- dtucker@cvs.openbsd.org 2012/07/06 00:41:59
[moduli.c ssh-keygen.1 ssh-keygen.c]
Add options to specify starting line number and number of lines to process
when screening moduli candidates. This allows processing of different
parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
This commit is contained in:
Damien Miller
parent
77eab7b024
commit
dfceafe8b1
|
|
@ -5,6 +5,12 @@
|
|||
- (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
|
||||
unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
|
||||
esperi.org.uk; ok dtucker@
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- dtucker@cvs.openbsd.org 2012/07/06 00:41:59
|
||||
[moduli.c ssh-keygen.1 ssh-keygen.c]
|
||||
Add options to specify starting line number and number of lines to process
|
||||
when screening moduli candidates. This allows processing of different
|
||||
parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
|
||||
|
||||
20120704
|
||||
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
|
||||
|
|
|
|||
18
moduli.c
18
moduli.c
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: moduli.c,v 1.25 2011/10/19 00:06:10 djm Exp $ */
|
||||
/* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright 1994 Phil Karn <karn@qualcomm.com>
|
||||
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
|
||||
|
|
@ -140,7 +140,8 @@ static u_int32_t largebits, largememory; /* megabytes */
|
|||
static BIGNUM *largebase;
|
||||
|
||||
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
|
||||
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *);
|
||||
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
|
||||
unsigned long);
|
||||
|
||||
/*
|
||||
* print moduli out in consistent form,
|
||||
|
|
@ -495,14 +496,14 @@ read_checkpoint(char *cpfile)
|
|||
*/
|
||||
int
|
||||
prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
|
||||
char *checkpoint_file)
|
||||
char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines)
|
||||
{
|
||||
BIGNUM *q, *p, *a;
|
||||
BN_CTX *ctx;
|
||||
char *cp, *lp;
|
||||
u_int32_t count_in = 0, count_out = 0, count_possible = 0;
|
||||
u_int32_t generator_known, in_tests, in_tries, in_type, in_size;
|
||||
unsigned long last_processed = 0;
|
||||
unsigned long last_processed = 0, end_lineno;
|
||||
time_t time_start, time_stop;
|
||||
int res;
|
||||
|
||||
|
|
@ -525,10 +526,17 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
|
|||
|
||||
if (checkpoint_file != NULL)
|
||||
last_processed = read_checkpoint(checkpoint_file);
|
||||
if (start_lineno > last_processed)
|
||||
last_processed = start_lineno;
|
||||
if (num_lines == 0)
|
||||
end_lineno = ULONG_MAX;
|
||||
else
|
||||
end_lineno = last_processed + num_lines;
|
||||
debug2("process line %lu to line %lu", last_processed, end_lineno);
|
||||
|
||||
res = 0;
|
||||
lp = xmalloc(QLINESIZE + 1);
|
||||
while (fgets(lp, QLINESIZE + 1, in) != NULL) {
|
||||
while (fgets(lp, QLINESIZE + 1, in) != NULL && count_in < end_lineno) {
|
||||
count_in++;
|
||||
if (checkpoint_file != NULL) {
|
||||
if (count_in <= last_processed) {
|
||||
|
|
|
|||
18
ssh-keygen.1
18
ssh-keygen.1
|
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: ssh-keygen.1,v 1.108 2011/10/16 11:02:46 dtucker Exp $
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.109 2012/07/06 00:41:59 dtucker Exp $
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
|
@ -35,7 +35,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: October 16 2011 $
|
||||
.Dd $Mdocdate: July 6 2012 $
|
||||
.Dt SSH-KEYGEN 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -104,6 +104,8 @@
|
|||
.Fl f Ar input_file
|
||||
.Op Fl v
|
||||
.Op Fl a Ar num_trials
|
||||
.Op Fl J Ar num_lines
|
||||
.Op Fl j Ar start_line
|
||||
.Op Fl K Ar checkpt
|
||||
.Op Fl W Ar generator
|
||||
.Nm ssh-keygen
|
||||
|
|
@ -297,6 +299,16 @@ in the format specified by the
|
|||
.Fl m
|
||||
option and print an OpenSSH compatible private
|
||||
(or public) key to stdout.
