Closed Bug 1720228 Opened 4 years ago Closed 4 years ago

NSS incorrectly accepting 1536 bit DH primes in FIPS mode

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Version:
3.67
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: rrelyea, Assigned: rrelyea)

References

Details

Attachments

(2 files)

nss-3.66-no-small-primes.patch
4.18 KB, patch
Details | Diff | Splinter Review
Bug 1720228 NSS incorrectly accepting 1536 bit DH primes in FIPS mode
48 bytes, text/x-phabricator-request
Details | Review

When NSS is in FIPS mode, it should reject all primes smaller than 2048. The ike 1536 prime is in the accepted primes table. In FIPS mode it should be rejected.

The attach patch rejects that prime only in FIPS mode. The test cases were update to verify this. I'll submit this patch as a phabricator patch as well.

Assignee: nobody → rrelyea
Status: NEW → ASSIGNED

Would there be problematic consequences in rejecting even in non-fips mode?

Flags: needinfo?(rrelyea)
Priority: -- → P1

When NSS is in FIPS mode, it should reject all primes smaller than 2048. The ike 1536 prime is in the accepted primes table. In FIPS mode it should be rejected.

Probably not in ssl because I think we already reject them in SSL, but old IKE servers wouldn't connect. In general we only do this check if we are 1) in FIPS mode, or 2) the application triggers it by setting CKA_SUBPRIME on the imported key we are checking.

bob

Flags: needinfo?(rrelyea)
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.69
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: