Bug 346801

Summary: Port dhcp to use NSS library for cryptography
Product: [Fedora] Fedora Reporter: Peter Vrabec <pvrabec>
Component: dhcpAssignee: Jiri Popelka <jpopelka>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: tmraz
Target Milestone: ---Keywords: FutureFeature, Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-17 14:41:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 333741    
Attachments:
Description Flags
dhcp-4.0.0-nss.patch
none
dhcp-4.1.0-nss.patch none

Description Peter Vrabec 2007-10-23 10:17:33 UTC 
dhcp should be ported to use NSS library for cryptography.
See the tracking bug for details and links on how it could be done.
Comment 1 David Cantrell 2007-10-23 14:45:29 UTC 
dhcp (both dhcpd and dhclient and dhcrelay) does not have any built-in
authentication code.  dhcpd links with with libldap for sites wanting to store
DHCP server configuration data in an LDAP directory, so any authentication that
happens around DHCP is for connecting to the LDAP server and that's all handled
by OpenLDAP.
Comment 2 Tomas Mraz 2007-10-23 14:55:36 UTC 
It contains built in MD5 and HMAC-MD5 algorithms. If they are used in security
relevant context they should be replaced with calls to NSS.
Comment 3 David Cantrell 2007-10-23 15:03:41 UTC 
Oh right, my bad.  For the dnssec stuff.
Comment 4 David Cantrell 2009-09-21 20:24:17 UTC 
Created attachment 361986 [details]
dhcp-4.0.0-nss.patch
Comment 5 David Cantrell 2009-09-21 20:24:38 UTC 
Created attachment 361988 [details]
dhcp-4.1.0-nss.patch
Comment 6 David Cantrell 2009-09-21 20:25:09 UTC 
I've attached two patches I started to convert dhcp to the NSS libraries.  Both patches are incomplete, but might be a starting place.
Comment 7 Jiri Popelka 2012-08-17 14:41:10 UTC 
ISC DHCP hasn't used the code mentioned in comment #2 since version 4.2.0, see bug #849166.

Closing therefore.