1462312 – PKCS#12 export uses low iteration counts

Bug 1462312 - PKCS#12 export uses low iteration counts

Summary: PKCS#12 export uses low iteration counts

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	nss
Sub Component:
Version:	7.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Daiki Ueno
QA Contact:	Hubert Kario
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	rhel7-nss-pkcs12
TreeView+	depends on / blocked

Reported:	2017-06-16 17:27 UTC by Hubert Kario
Modified:	2018-04-10 09:46 UTC (History)
CC List:	5 users (show)
Fixed In Version:	nss-3.34.0-1.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1511567 (view as bug list)
Environment:
Last Closed:	2018-04-10 09:44:43 UTC
Target Upstream Version:

Attachments	(Terms of Use)
processing times for different ciphers (16.76 KB, image/png) 2017-10-25 18:41 UTC, Hubert Kario	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Mozilla Foundation	1278071	P3	RESOLVED	increase number of iterations for export to PKCS #12	2020-03-09 09:48:58 UTC
Red Hat Bugzilla	1384147	None	None	None	Never
Red Hat Bugzilla	1559989	None	None	None	Never
Red Hat Product Errata	RHEA-2018:0679	None	None	None	2018-04-10 09:46:03 UTC

Internal Links: 1384147 1559989

Description Hubert Kario 2017-06-16 17:27:17 UTC

Description of problem:
When PKCS#12 file is created using pk12util, it uses hmacWithSHA1 as the PRF for PBKDF2 and only 2000 iterations of that function.

Version-Release number of selected component (if applicable):
nss-3.28.4-8.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
export PKCS#12 file from NSS db using pk12util -o, inspect using openssl pkcs12 or openssl asn1parse

Actual results:
PBKDF2 always uses SHA1 and always uses 2000 iterations

Expected results:
default to SHA256 and higher number of iterations (a million or so, optimally dependent on the speed of CPU)

Additional info:

Comment 4 Hubert Kario 2017-10-25 18:41:42 UTC

Created attachment 1343377 [details]
processing times for different ciphers

It will now take about 2s to export key on a 2.6GHz Haswell machine with default settings.
3s if both key and certificate is encrypted with AES-256-CBC.

that seems to me like acceptable performance

Comment 15 errata-xmlrpc 2018-04-10 09:44:43 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0679

Note You need to log in before you can comment on or make changes to this bug.