- djm@cvs.openbsd.org 2003/12/22 09:16:58

[moduli.c ssh-keygen.1 ssh-keygen.c]
     tidy up moduli generation debugging, add -v (verbose/debug) option to
     ssh-keygen; ok markus@
This commit is contained in:
Darren Tucker 2003-12-31 11:34:51 +11:00
parent 3715be3cd3
commit 06930c70ad
4 changed files with 55 additions and 13 deletions

View File

@ -1,3 +1,10 @@
20031231
- (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/12/22 09:16:58
[moduli.c ssh-keygen.1 ssh-keygen.c]
tidy up moduli generation debugging, add -v (verbose/debug) option to
ssh-keygen; ok markus@
20031219
- (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we
typedef size_t ourselves.
@ -1616,4 +1623,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
$Id: ChangeLog,v 1.3152 2003/12/18 23:58:43 dtucker Exp $
$Id: ChangeLog,v 1.3153 2003/12/31 00:34:51 dtucker Exp $

View File

@ -1,4 +1,4 @@
/* $OpenBSD: moduli.c,v 1.4 2003/12/09 13:52:55 dtucker Exp $ */
/* $OpenBSD: moduli.c,v 1.5 2003/12/22 09:16:57 djm Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@ -72,9 +72,10 @@
#define QTEST_JACOBI (0x08)
#define QTEST_ELLIPTIC (0x10)
/* Size: decimal.
/*
* Size: decimal.
* Specifies the number of the most significant bit (0 to M).
** WARNING: internally, usually 1 to N.
* WARNING: internally, usually 1 to N.
*/
#define QSIZE_MINIMUM (511)
@ -169,7 +170,7 @@ sieve_large(u_int32_t s)
{
u_int32_t r, u;
debug2("sieve_large %u", s);
debug3("sieve_large %u", s);
largetries++;
/* r = largebase mod s */
r = BN_mod_word(largebase, s);
@ -474,6 +475,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
debug2("%10u: known composite", count_in);
continue;
}
/* tries */
in_tries = strtoul(cp, &cp, 10);
@ -498,13 +500,20 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
in_size += 1;
generator_known = 0;
break;
default:
case QTYPE_UNSTRUCTURED:
case QTYPE_SAFE:
case QTYPE_SCHNOOR:
case QTYPE_STRONG:
case QTYPE_UNKNOWN:
debug2("%10u: (%u)", count_in, in_type);
a = p;
BN_hex2bn(&a, cp);
/* q = (p-1) / 2 */
BN_rshift(q, p, 1);
break;
default:
debug2("Unknown prime type");
break;
}
/*
@ -524,6 +533,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
in_tries += trials;
else
in_tries = trials;
/*
* guess unknown generator
*/
@ -535,11 +545,10 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
else {
u_int32_t r = BN_mod_word(p, 10);
if (r == 3 || r == 7) {
if (r == 3 || r == 7)
generator_known = 5;
}
}
}
/*
* skip tests when desired generator doesn't match
*/
@ -569,7 +578,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
* vast majority of composite q's.
*/
if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) {
debug2("%10u: q failed first possible prime test",
debug("%10u: q failed first possible prime test",
count_in);
continue;
}
@ -582,7 +591,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
* doesn't hurt to specify a high iteration count.
*/
if (!BN_is_prime(p, trials, NULL, ctx, NULL)) {
debug2("%10u: p is not prime", count_in);
debug("%10u: p is not prime", count_in);
continue;
}
debug("%10u: p is almost certainly prime", count_in);

View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.60 2003/07/28 09:49:56 djm Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $
.\"
.\" -*- nroff -*-
.\"
@ -89,12 +89,14 @@
.Op Fl g
.Nm ssh-keygen
.Fl G Ar output_file
.Op Fl v
.Op Fl b Ar bits
.Op Fl M Ar memory
.Op Fl S Ar start_point
.Nm ssh-keygen
.Fl T Ar output_file
.Fl f Ar input_file
.Op Fl v
.Op Fl a Ar num_trials
.Op Fl W Ar generator
.Sh DESCRIPTION
@ -263,6 +265,16 @@ Specify desired generator when testing candidate moduli for DH-GEX.
.It Fl U Ar reader
Upload an existing RSA private key into the smartcard in
.Ar reader .
.It Fl v
Verbose mode.
Causes
.Nm
to print debugging messages about its progress.
This is helpful for debugging moduli generation.
Multiple
.Fl v
options increase the verbosity.
The maximum is 3.
.It Fl r Ar hostname
Print DNS resource record with the specified
.Ar hostname .

View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.112 2003/11/23 23:18:45 djm Exp $");
RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@ -797,6 +797,7 @@ main(int ac, char **av)
int opt, type, fd, download = 0, memory = 0;
int generator_wanted = 0, trials = 100;
int do_gen_candidates = 0, do_screen_candidates = 0;
int log_level = SYSLOG_LEVEL_INFO;
BIGNUM *start = NULL;
FILE *f;
@ -823,7 +824,7 @@ main(int ac, char **av)
}
while ((opt = getopt(ac, av,
"degiqpclBRxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
"degiqpclBRvxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
switch (opt) {
case 'b':
bits = atoi(optarg);
@ -891,6 +892,15 @@ main(int ac, char **av)
case 'U':
reader_id = optarg;
break;
case 'v':
if (log_level == SYSLOG_LEVEL_INFO)
log_level = SYSLOG_LEVEL_DEBUG1;
else {
if (log_level >= SYSLOG_LEVEL_DEBUG1 &&
log_level < SYSLOG_LEVEL_DEBUG3)
log_level++;
}
break;
case 'r':
resource_record_hostname = optarg;
break;
@ -932,6 +942,10 @@ main(int ac, char **av)
usage();
}
}
/* reinit */
log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1);
if (optind < ac) {
printf("Too many arguments.\n");
usage();