Re: Replacing the EDH SKIP primes

On Tue, Jul 02, 2019 at 08:14:25AM +0100, Peter Eisentraut wrote:
> It appears that we have consensus to go ahead with this.

Yeah, I was planning to look at that one next.  Or perhaps you would
like to take care of it, Peter?

> <paranoia>
> I was wondering whether the provided binary blob contained any checksums
> or other internal checks.  How would we know whether it contains
> transposed characters or replaces a 1 by a I or a l?  If I just randomly
> edit the blob, the ssl tests still pass.  (The relevant load_dh_buffer()
> call does get called by the tests.)  How can we make sure we actually
> got a good copy?
> </paranoia>

PEM_read_bio_DHparams() has some checks on the Diffie-Hellman key, but
it is up to the caller to make sure that it is normally providing a
prime number in this case to make the cracking harder, no?  RFC 3526
has a small formula in this case, which we can use to double-check the
patch.
--
Michael