From 642dd5f0606a6d70841c3fa112840f94b1d66a84 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@cvs.openbsd.org>
Date: Thu, 26 Jun 2008 09:19:41 +0000
Subject: when loading moduli from /etc/moduli in sshd(8), check that they are
 of the expected "safe prime" structure and have had appropriate primality
 tests performed; feedback and ok dtucker@

---
 usr.bin/ssh/dh.h | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

(limited to 'usr.bin/ssh/dh.h')

diff --git a/usr.bin/ssh/dh.h b/usr.bin/ssh/dh.h
index 8e580ee87de..dfc1480eac6 100644
--- a/usr.bin/ssh/dh.h
+++ b/usr.bin/ssh/dh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.9 2006/03/25 22:22:43 djm Exp $ */
+/* $OpenBSD: dh.h,v 1.10 2008/06/26 09:19:40 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
@@ -46,4 +46,28 @@ int	 dh_estimate(int);
 #define DH_GRP_MIN	1024
 #define DH_GRP_MAX	8192
 
+/*
+ * Values for "type" field of moduli(5)
+ * Specifies the internal structure of the prime modulus.
+ */
+#define MODULI_TYPE_UNKNOWN		(0)
+#define MODULI_TYPE_UNSTRUCTURED	(1)
+#define MODULI_TYPE_SAFE		(2)
+#define MODULI_TYPE_SCHNORR		(3)
+#define MODULI_TYPE_SOPHIE_GERMAIN	(4)
+#define MODULI_TYPE_STRONG		(5)
+
+/*
+ * Values for "tests" field of moduli(5)
+ * Specifies the methods used in checking for primality.
+ * Usually, more than one test is used.
+ */
+#define MODULI_TESTS_UNTESTED		(0x00)
+#define MODULI_TESTS_COMPOSITE		(0x01)
+#define MODULI_TESTS_SIEVE		(0x02)
+#define MODULI_TESTS_MILLER_RABIN	(0x04)
+#define MODULI_TESTS_JACOBI		(0x08)
+#define MODULI_TESTS_ELLIPTIC		(0x10)
+
+
 #endif
-- 
cgit v1.2.3