tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- dtucker@cvs.openbsd.org 2012/07/06 00:41:59 

[moduli.c ssh-keygen.1 ssh-keygen.c]
     Add options to specify starting line number and number of lines to process
     when screening moduli candidates.  This allows processing of different
     parts of a candidate moduli file in parallel.  man page help jmc@, ok djm@
This commit is contained in:
Damien Miller 2012-07-06 13:44:19 +10:00
parent 77eab7b024
commit dfceafe8b1
4 changed files with 50 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -5,6 +5,12 @@
- (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
esperi.org.uk; ok dtucker@ esperi.org.uk; ok dtucker@
- (djm) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2012/07/06 00:41:59
[moduli.c ssh-keygen.1 ssh-keygen.c]
Add options to specify starting line number and number of lines to process
when screening moduli candidates. This allows processing of different
parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
20120704 20120704
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for

18
moduli.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: moduli.c,v 1.25 2011/10/19 00:06:10 djm Exp $ */ /* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */
/* /*
* Copyright 1994 Phil Karn <karn@qualcomm.com> * Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@ -140,7 +140,8 @@ static u_int32_t largebits, largememory; /* megabytes */
static BIGNUM *largebase; static BIGNUM *largebase;
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *); int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
unsigned long);
/* /*
* print moduli out in consistent form, * print moduli out in consistent form,
@ -495,14 +496,14 @@ read_checkpoint(char *cpfile)
*/ */
int int
prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
char *checkpoint_file) char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines)
{ {
BIGNUM *q, *p, *a; BIGNUM *q, *p, *a;
BN_CTX *ctx; BN_CTX *ctx;
char *cp, *lp; char *cp, *lp;
u_int32_t count_in = 0, count_out = 0, count_possible = 0; u_int32_t count_in = 0, count_out = 0, count_possible = 0;
u_int32_t generator_known, in_tests, in_tries, in_type, in_size; u_int32_t generator_known, in_tests, in_tries, in_type, in_size;
unsigned long last_processed = 0; unsigned long last_processed = 0, end_lineno;
time_t time_start, time_stop; time_t time_start, time_stop;
int res; int res;
@ -525,10 +526,17 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
if (checkpoint_file != NULL) if (checkpoint_file != NULL)
last_processed = read_checkpoint(checkpoint_file); last_processed = read_checkpoint(checkpoint_file);
if (start_lineno > last_processed)
last_processed = start_lineno;
if (num_lines == 0)
end_lineno = ULONG_MAX;
else
end_lineno = last_processed + num_lines;
debug2("process line %lu to line %lu", last_processed, end_lineno);
res = 0; res = 0;
lp = xmalloc(QLINESIZE + 1); lp = xmalloc(QLINESIZE + 1);
while (fgets(lp, QLINESIZE + 1, in) != NULL) { while (fgets(lp, QLINESIZE + 1, in) != NULL && count_in < end_lineno) {
count_in++; count_in++;
if (checkpoint_file != NULL) { if (checkpoint_file != NULL) {
if (count_in <= last_processed) { if (count_in <= last_processed) {

18
ssh-keygen.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.108 2011/10/16 11:02:46 dtucker Exp $ .\" $OpenBSD: ssh-keygen.1,v 1.109 2012/07/06 00:41:59 dtucker Exp $
.\" .\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: October 16 2011 $ .Dd $Mdocdate: July 6 2012 $
.Dt SSH-KEYGEN 1 .Dt SSH-KEYGEN 1
.Os .Os
.Sh NAME .Sh NAME
@ -104,6 +104,8 @@
.Fl f Ar input_file .Fl f Ar input_file
.Op Fl v .Op Fl v
.Op Fl a Ar num_trials .Op Fl a Ar num_trials
.Op Fl J Ar num_lines
.Op Fl j Ar start_line
.Op Fl K Ar checkpt .Op Fl K Ar checkpt
.Op Fl W Ar generator .Op Fl W Ar generator
.Nm ssh-keygen .Nm ssh-keygen
@ -297,6 +299,16 @@ in the format specified by the
.Fl m .Fl m
option and print an OpenSSH compatible private option and print an OpenSSH compatible private
(or public) key to stdout. (or public) key to stdout.
.It Fl J Ar num_lines
Exit after screening the specified number of lines
while performing DH candidate screening using the
.Fl T
option.
.It Fl j Ar start_line
Start screening at the specified line number
while performing DH candidate screening using the
.Fl T
option.
.It Fl K Ar checkpt .It Fl K Ar checkpt
Write the last line processed to the file Write the last line processed to the file
.Ar checkpt .Ar checkpt
@ -518,7 +530,7 @@ This may be overridden using the
.Fl S .Fl S
option, which specifies a different start point (in hex). option, which specifies a different start point (in hex).
.Pp .Pp
Once a set of candidates have been generated, they must be tested for Once a set of candidates have been generated, they must be screened for
suitability. suitability.
This may be performed using the This may be performed using the
.Fl T .Fl T

