHA256 seems prudent. Users need to get weaned off of MD5 fingerprints at some point :-), and a major change like RHEL 8 is an adequate time for such a change.

It's a bit annoying that this is an assertion in OpenSSL, as opposed to just a failing function. That makes it harder to do a runtime check, which would allow us to present an SHA256 hash *if* MD5 is not allowed, for RHEL 7.

cockpit-ssh could do something like

   if /proc/sys/crypto/fips_enabled == 1
        fingerprint = SHA256 sig
   else
        fingerprint = MD5 sig


But that would then mean supporting both cases, including a duplicate set of translated strings, for a while.

So in summary, backporting the new libssh API and moving to SHA256 fingerprints everywhere (including RHEL 7) would be a clean and safe implementation, but might upset some customers. But keeping MD5 and reimplementing the hashing with glib (or something else) is a security-sensitive and intrusive change for a stable release update. 

So, rock <-> hard place :(
Comment 12 Martin Pitt 2018-08-24 09:43:03 UTC 
Some more facts:

- On current RHEL 7.6, the "ssh" CLI shows fingerprints with SHA1 and SHA256 by default, not even MD5. 

- I went through all strings that concern fingerprints in Cockpit, and there is only one that explicitly mentions "MD5". This isn't even translatable (which is a bug, but one that plays into our favor for getting a freeze exception :) ). Thus changing the algorithm or supporting two different ones for some time is not that intrusive.

I checked libssh 0.8.1's API, and I don't see a function that returns the raw bytes/numbers of an ssh_key, so attempting to use a different hash function from glib or so isn't very practical.

So how about this:

 - Wait until libssh 0.8.2 hits Fedora and RHEL 8.
 - Add a configure check to Cockpit that checks for SSH_PUBLICKEY_HASH_SHA256, and if available, use SHA256 instead of MD5. Adjust tests to get along with either.
 - Backport the SSH_PUBLICKEY_HASH_SHA256 libssh support to RHEL 7 (as you proposed)
 - Backport the Cockpit change to RHEL 7. Justification is that MD5 has been broken for a long time, and the command line SSH does not show it by default.

Does that sound reasonable to you?
Comment 13 Andreas Schneider 2018-08-24 11:14:38 UTC 
Created attachment 1478462 [details]
Patch to suppor sha256 hashes for pubkeys on libssh-0.7.x

It does for me.

I couldn't release 0.8.2 yet as I need abimap-0.3.1 which is not available on openSUSE Tumbleweed yet. However it should be on Monday.
Comment 14 Martin Pitt 2018-10-08 20:50:31 UTC 
Adjusting depends/blocks for RHEL 7. I just filed bug 1637182 about the necessary libssh backports, fixing this bug in RHEL 7 is blocked on that.
Comment 15 Martin Pitt 2018-10-28 13:40:01 UTC 
In bug 1637182 I pushed SHA256 support patches to dist-git, plus the fix for the "interactive keyboard" authentication (bug 1640812). I locally mockbuilt libssh and cockpit with the corresponding fix, and everything works -- I get SHA256 fingerprints, and it does not crash in FIPS mode.

Now I just need to figure out how to build cockpit against that pending libssh update.
Comment 16 Martin Pitt 2018-10-28 13:55:26 UTC 
I tried an initial scratch build here: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=18953765

As I feared, this doesn't see the new libssh update from https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=789421 , even though I tagged that with extras-rhel-7.6-go-toolset-candidate. Will ask Djordje tomorrow.
Comment 17 Martin Pitt 2018-10-28 14:06:04 UTC 
Repo for updated libssh, in case it helps: http://brew-task-repos.usersys.redhat.com/repos/official/libssh/0.7.1/7.el7/libssh-0.7.1-7.el7.repo
Comment 25 errata-xmlrpc 2018-11-28 08:01:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3712
Note You need to log in before you can comment on or make changes to this bug.