Bug 689612 - increase the maximum size of usable modulii for DH key agreement
Summary: increase the maximum size of usable modulii for DH key agreement
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nss
Version: 5.6
Hardware: All
OS: All
medium
medium
Target Milestone: rc
: ---
Assignee: Elio Maldonado Batiz
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 671277 1049888
TreeView+ depends on / blocked
 
Reported: 2011-03-21 21:45 UTC by Nalin Dahyabhai
Modified: 2014-02-04 15:05 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-02-04 13:18:20 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Nalin Dahyabhai 2011-03-21 21:45:09 UTC 
http://www.mozilla.org/projects/security/pki/nss/nss-3.11/nss-3.11-algorithms.html notes that NSS (or its soft token, at least) limits DH key agreement to situations where the modulus is at most 2236 bits.  This is still the value of DH_MAX_P_BITS in nss-3.12.8-1.el5.

The OpenSSL-based PKINIT implementation in MIT Kerberos can be configured to attempt to do so with a modulus of up to 4096 bits in size (Oakley group 16), so this is a potential interoperability problem for NSS-based PKINIT implementations.

Is it possible to raise this limit?
Comment 1 Elio Maldonado Batiz 2013-02-15 00:50:36 UTC 
The max size of the keys was increased to 16384 but it wan't until NSS-3.14.
https://bugzilla.mozilla.org/show_bug.cgi?id=596692
https://bugzilla.mozilla.org/show_bug.cgi?id=636802. 
On RHEL-5.x because of the need to preserve the FIPS validation softoken/freebl is at 3.11.5. Even RHEL-6.x is at softoken from 3.12.9, for FIPS reasons also, so it misses out on this change as well.
Comment 5 RHEL Program Management 2013-04-15 14:49:31 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 7 Ondrej Vasik 2013-05-15 11:41:28 UTC 
Could you please set devel_ack/condnack for 5.10 or postpone/close this bugzilla? Erratas should be filed by May 21st, so development phase is nearing its exit.
Comment 9 Elio Maldonado Batiz 2013-05-21 16:47:47 UTC 
(In reply to Ondrej Vasik from comment #7)
> Could you please set devel_ack/condnack for 5.10 or postpone/close this
> bugzilla? Erratas should be filed by May 21st, so development phase is
> nearing its exit.

(In reply to Karel Srot from comment #8)
> Hi,
> may I ask for a devel review with respect to 5.10 inclusion?

This bug needs to be included. In fact, the needed changes are actually committed already as consequence of having completely rebased nss to 3.14.3 to address Lucky 13.
Comment 10 Ondrej Vasik 2013-05-21 17:12:32 UTC 
Elio: If it needs to be included, please get devel_ack for it.
Comment 11 Bob Relyea 2013-05-21 22:19:42 UTC 
r+ rrelyea, this happened as part of the rebase anyway, but as well clear the bug report out.

bob
Comment 19 RHEL Program Management 2014-01-22 16:35:05 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 22 Karel Srot 2014-02-04 13:18:20 UTC 
Per comment #c21 this should be already fixed in RHEL-5.10 wit the rebase. Please reopen the bug if you find that not being correct.
Note You need to log in before you can comment on or make changes to this bug.