|
||||
.It Fl J Ar num_lines
|
||||
Exit after screening the specified number of lines
|
||||
while performing DH candidate screening using the
|
||||
.Fl T
|
||||
option.
|
||||
.It Fl j Ar start_line
|
||||
Start screening at the specified line number
|
||||
while performing DH candidate screening using the
|
||||
.Fl T
|
||||
option.
|
||||
.It Fl K Ar checkpt
|
||||
Write the last line processed to the file
|
||||
.Ar checkpt
|
||||
|
|
@ -518,7 +530,7 @@ This may be overridden using the
|
|||
.Fl S
|
||||
option, which specifies a different start point (in hex).
|
||||
.Pp
|
||||
Once a set of candidates have been generated, they must be tested for
|
||||
Once a set of candidates have been generated, they must be screened for
|
||||
suitability.
|
||||
This may be performed using the
|
||||
.Fl T
|
||||
|
|
|
|||
22
ssh-keygen.c
22
ssh-keygen.c
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-keygen.c,v 1.214 2012/05/23 03:28:28 djm Exp $ */
|
||||
/* $OpenBSD: ssh-keygen.c,v 1.215 2012/07/06 00:41:59 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
|
@ -154,7 +154,8 @@ char hostname[MAXHOSTNAMELEN];
|
|||
|
||||
/* moduli.c */
|
||||
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
|
||||
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *);
|
||||
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
|
||||
unsigned long);
|
||||
|
||||
static void
|
||||
type_bits_valid(int type, u_int32_t *bitsp)
|
||||
|
|
@ -1888,6 +1889,8 @@ usage(void)
|
|||
fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n");
|
||||
fprintf(stderr, " -I key_id Key identifier to include in certificate.\n");
|
||||
fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n");
|
||||
fprintf(stderr, " -J number Screen this number of moduli lines\n");
|
||||
fprintf(stderr, " -j number Start screening moduli at specified line.\n");
|
||||
fprintf(stderr, " -K checkpt Write checkpoints to this file.\n");
|
||||
fprintf(stderr, " -L Print the contents of a certificate.\n");
|
||||
fprintf(stderr, " -l Show fingerprint of key file.\n");
|
||||
|
|
@ -1930,6 +1933,7 @@ main(int argc, char **argv)
|
|||
u_int32_t memory = 0, generator_wanted = 0, trials = 100;
|
||||
int do_gen_candidates = 0, do_screen_candidates = 0;
|
||||
int gen_all_hostkeys = 0;
|
||||
unsigned long start_lineno = 0, lines_to_process = 0;
|
||||
BIGNUM *start = NULL;
|
||||
FILE *f;
|
||||
const char *errstr;
|
||||
|
|
@ -1958,8 +1962,8 @@ main(int argc, char **argv)
|
|||
exit(1);
|
||||
}
|
||||
|
||||
while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:K:P:m:N:n:"
|
||||
"O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {
|
||||
while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:J:j:K:P:"
|
||||
"m:N:n:O:C:r:g:R:T:G:M:S:s:a:V:W:z")) != -1) {
|
||||
switch (opt) {
|
||||
case 'A':
|
||||
gen_all_hostkeys = 1;
|
||||
|
|
@ -1980,6 +1984,12 @@ main(int argc, char **argv)
|
|||
case 'I':
|
||||
cert_key_id = optarg;
|
||||
break;
|
||||
case 'J':
|
||||
lines_to_process = strtoul(optarg, NULL, 10);
|
||||
break;
|
||||
case 'j':
|
||||
start_lineno = strtoul(optarg, NULL, 10);
|
||||
break;
|
||||
case 'R':
|
||||
delete_host = 1;
|
||||
rr_hostname = optarg;
|
||||
|
|
@ -2238,8 +2248,8 @@ main(int argc, char **argv)
|
|||
fatal("Couldn't open moduli file \"%s\": %s",
|
||||
out_file, strerror(errno));
|
||||
}
|
||||
if (prime_test(in, out, trials, generator_wanted, checkpoint)
|
||||
!= 0)
|
||||
if (prime_test(in, out, trials, generator_wanted, checkpoint,
|
||||
start_lineno, lines_to_process) != 0)
|
||||
fatal("modulus screening failed");
|
||||
return (0);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue