commit 390d0561fccfba5e2e97105f75b70b32aab59578
author Damien Miller <djm@mindrot.org> Tue Oct 18 16:05:19 2011 +1100
committer Damien Miller <djm@mindrot.org> Tue Oct 18 16:05:19 2011 +1100
tree c1baadb7c116489ef2a6260d06fac81d66208c3e
parent d3e6990c4ca1e6c8ad9e66f5e57a2b4545dbc940

   - dtucker@cvs.openbsd.org 2011/10/16 11:02:46
     [moduli.c ssh-keygen.1 ssh-keygen.c]
     Add optional checkpoints for moduli screening.  feedback & ok deraadt

ssh-keygen.c

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 4b6218b..bd15ccc 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.210 2011/04/18 00:46:05 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.211 2011/10/16 11:02:46 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -154,7 +154,7 @@
 
 /* moduli.c */
 int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
-int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
+int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *);
 
 static void
 type_bits_valid(int type, u_int32_t *bitsp)
@@ -1881,6 +1881,7 @@
 	fprintf(stderr, "  -G file     Generate candidates for DH-GEX moduli.\n");
 	fprintf(stderr, "  -g          Use generic DNS resource record format.\n");
 	fprintf(stderr, "  -H          Hash names in known_hosts file.\n");
+	fprintf(stderr, "  -K checkpt  Write checkpoints to this file.\n");
 	fprintf(stderr, "  -h          Generate host certificate instead of a user certificate.\n");
 	fprintf(stderr, "  -I key_id   Key identifier to include in certificate.\n");
 	fprintf(stderr, "  -i          Import foreign format to OpenSSH key file.\n");
@@ -1916,6 +1917,7 @@
 main(int argc, char **argv)
 {
 	char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
+	char *checkpoint = NULL;
 	char out_file[MAXPATHLEN], *rr_hostname = NULL;
 	Key *private, *public;
 	struct passwd *pw;
@@ -1952,7 +1954,7 @@
 		exit(1);
 	}
 
-	while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:"
+	while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:K:P:m:N:n:"
 	    "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {
 		switch (opt) {
 		case 'A':
@@ -2103,6 +2105,11 @@
 			    sizeof(out_file))
 				fatal("Output filename too long");
 			break;
+		case 'K':
+			if (strlen(optarg) >= MAXPATHLEN)
+				fatal("Checkpoint filename too long");
+			checkpoint = xstrdup(optarg);
+			break;
 		case 'S':
 			/* XXX - also compare length against bits */
 			if (BN_hex2bn(&start, optarg) == 0)
@@ -2225,7 +2232,8 @@
 			fatal("Couldn't open moduli file \"%s\": %s",
 			    out_file, strerror(errno));
 		}
-		if (prime_test(in, out, trials, generator_wanted) != 0)
+		if (prime_test(in, out, trials, generator_wanted, checkpoint)
+		    != 0)
 			fatal("modulus screening failed");
 		return (0);
 	}