mirror of git://anongit.mindrot.org/openssh.git
- djm@cvs.openbsd.org 2003/12/22 09:16:58
[moduli.c ssh-keygen.1 ssh-keygen.c] tidy up moduli generation debugging, add -v (verbose/debug) option to ssh-keygen; ok markus@
This commit is contained in:
parent
3715be3cd3
commit
06930c70ad
|
@ -1,3 +1,10 @@
|
|||
20031231
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2003/12/22 09:16:58
|
||||
[moduli.c ssh-keygen.1 ssh-keygen.c]
|
||||
tidy up moduli generation debugging, add -v (verbose/debug) option to
|
||||
ssh-keygen; ok markus@
|
||||
|
||||
20031219
|
||||
- (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we
|
||||
typedef size_t ourselves.
|
||||
|
@ -1616,4 +1623,4 @@
|
|||
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
||||
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
||||
|
||||
$Id: ChangeLog,v 1.3152 2003/12/18 23:58:43 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.3153 2003/12/31 00:34:51 dtucker Exp $
|
||||
|
|
27
moduli.c
27
moduli.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: moduli.c,v 1.4 2003/12/09 13:52:55 dtucker Exp $ */
|
||||
/* $OpenBSD: moduli.c,v 1.5 2003/12/22 09:16:57 djm Exp $ */
|
||||
/*
|
||||
* Copyright 1994 Phil Karn <karn@qualcomm.com>
|
||||
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
|
||||
|
@ -72,9 +72,10 @@
|
|||
#define QTEST_JACOBI (0x08)
|
||||
#define QTEST_ELLIPTIC (0x10)
|
||||
|
||||
/* Size: decimal.
|
||||
/*
|
||||
* Size: decimal.
|
||||
* Specifies the number of the most significant bit (0 to M).
|
||||
** WARNING: internally, usually 1 to N.
|
||||
* WARNING: internally, usually 1 to N.
|
||||
*/
|
||||
#define QSIZE_MINIMUM (511)
|
||||
|
||||
|
@ -169,7 +170,7 @@ sieve_large(u_int32_t s)
|
|||
{
|
||||
u_int32_t r, u;
|
||||
|
||||
debug2("sieve_large %u", s);
|
||||
debug3("sieve_large %u", s);
|
||||
largetries++;
|
||||
/* r = largebase mod s */
|
||||
r = BN_mod_word(largebase, s);
|
||||
|
@ -474,6 +475,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
|
|||
debug2("%10u: known composite", count_in);
|
||||
continue;
|
||||
}
|
||||
|
||||
/* tries */
|
||||
in_tries = strtoul(cp, &cp, 10);
|
||||
|
||||
|
@ -498,13 +500,20 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
|
|||
in_size += 1;
|
||||
generator_known = 0;
|
||||
break;
|
||||
default:
|
||||
case QTYPE_UNSTRUCTURED:
|
||||
case QTYPE_SAFE:
|
||||
case QTYPE_SCHNOOR:
|
||||
case QTYPE_STRONG:
|
||||
case QTYPE_UNKNOWN:
|
||||
debug2("%10u: (%u)", count_in, in_type);
|
||||
a = p;
|
||||
BN_hex2bn(&a, cp);
|
||||
/* q = (p-1) / 2 */
|
||||
BN_rshift(q, p, 1);
|
||||
break;
|
||||
default:
|
||||
debug2("Unknown prime type");
|
||||
break;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -524,6 +533,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
|
|||
in_tries += trials;
|
||||
else
|
||||
in_tries = trials;
|
||||
|
||||
/*
|
||||
* guess unknown generator
|
||||
*/
|
||||
|
@ -535,11 +545,10 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
|
|||
else {
|
||||
u_int32_t r = BN_mod_word(p, 10);
|
||||
|
||||
if (r == 3 || r == 7) {
|
||||
if (r == 3 || r == 7)
|
||||
generator_known = 5;
|
||||
}
|
||||
}
|
||||
}
|
||||
/*
|
||||
* skip tests when desired generator doesn't match
|
||||
*/
|
||||
|
@ -569,7 +578,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
|
|||
* vast majority of composite q's.