22
ssh-keygen.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.214 2012/05/23 03:28:28 djm Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.215 2012/07/06 00:41:59 dtucker Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -154,7 +154,8 @@ char hostname[MAXHOSTNAMELEN];
/* moduli.c */ /* moduli.c */
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *); int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
unsigned long);
static void static void
type_bits_valid(int type, u_int32_t *bitsp) type_bits_valid(int type, u_int32_t *bitsp)
@ -1888,6 +1889,8 @@ usage(void)
fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n");
fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); fprintf(stderr, " -I key_id Key identifier to include in certificate.\n");
fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n");
fprintf(stderr, " -J number Screen this number of moduli lines\n");
fprintf(stderr, " -j number Start screening moduli at specified line.\n");
fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); fprintf(stderr, " -K checkpt Write checkpoints to this file.\n");
fprintf(stderr, " -L Print the contents of a certificate.\n"); fprintf(stderr, " -L Print the contents of a certificate.\n");
fprintf(stderr, " -l Show fingerprint of key file.\n"); fprintf(stderr, " -l Show fingerprint of key file.\n");
@ -1930,6 +1933,7 @@ main(int argc, char **argv)
u_int32_t memory = 0, generator_wanted = 0, trials = 100; u_int32_t memory = 0, generator_wanted = 0, trials = 100;
int do_gen_candidates = 0, do_screen_candidates = 0; int do_gen_candidates = 0, do_screen_candidates = 0;
int gen_all_hostkeys = 0; int gen_all_hostkeys = 0;
unsigned long start_lineno = 0, lines_to_process = 0;
BIGNUM *start = NULL; BIGNUM *start = NULL;
FILE *f; FILE *f;
const char *errstr; const char *errstr;
@ -1958,8 +1962,8 @@ main(int argc, char **argv)
exit(1); exit(1);
} }
while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:K:P:m:N:n:" while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:J:j:K:P:"
"O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { "m:N:n:O:C:r:g:R:T:G:M:S:s:a:V:W:z")) != -1) {
switch (opt) { switch (opt) {
case 'A': case 'A':
gen_all_hostkeys = 1; gen_all_hostkeys = 1;
@ -1980,6 +1984,12 @@ main(int argc, char **argv)
case 'I': case 'I':
cert_key_id = optarg; cert_key_id = optarg;
break; break;
case 'J':
lines_to_process = strtoul(optarg, NULL, 10);
break;
case 'j':
start_lineno = strtoul(optarg, NULL, 10);
break;
case 'R': case 'R':
delete_host = 1; delete_host = 1;
rr_hostname = optarg; rr_hostname = optarg;
@ -2238,8 +2248,8 @@ main(int argc, char **argv)
fatal("Couldn't open moduli file \"%s\": %s", fatal("Couldn't open moduli file \"%s\": %s",
out_file, strerror(errno)); out_file, strerror(errno));
} }
if (prime_test(in, out, trials, generator_wanted, checkpoint) if (prime_test(in, out, trials, generator_wanted, checkpoint,
!= 0) start_lineno, lines_to_process) != 0)
fatal("modulus screening failed"); fatal("modulus screening failed");
return (0); return (0);
} }