On Tue, Jul 02, 2019 at 08:14:25AM +0100, Peter Eisentraut wrote:
> It appears that we have consensus to go ahead with this.
Yeah, I was planning to look at that one next. Or perhaps you would
like to take care of it, Peter?
> <paranoia>
> I was wondering whether the provided binary blob contained any checksums
> or other internal checks. How would we know whether it contains
> transposed characters or replaces a 1 by a I or a l? If I just randomly
> edit the blob, the ssl tests still pass. (The relevant load_dh_buffer()
> call does get called by the tests.) How can we make sure we actually
> got a good copy?
> </paranoia>
PEM_read_bio_DHparams() has some checks on the Diffie-Hellman key, but
it is up to the caller to make sure that it is normally providing a
prime number in this case to make the cracking harder, no? RFC 3526
has a small formula in this case, which we can use to double-check the
patch.
--
Michael
