Re: [exim-dev] [Bug 1837] small subgroup attack

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Viktor Dukhovni
Datum:  
To: exim-dev
Betreff: Re: [exim-dev] [Bug 1837] small subgroup attack

> On May 26, 2016, at 11:43 AM, admin@??? wrote:
>
> I see no mention in Exim source of DH_check_pub_key() currently.
> Nor do I find it documented on www.openssl.org
>
> Perhaps you could volunteer to proposed code modifications, and see it through
> expert review and testing?


That function is used internally in OpenSSL to verify keys as part of DH key
agreement. Yes it is not documented. Exim need not call it, it just needs
to provide "DSA-style" DH parameters (p, q, g) when using a DSA-style group,
rather than a safe-prime group where just (p, g) suffice. It is even better
to not use DSA-style groups. Their performance advantage is not worth the
security risks. The informational RFC that introduced these groups was not
sufficiently well reviewed.

$ git grep DH_check_pub_key master
master:crypto/dh/dh_check.c:int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
master:crypto/dh/dh_key.c:    if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
master:include/openssl/dh.h:/* DH_check_pub_key error codes */
master:include/openssl/dh.h:int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
master:util/libcrypto.num:DH_check_pub_key                        3416  1_1_0   EXIST::FUNCTION:DH


$ git grep DH_check_pub_key OpenSSL_1_0_2-stable
OpenSSL_1_0_2-stable:crypto/dh/dh.h:/* DH_check_pub_key error codes */
OpenSSL_1_0_2-stable:crypto/dh/dh.h:int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
OpenSSL_1_0_2-stable:crypto/dh/dh_check.c:int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
OpenSSL_1_0_2-stable:crypto/dh/dh_key.c:    if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
OpenSSL_1_0_2-stable:util/libeay.num:DH_check_pub_key                        3774       EXIST::FUNCTION:DH


$ git grep DH_check_pub_key OpenSSL_1_0_1-stable
OpenSSL_1_0_1-stable:crypto/dh/dh.h:/* DH_check_pub_key error codes */
OpenSSL_1_0_1-stable:crypto/dh/dh.h:int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
OpenSSL_1_0_1-stable:crypto/dh/dh_check.c:int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
OpenSSL_1_0_1-stable:crypto/dh/dh_key.c:    if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
OpenSSL_1_0_1-stable:util/libeay.num:DH_check_pub_key                        3774       EXIST::FUNCTION:DH


-- 
    Viktor.