- djm@cvs.openbsd.org 2003/12/22 09:16:58
[moduli.c ssh-keygen.1 ssh-keygen.c]
tidy up moduli generation debugging, add -v (verbose/debug) option to
ssh-keygen; ok markus@
diff --git a/ChangeLog b/ChangeLog
index 0cd1a31..6209574 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20031231
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2003/12/22 09:16:58
+ [moduli.c ssh-keygen.1 ssh-keygen.c]
+ tidy up moduli generation debugging, add -v (verbose/debug) option to
+ ssh-keygen; ok markus@
+
20031219
- (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we
typedef size_t ourselves.
@@ -1616,4 +1623,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.3152 2003/12/18 23:58:43 dtucker Exp $
+$Id: ChangeLog,v 1.3153 2003/12/31 00:34:51 dtucker Exp $
diff --git a/moduli.c b/moduli.c
index 371319d..a09073a 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.4 2003/12/09 13:52:55 dtucker Exp $ */
+/* $OpenBSD: moduli.c,v 1.5 2003/12/22 09:16:57 djm Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -72,9 +72,10 @@
#define QTEST_JACOBI (0x08)
#define QTEST_ELLIPTIC (0x10)
-/* Size: decimal.
+/*
+ * Size: decimal.
* Specifies the number of the most significant bit (0 to M).
- ** WARNING: internally, usually 1 to N.
+ * WARNING: internally, usually 1 to N.
*/
#define QSIZE_MINIMUM (511)
@@ -169,7 +170,7 @@
{
u_int32_t r, u;
- debug2("sieve_large %u", s);
+ debug3("sieve_large %u", s);
largetries++;
/* r = largebase mod s */
r = BN_mod_word(largebase, s);
@@ -474,6 +475,7 @@
debug2("%10u: known composite", count_in);
continue;
}
+
/* tries */
in_tries = strtoul(cp, &cp, 10);
@@ -498,13 +500,20 @@
in_size += 1;
generator_known = 0;
break;
- default:
+ case QTYPE_UNSTRUCTURED:
+ case QTYPE_SAFE:
+ case QTYPE_SCHNOOR:
+ case QTYPE_STRONG:
+ case QTYPE_UNKNOWN:
debug2("%10u: (%u)", count_in, in_type);
a = p;
BN_hex2bn(&a, cp);
/* q = (p-1) / 2 */
BN_rshift(q, p, 1);
break;
+ default:
+ debug2("Unknown prime type");
+ break;
}
/*
@@ -524,6 +533,7 @@
in_tries += trials;
else
in_tries = trials;
+
/*
* guess unknown generator
*/
@@ -535,9 +545,8 @@
else {
u_int32_t r = BN_mod_word(p, 10);
- if (r == 3 || r == 7) {
+ if (r == 3 || r == 7)
generator_known = 5;
- }
}
}
/*
@@ -569,7 +578,7 @@
* vast majority of composite q's.
*/
if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) {
- debug2("%10u: q failed first possible prime test",
+ debug("%10u: q failed first possible prime test",
count_in);
continue;
}
@@ -582,7 +591,7 @@
* doesn't hurt to specify a high iteration count.
*/
if (!BN_is_prime(p, trials, NULL, ctx, NULL)) {
- debug2("%10u: p is not prime", count_in);
+ debug("%10u: p is not prime", count_in);
continue;
}
debug("%10u: p is almost certainly prime", count_in);
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index dc4bcac..6dd6154 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.60 2003/07/28 09:49:56 djm Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -89,12 +89,14 @@
.Op Fl g
.Nm ssh-keygen
.Fl G Ar output_file
+.Op Fl v
.Op Fl b Ar bits
.Op Fl M Ar memory
.Op Fl S Ar start_point
.Nm ssh-keygen
.Fl T Ar output_file
.Fl f Ar input_file
+.Op Fl v
.Op Fl a Ar num_trials
.Op Fl W Ar generator
.Sh DESCRIPTION
@@ -263,6 +265,16 @@
.It Fl U Ar reader
Upload an existing RSA private key into the smartcard in
.Ar reader .
+.It Fl v
+Verbose mode.
+Causes
+.Nm
+to print debugging messages about its progress.
+This is helpful for debugging moduli generation.
+Multiple
+.Fl v
+options increase the verbosity.
+The maximum is 3.
.It Fl r Ar hostname
Print DNS resource record with the specified
.Ar hostname .
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 961fd43..1156a01 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.112 2003/11/23 23:18:45 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -797,6 +797,7 @@
int opt, type, fd, download = 0, memory = 0;
int generator_wanted = 0, trials = 100;
int do_gen_candidates = 0, do_screen_candidates = 0;
+ int log_level = SYSLOG_LEVEL_INFO;
BIGNUM *start = NULL;
FILE *f;
@@ -823,7 +824,7 @@
}
while ((opt = getopt(ac, av,
- "degiqpclBRxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
+ "degiqpclBRvxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
switch (opt) {
case 'b':
bits = atoi(optarg);
@@ -891,6 +892,15 @@
case 'U':
reader_id = optarg;
break;
+ case 'v':
+ if (log_level == SYSLOG_LEVEL_INFO)
+ log_level = SYSLOG_LEVEL_DEBUG1;
+ else {
+ if (log_level >= SYSLOG_LEVEL_DEBUG1 &&
+ log_level < SYSLOG_LEVEL_DEBUG3)
+ log_level++;
+ }
+ break;
case 'r':
resource_record_hostname = optarg;
break;
@@ -932,6 +942,10 @@
usage();
}
}
+
+ /* reinit */
+ log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1);
+
if (optind < ac) {
printf("Too many arguments.\n");
usage();