dhcp should be ported to use NSS library for cryptography.
See the tracking bug for details and links on how it could be done.
dhcp (both dhcpd and dhclient and dhcrelay) does not have any built-in
authentication code. dhcpd links with with libldap for sites wanting to store
DHCP server configuration data in an LDAP directory, so any authentication that
happens around DHCP is for connecting to the LDAP server and that's all handled
It contains built in MD5 and HMAC-MD5 algorithms. If they are used in security
relevant context they should be replaced with calls to NSS.
Oh right, my bad. For the dnssec stuff.
Created attachment 361986 [details]
Created attachment 361988 [details]
I've attached two patches I started to convert dhcp to the NSS libraries. Both patches are incomplete, but might be a starting place.
ISC DHCP hasn't used the code mentioned in comment #2 since version 4.2.0, see bug #849166.