- dtucker@cvs.openbsd.org 2012/07/06 00:41:59
[moduli.c ssh-keygen.1 ssh-keygen.c]
Add options to specify starting line number and number of lines to process
when screening moduli candidates. This allows processing of different
parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
diff --git a/ChangeLog b/ChangeLog
index 63045f0..0d876d2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,12 @@
- (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
esperi.org.uk; ok dtucker@
+- (djm) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2012/07/06 00:41:59
+ [moduli.c ssh-keygen.1 ssh-keygen.c]
+ Add options to specify starting line number and number of lines to process
+ when screening moduli candidates. This allows processing of different
+ parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
20120704
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
diff --git a/moduli.c b/moduli.c
index 973ee62..5267bb9 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.25 2011/10/19 00:06:10 djm Exp $ */
+/* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -140,7 +140,8 @@
static BIGNUM *largebase;
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
-int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *);
+int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
+ unsigned long);
/*
* print moduli out in consistent form,
@@ -495,14 +496,14 @@
*/
int
prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
- char *checkpoint_file)
+ char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines)
{
BIGNUM *q, *p, *a;
BN_CTX *ctx;
char *cp, *lp;
u_int32_t count_in = 0, count_out = 0, count_possible = 0;
u_int32_t generator_known, in_tests, in_tries, in_type, in_size;
- unsigned long last_processed = 0;
+ unsigned long last_processed = 0, end_lineno;
time_t time_start, time_stop;
int res;
@@ -525,10 +526,17 @@
if (checkpoint_file != NULL)
last_processed = read_checkpoint(checkpoint_file);
+ if (start_lineno > last_processed)
+ last_processed = start_lineno;
+ if (num_lines == 0)
+ end_lineno = ULONG_MAX;
+ else
+ end_lineno = last_processed + num_lines;
+ debug2("process line %lu to line %lu", last_processed, end_lineno);
res = 0;
lp = xmalloc(QLINESIZE + 1);
- while (fgets(lp, QLINESIZE + 1, in) != NULL) {
+ while (fgets(lp, QLINESIZE + 1, in) != NULL && count_in < end_lineno) {
count_in++;
if (checkpoint_file != NULL) {
if (count_in <= last_processed) {
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 41da207..03f927e 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.108 2011/10/16 11:02:46 dtucker Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.109 2012/07/06 00:41:59 dtucker Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: October 16 2011 $
+.Dd $Mdocdate: July 6 2012 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -104,6 +104,8 @@
.Fl f Ar input_file
.Op Fl v
.Op Fl a Ar num_trials
+.Op Fl J Ar num_lines
+.Op Fl j Ar start_line
.Op Fl K Ar checkpt
.Op Fl W Ar generator
.Nm ssh-keygen
@@ -297,6 +299,16 @@
.Fl m
option and print an OpenSSH compatible private
(or public) key to stdout.
+.It Fl J Ar num_lines
+Exit after screening the specified number of lines
+while performing DH candidate screening using the
+.Fl T
+option.
+.It Fl j Ar start_line
+Start screening at the specified line number
+while performing DH candidate screening using the
+.Fl T
+option.
.It Fl K Ar checkpt
Write the last line processed to the file
.Ar checkpt
@@ -518,7 +530,7 @@
.Fl S
option, which specifies a different start point (in hex).
.Pp
-Once a set of candidates have been generated, they must be tested for
+Once a set of candidates have been generated, they must be screened for
suitability.
This may be performed using the
.Fl T
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 9407321..57679ee 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.214 2012/05/23 03:28:28 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.215 2012/07/06 00:41:59 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -154,7 +154,8 @@
/* moduli.c */
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
-int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *);
+int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
+ unsigned long);
static void
type_bits_valid(int type, u_int32_t *bitsp)
@@ -1888,6 +1889,8 @@
fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n");
fprintf(stderr, " -I key_id Key identifier to include in certificate.\n");
fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n");
+ fprintf(stderr, " -J number Screen this number of moduli lines\n");
+ fprintf(stderr, " -j number Start screening moduli at specified line.\n");
fprintf(stderr, " -K checkpt Write checkpoints to this file.\n");
fprintf(stderr, " -L Print the contents of a certificate.\n");
fprintf(stderr, " -l Show fingerprint of key file.\n");
@@ -1930,6 +1933,7 @@
u_int32_t memory = 0, generator_wanted = 0, trials = 100;
int do_gen_candidates = 0, do_screen_candidates = 0;
int gen_all_hostkeys = 0;
+ unsigned long start_lineno = 0, lines_to_process = 0;
BIGNUM *start = NULL;
FILE *f;
const char *errstr;
@@ -1958,8 +1962,8 @@
exit(1);
}
- while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:K:P:m:N:n:"
- "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {
+ while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:J:j:K:P:"
+ "m:N:n:O:C:r:g:R:T:G:M:S:s:a:V:W:z")) != -1) {
switch (opt) {
case 'A':
gen_all_hostkeys = 1;
@@ -1980,6 +1984,12 @@
case 'I':
cert_key_id = optarg;
break;
+ case 'J':
+ lines_to_process = strtoul(optarg, NULL, 10);
+ break;
+ case 'j':
+ start_lineno = strtoul(optarg, NULL, 10);
+ break;
case 'R':
delete_host = 1;
rr_hostname = optarg;
@@ -2238,8 +2248,8 @@
fatal("Couldn't open moduli file \"%s\": %s",
out_file, strerror(errno));
}
- if (prime_test(in, out, trials, generator_wanted, checkpoint)
- != 0)
+ if (prime_test(in, out, trials, generator_wanted, checkpoint,
+ start_lineno, lines_to_process) != 0)
fatal("modulus screening failed");
return (0);
}