- djm@cvs.openbsd.org 2003/12/22 09:16:58

[moduli.c ssh-keygen.1 ssh-keygen.c]
     tidy up moduli generation debugging, add -v (verbose/debug) option to
     ssh-keygen; ok markus@

ChangeLog

@@ -1,3 +1,10 @@
+20031231
+ - (dtucker) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2003/12/22 09:16:58
+     [moduli.c ssh-keygen.1 ssh-keygen.c]
+     tidy up moduli generation debugging, add -v (verbose/debug) option to
+     ssh-keygen; ok markus@
+
 20031219
  - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we
    typedef size_t ourselves.
@@ -1616,4 +1623,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3152 2003/12/18 23:58:43 dtucker Exp $
+$Id: ChangeLog,v 1.3153 2003/12/31 00:34:51 dtucker Exp $

moduli.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.4 2003/12/09 13:52:55 dtucker Exp $ */
+/* $OpenBSD: moduli.c,v 1.5 2003/12/22 09:16:57 djm Exp $ */
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -72,9 +72,10 @@
 #define QTEST_JACOBI            (0x08)
 #define QTEST_ELLIPTIC          (0x10)
 
-/* Size: decimal.
+/*
+ * Size: decimal.
  * Specifies the number of the most significant bit (0 to M).
- ** WARNING: internally, usually 1 to N.
+ * WARNING: internally, usually 1 to N.
  */
 #define QSIZE_MINIMUM           (511)
 
@@ -169,7 +170,7 @@ sieve_large(u_int32_t s)
 {
 	u_int32_t r, u;
 
-	debug2("sieve_large %u", s);
+	debug3("sieve_large %u", s);
 	largetries++;
 	/* r = largebase mod s */
 	r = BN_mod_word(largebase, s);
@@ -474,6 +475,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
 			debug2("%10u: known composite", count_in);
 			continue;
 		}
+
 		/* tries */
 		in_tries = strtoul(cp, &cp, 10);
 
@@ -498,13 +500,20 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
 			in_size += 1;
 			generator_known = 0;
 			break;
-		default:
+		case QTYPE_UNSTRUCTURED:
+		case QTYPE_SAFE:
+		case QTYPE_SCHNOOR:
+		case QTYPE_STRONG:
+		case QTYPE_UNKNOWN:
 			debug2("%10u: (%u)", count_in, in_type);
 			a = p;
 			BN_hex2bn(&a, cp);
 			/* q = (p-1) / 2 */
 			BN_rshift(q, p, 1);
 			break;
+		default:
+			debug2("Unknown prime type");
+			break;
 		}
 
 		/*
@@ -524,6 +533,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
 			in_tries += trials;
 		else
 			in_tries = trials;
+
 		/*
 		 * guess unknown generator
 		 */
@@ -535,9 +545,8 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
 			else {
 				u_int32_t r = BN_mod_word(p, 10);
 
-				if (r == 3 || r == 7) {
+				if (r == 3 || r == 7)
 					generator_known = 5;
-				}
 			}
 		}
 		/*
@@ -569,7 +578,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
 		 * vast majority of composite q's.
 		 */
 		if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) {
-			debug2("%10u: q failed first possible prime test",
+			debug("%10u: q failed first possible prime test",
 			    count_in);
 			continue;
 		}
@@ -582,7 +591,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
 		 * doesn't hurt to specify a high iteration count.
 		 */
 		if (!BN_is_prime(p, trials, NULL, ctx, NULL)) {
-			debug2("%10u: p is not prime", count_in);
+			debug("%10u: p is not prime", count_in);
 			continue;
 		}
 		debug("%10u: p is almost certainly prime", count_in);

ssh-keygen.1

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.60 2003/07/28 09:49:56 djm Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -89,12 +89,14 @@
 .Op Fl g
 .Nm ssh-keygen
 .Fl G Ar output_file
+.Op Fl v
 .Op Fl b Ar bits
 .Op Fl M Ar memory
 .Op Fl S Ar start_point
 .Nm ssh-keygen
 .Fl T Ar output_file
 .Fl f Ar input_file
+.Op Fl v
 .Op Fl a Ar num_trials
 .Op Fl W Ar generator
 .Sh DESCRIPTION
@@ -263,6 +265,16 @@ Specify desired generator when testing candidate moduli for DH-GEX.
 .It Fl U Ar reader
 Upload an existing RSA private key into the smartcard in
 .Ar reader .
+.It Fl v
+Verbose mode.
+Causes
+.Nm
+to print debugging messages about its progress.
+This is helpful for debugging moduli generation.
+Multiple
+.Fl v
+options increase the verbosity.
+The maximum is 3.
 .It Fl r Ar hostname
 Print DNS resource record with the specified
 .Ar hostname .

ssh-keygen.c

@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.112 2003/11/23 23:18:45 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -797,6 +797,7 @@ main(int ac, char **av)
 	int opt, type, fd, download = 0, memory = 0;
 	int generator_wanted = 0, trials = 100;
 	int do_gen_candidates = 0, do_screen_candidates = 0;
+	int log_level = SYSLOG_LEVEL_INFO;
 	BIGNUM *start = NULL;
 	FILE *f;
 
@@ -823,7 +824,7 @@ main(int ac, char **av)
 	}
 
 	while ((opt = getopt(ac, av,
-	    "degiqpclBRxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
+	    "degiqpclBRvxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
 		switch (opt) {
 		case 'b':
 			bits = atoi(optarg);
@@ -891,6 +892,15 @@ main(int ac, char **av)
 		case 'U':
 			reader_id = optarg;
 			break;
+		case 'v':
+			if (log_level == SYSLOG_LEVEL_INFO)
+				log_level = SYSLOG_LEVEL_DEBUG1;
+			else {
+				if (log_level >= SYSLOG_LEVEL_DEBUG1 && 
+				    log_level < SYSLOG_LEVEL_DEBUG3)
+					log_level++;
+			}
+			break;
 		case 'r':
 			resource_record_hostname = optarg;
 			break;
@@ -932,6 +942,10 @@ main(int ac, char **av)
 			usage();
 		}
 	}
+
+	/* reinit */
+	log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1);
+
 	if (optind < ac) {
 		printf("Too many arguments.\n");
 		usage();