From 06930c70ad47744dd96955a6a1b75df7c5eebc3b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 31 Dec 2003 11:34:51 +1100 Subject: [PATCH] - djm@cvs.openbsd.org 2003/12/22 09:16:58 [moduli.c ssh-keygen.1 ssh-keygen.c] tidy up moduli generation debugging, add -v (verbose/debug) option to ssh-keygen; ok markus@ --- ChangeLog | 9 ++++++++- moduli.c | 27 ++++++++++++++++++--------- ssh-keygen.1 | 14 +++++++++++++- ssh-keygen.c | 18 ++++++++++++++++-- 4 files changed, 55 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0cd1a31c9..62095746d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20031231 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2003/12/22 09:16:58 + [moduli.c ssh-keygen.1 ssh-keygen.c] + tidy up moduli generation debugging, add -v (verbose/debug) option to + ssh-keygen; ok markus@ + 20031219 - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we typedef size_t ourselves. @@ -1616,4 +1623,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3152 2003/12/18 23:58:43 dtucker Exp $ +$Id: ChangeLog,v 1.3153 2003/12/31 00:34:51 dtucker Exp $ diff --git a/moduli.c b/moduli.c index 371319d0f..a09073aed 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.4 2003/12/09 13:52:55 dtucker Exp $ */ +/* $OpenBSD: moduli.c,v 1.5 2003/12/22 09:16:57 djm Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -72,9 +72,10 @@ #define QTEST_JACOBI (0x08) #define QTEST_ELLIPTIC (0x10) -/* Size: decimal. +/* + * Size: decimal. * Specifies the number of the most significant bit (0 to M). - ** WARNING: internally, usually 1 to N. + * WARNING: internally, usually 1 to N. */ #define QSIZE_MINIMUM (511) @@ -169,7 +170,7 @@ sieve_large(u_int32_t s) { u_int32_t r, u; - debug2("sieve_large %u", s); + debug3("sieve_large %u", s); largetries++; /* r = largebase mod s */ r = BN_mod_word(largebase, s); @@ -474,6 +475,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, debug2("%10u: known composite", count_in); continue; } + /* tries */ in_tries = strtoul(cp, &cp, 10); @@ -498,13 +500,20 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, in_size += 1; generator_known = 0; break; - default: + case QTYPE_UNSTRUCTURED: + case QTYPE_SAFE: + case QTYPE_SCHNOOR: + case QTYPE_STRONG: + case QTYPE_UNKNOWN: debug2("%10u: (%u)", count_in, in_type); a = p; BN_hex2bn(&a, cp); /* q = (p-1) / 2 */ BN_rshift(q, p, 1); break; + default: + debug2("Unknown prime type"); + break; } /* @@ -524,6 +533,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, in_tries += trials; else in_tries = trials; + /* * guess unknown generator */ @@ -535,9 +545,8 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, else { u_int32_t r = BN_mod_word(p, 10); - if (r == 3 || r == 7) { + if (r == 3 || r == 7) generator_known = 5; - } } } /* @@ -569,7 +578,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, * vast majority of composite q's. */ if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) { - debug2("%10u: q failed first possible prime test", + debug("%10u: q failed first possible prime test", count_in); continue; } @@ -582,7 +591,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, * doesn't hurt to specify a high iteration count. */ if (!BN_is_prime(p, trials, NULL, ctx, NULL)) { - debug2("%10u: p is not prime", count_in); + debug("%10u: p is not prime", count_in); continue; } debug("%10u: p is almost certainly prime", count_in); diff --git a/ssh-keygen.1 b/ssh-keygen.1 index dc4bcacd0..6dd615428 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.60 2003/07/28 09:49:56 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $ .\" .\" -*- nroff -*- .\" @@ -89,12 +89,14 @@ .Op Fl g .Nm ssh-keygen .Fl G Ar output_file +.Op Fl v .Op Fl b Ar bits .Op Fl M Ar memory .Op Fl S Ar start_point .Nm ssh-keygen .Fl T Ar output_file .Fl f Ar input_file +.Op Fl v .Op Fl a Ar num_trials .Op Fl W Ar generator .Sh DESCRIPTION @@ -263,6 +265,16 @@ Specify desired generator when testing candidate moduli for DH-GEX. .It Fl U Ar reader Upload an existing RSA private key into the smartcard in .Ar reader . +.It Fl v +Verbose mode. +Causes +.Nm +to print debugging messages about its progress. +This is helpful for debugging moduli generation. +Multiple +.Fl v +options increase the verbosity. +The maximum is 3. .It Fl r Ar hostname Print DNS resource record with the specified .Ar hostname . diff --git a/ssh-keygen.c b/ssh-keygen.c index 961fd43e5..1156a010a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.112 2003/11/23 23:18:45 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $"); #include #include @@ -797,6 +797,7 @@ main(int ac, char **av) int opt, type, fd, download = 0, memory = 0; int generator_wanted = 0, trials = 100; int do_gen_candidates = 0, do_screen_candidates = 0; + int log_level = SYSLOG_LEVEL_INFO; BIGNUM *start = NULL; FILE *f; @@ -823,7 +824,7 @@ main(int ac, char **av) } while ((opt = getopt(ac, av, - "degiqpclBRxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) { + "degiqpclBRvxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) { switch (opt) { case 'b': bits = atoi(optarg); @@ -891,6 +892,15 @@ main(int ac, char **av) case 'U': reader_id = optarg; break; + case 'v': + if (log_level == SYSLOG_LEVEL_INFO) + log_level = SYSLOG_LEVEL_DEBUG1; + else { + if (log_level >= SYSLOG_LEVEL_DEBUG1 && + log_level < SYSLOG_LEVEL_DEBUG3) + log_level++; + } + break; case 'r': resource_record_hostname = optarg; break; @@ -932,6 +942,10 @@ main(int ac, char **av) usage(); } } + + /* reinit */ + log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1); + if (optind < ac) { printf("Too many arguments.\n"); usage();