Closed Bug 1720228 Opened 3 months ago Closed 2 months ago

NSS incorrectly accepting 1536 bit DH primes in FIPS mode

Categories

(NSS :: Libraries, defect, P1)

3.67

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: rrelyea, Assigned: rrelyea)

References

Details

Attachments

(2 files)

When NSS is in FIPS mode, it should reject all primes smaller than 2048. The ike 1536 prime is in the accepted primes table. In FIPS mode it should be rejected.

The attach patch rejects that prime only in FIPS mode. The test cases were update to verify this. I'll submit this patch as a phabricator patch as well.

Assignee: nobody → rrelyea
Status: NEW → ASSIGNED

Would there be problematic consequences in rejecting even in non-fips mode?

Flags: needinfo?(rrelyea)
Priority: -- → P1

When NSS is in FIPS mode, it should reject all primes smaller than 2048. The ike 1536 prime is in the accepted primes table. In FIPS mode it should be rejected.

Probably not in ssl because I think we already reject them in SSL, but old IKE servers wouldn't connect. In general we only do this check if we are 1) in FIPS mode, or 2) the application triggers it by setting CKA_SUBPRIME on the imported key we are checking.

bob

Flags: needinfo?(rrelyea)
Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 3.69
You need to log in before you can comment on or make changes to this bug.