https://bugs.exim.org/show_bug.cgi?id=1837
--- Comment #2 from Luke Valenta <[email protected]> --- Sure, perhaps you could take a look at Section 1.2 of https://www.ietf.org/rfc/rfc2785.txt for a brief overview of small subgroup attacks. There is still a decent amount of crypto/number theory involved though, so be warned. From a programming perspective, fixing this bug to include proper subgroup validation would involve specifying the subgroup order q as part of the Diffie-Hellman parameters in https://github.com/Exim/exim/blob/master/src/src/std-crypto.c, and whenever a Diffie-Hellman public value is received as part of a key exchange, making sure that you call the OpenSSL DH_check_pub_key function with dh->q defined. Please let me know if there is anything in particular that you would like me to clarify. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
