Bug 689612

Summary: increase the maximum size of usable modulii for DH key agreement
Product: Red Hat Enterprise Linux 5 Reporter: Nalin Dahyabhai <nalin>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.6CC: amarecek, avagarwa, emaldona, hkario, kengert, ksrot, nalin, ovasik, pwouters, rrelyea
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-04 13:18:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 671277, 1049888    

Description Nalin Dahyabhai 2011-03-21 21:45:09 UTC
http://www.mozilla.org/projects/security/pki/nss/nss-3.11/nss-3.11-algorithms.html notes that NSS (or its soft token, at least) limits DH key agreement to situations where the modulus is at most 2236 bits.  This is still the value of DH_MAX_P_BITS in nss-3.12.8-1.el5.

The OpenSSL-based PKINIT implementation in MIT Kerberos can be configured to attempt to do so with a modulus of up to 4096 bits in size (Oakley group 16), so this is a potential interoperability problem for NSS-based PKINIT implementations.

Is it possible to raise this limit?

Comment 1 Elio Maldonado Batiz 2013-02-15 00:50:36 UTC
The max size of the keys was increased to 16384 but it wan't until NSS-3.14.
https://bugzilla.mozilla.org/show_bug.cgi?id=596692
https://bugzilla.mozilla.org/show_bug.cgi?id=636802. 
On RHEL-5.x because of the need to preserve the FIPS validation softoken/freebl is at 3.11.5. Even RHEL-6.x is at softoken from 3.12.9, for FIPS reasons also, so it misses out on this change as well.

Comment 5 RHEL Program Management 2013-04-15 14:49:31 UTC
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.

Comment 7 Ondrej Vasik 2013-05-15 11:41:28 UTC
Could you please set devel_ack/condnack for 5.10 or postpone/close this bugzilla? Erratas should be filed by May 21st, so development phase is nearing its exit.

Comment 9 Elio Maldonado Batiz 2013-05-21 16:47:47 UTC
(In reply to Ondrej Vasik from comment #7)
> Could you please set devel_ack/condnack for 5.10 or postpone/close this
> bugzilla? Erratas should be filed by May 21st, so development phase is
> nearing its exit.

(In reply to Karel Srot from comment #8)
> Hi,
> may I ask for a devel review with respect to 5.10 inclusion?

This bug needs to be included. In fact, the needed changes are actually committed already as consequence of having completely rebased nss to 3.14.3 to address Lucky 13.

Comment 10 Ondrej Vasik 2013-05-21 17:12:32 UTC
Elio: If it needs to be included, please get devel_ack for it.

Comment 11 Bob Relyea 2013-05-21 22:19:42 UTC
r+ rrelyea, this happened as part of the rebase anyway, but as well clear the bug report out.

bob

Comment 19 RHEL Program Management 2014-01-22 16:35:05 UTC
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.

Comment 22 Karel Srot 2014-02-04 13:18:20 UTC
Per comment #c21 this should be already fixed in RHEL-5.10 wit the rebase. Please reopen the bug if you find that not being correct.