|
||||
*/
|
||||
if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) {
|
||||
debug2("%10u: q failed first possible prime test",
|
||||
debug("%10u: q failed first possible prime test",
|
||||
count_in);
|
||||
continue;
|
||||
}
|
||||
|
@ -582,7 +591,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
|
|||
* doesn't hurt to specify a high iteration count.
|
||||
*/
|
||||
if (!BN_is_prime(p, trials, NULL, ctx, NULL)) {
|
||||
debug2("%10u: p is not prime", count_in);
|
||||
debug("%10u: p is not prime", count_in);
|
||||
continue;
|
||||
}
|
||||
debug("%10u: p is almost certainly prime", count_in);
|
||||
|
|
14
ssh-keygen.1
14
ssh-keygen.1
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: ssh-keygen.1,v 1.60 2003/07/28 09:49:56 djm Exp $
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $
|
||||
.\"
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
|
@ -89,12 +89,14 @@
|
|||
.Op Fl g
|
||||
.Nm ssh-keygen
|
||||
.Fl G Ar output_file
|
||||
.Op Fl v
|
||||
.Op Fl b Ar bits
|
||||
.Op Fl M Ar memory
|
||||
.Op Fl S Ar start_point
|
||||
.Nm ssh-keygen
|
||||
.Fl T Ar output_file
|
||||
.Fl f Ar input_file
|
||||
.Op Fl v
|
||||
.Op Fl a Ar num_trials
|
||||
.Op Fl W Ar generator
|
||||
.Sh DESCRIPTION
|
||||
|
@ -263,6 +265,16 @@ Specify desired generator when testing candidate moduli for DH-GEX.
|
|||
.It Fl U Ar reader
|
||||
Upload an existing RSA private key into the smartcard in
|
||||
.Ar reader .
|
||||
.It Fl v
|
||||
Verbose mode.
|
||||
Causes
|
||||
.Nm
|
||||
to print debugging messages about its progress.
|
||||
This is helpful for debugging moduli generation.
|
||||
Multiple
|
||||
.Fl v
|
||||
options increase the verbosity.
|
||||
The maximum is 3.
|
||||
.It Fl r Ar hostname
|
||||
Print DNS resource record with the specified
|
||||
.Ar hostname .
|
||||
|
|
18
ssh-keygen.c
18
ssh-keygen.c
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.112 2003/11/23 23:18:45 djm Exp $");
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
|
@ -797,6 +797,7 @@ main(int ac, char **av)
|
|||
int opt, type, fd, download = 0, memory = 0;
|
||||
int generator_wanted = 0, trials = 100;
|
||||
int do_gen_candidates = 0, do_screen_candidates = 0;
|
||||
int log_level = SYSLOG_LEVEL_INFO;
|
||||
BIGNUM *start = NULL;
|
||||
FILE *f;
|
||||
|
||||
|
@ -823,7 +824,7 @@ main(int ac, char **av)
|
|||
}
|
||||
|
||||
while ((opt = getopt(ac, av,
|
||||
"degiqpclBRxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
|
||||
"degiqpclBRvxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
|
||||
switch (opt) {
|
||||
case 'b':
|
||||
bits = atoi(optarg);
|
||||
|
@ -891,6 +892,15 @@ main(int ac, char **av)
|
|||
case 'U':
|
||||
reader_id = optarg;
|
||||
break;
|
||||
case 'v':
|
||||
if (log_level == SYSLOG_LEVEL_INFO)
|
||||
log_level = SYSLOG_LEVEL_DEBUG1;
|
||||
else {
|
||||
if (log_level >= SYSLOG_LEVEL_DEBUG1 &&
|
||||
log_level < SYSLOG_LEVEL_DEBUG3)
|
||||
log_level++;
|
||||
}
|
||||
break;
|
||||
case 'r':
|
||||
resource_record_hostname = optarg;
|
||||
break;
|
||||
|
@ -932,6 +942,10 @@ main(int ac, char **av)
|
|||
usage();
|
||||
}
|
||||
}
|
||||
|
||||
/* reinit */
|
||||
log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1);
|
||||
|
||||
if (optind < ac) {
|
||||
printf("Too many arguments.\n");
|
||||
usage();
|
||||
|
|
Loading…
Reference in New Issue