- dtucker@cvs.openbsd.org 2012/07/06 00:41:59

     [moduli.c ssh-keygen.1 ssh-keygen.c]
     Add options to specify starting line number and number of lines to process
     when screening moduli candidates.  This allows processing of different
     parts of a candidate moduli file in parallel.  man page help jmc@, ok djm@

4 files changed, 50 insertions, 14 deletions

diff --git a/ChangeLog b/ChangeLog
index 63045f048..0d876d2ae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,12 @@
  - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
    unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
    esperi.org.uk; ok dtucker@
+- (djm) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2012/07/06 00:41:59
+     [moduli.c ssh-keygen.1 ssh-keygen.c]
+     Add options to specify starting line number and number of lines to process
+     when screening moduli candidates.  This allows processing of different
+     parts of a candidate moduli file in parallel.  man page help jmc@, ok djm@
 
 20120704
  - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
diff --git a/moduli.c b/moduli.c
index 973ee6288..5267bb9ab 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.25 2011/10/19 00:06:10 djm Exp $ */
+/* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -140,7 +140,8 @@ static u_int32_t largebits, largememory;	/* megabytes */
 static BIGNUM *largebase;
 
 int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
-int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *);
+int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
+    unsigned long);
 
 /*
  * print moduli out in consistent form,
@@ -495,14 +496,14 @@ read_checkpoint(char *cpfile)
  */
 int
 prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
-    char *checkpoint_file)
+    char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines)
 {
         BIGNUM *q, *p, *a;
         BN_CTX *ctx;
         char *cp, *lp;
         u_int32_t count_in = 0, count_out = 0, count_possible = 0;
         u_int32_t generator_known, in_tests, in_tries, in_type, in_size;
-        unsigned long last_processed = 0;
+        unsigned long last_processed = 0, end_lineno;
         time_t time_start, time_stop;
         int res;
 
@@ -525,10 +526,17 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
 
         if (checkpoint_file != NULL)
                 last_processed = read_checkpoint(checkpoint_file);
+        if (start_lineno > last_processed)
+                last_processed = start_lineno;
+        if (num_lines == 0)
+                end_lineno = ULONG_MAX;
+        else
+                end_lineno = last_processed + num_lines;
+        debug2("process line %lu to line %lu", last_processed, end_lineno);
 
         res = 0;
         lp = xmalloc(QLINESIZE + 1);
-        while (fgets(lp, QLINESIZE + 1, in) != NULL) {
+        while (fgets(lp, QLINESIZE + 1, in) != NULL && count_in < end_lineno) {
                 count_in++;
                 if (checkpoint_file != NULL) {
                         if (count_in <= last_processed) {
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 41da2077b..03f927edf 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.108 2011/10/16 11:02:46 dtucker Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.109 2012/07/06 00:41:59 dtucker Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 16 2011 $
+.Dd $Mdocdate: July 6 2012 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -104,6 +104,8 @@
 .Fl f Ar input_file
 .Op Fl v
 .Op Fl a Ar num_trials
+.Op Fl J Ar num_lines
+.Op Fl j Ar start_line
 .Op Fl K Ar checkpt
 .Op Fl W Ar generator
 .Nm ssh-keygen
@@ -297,6 +299,16 @@ in the format specified by the
 .Fl m
 option and print an OpenSSH compatible private
 (or public) key to stdout.
+.It Fl J Ar num_lines
+Exit after screening the specified number of lines
+while performing DH candidate screening using the
+.Fl T
+option.
+.It Fl j Ar start_line
+Start screening at the specified line number
+while performing DH candidate screening using the
+.Fl T
+option.
 .It Fl K Ar checkpt
 Write the last line processed to the file
 .Ar checkpt
@@ -518,7 +530,7 @@ This may be overridden using the
 .Fl S
 option, which specifies a different start point (in hex).
 .Pp
-Once a set of candidates have been generated, they must be tested for
+Once a set of candidates have been generated, they must be screened for
 suitability.
 This may be performed using the
 .Fl T
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 9407321d5..57679ee43 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.214 2012/05/23 03:28:28 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.215 2012/07/06 00:41:59 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -154,7 +154,8 @@ char hostname[MAXHOSTNAMELEN];
 
 /* moduli.c */
 int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
-int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *);
+int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
+    unsigned long);
 
 static void
 type_bits_valid(int type, u_int32_t *bitsp)
@@ -1888,6 +1889,8 @@ usage(void)
         fprintf(stderr, "  -h          Generate host certificate instead of a user certificate.\n");
         fprintf(stderr, "  -I key_id   Key identifier to include in certificate.\n");
         fprintf(stderr, "  -i          Import foreign format to OpenSSH key file.\n");
+        fprintf(stderr, "  -J number   Screen this number of moduli lines\n");
+        fprintf(stderr, "  -j number   Start screening moduli at specified line.\n");
         fprintf(stderr, "  -K checkpt  Write checkpoints to this file.\n");
         fprintf(stderr, "  -L          Print the contents of a certificate.\n");
         fprintf(stderr, "  -l          Show fingerprint of key file.\n");
@@ -1930,6 +1933,7 @@ main(int argc, char **argv)
         u_int32_t memory = 0, generator_wanted = 0, trials = 100;
         int do_gen_candidates = 0, do_screen_candidates = 0;
         int gen_all_hostkeys = 0;
+        unsigned long start_lineno = 0, lines_to_process = 0;
         BIGNUM *start = NULL;
         FILE *f;
         const char *errstr;
@@ -1958,8 +1962,8 @@ main(int argc, char **argv)
                 exit(1);
         }
 
-        while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:K:P:m:N:n:"
-            "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {
+        while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:J:j:K:P:"
+            "m:N:n:O:C:r:g:R:T:G:M:S:s:a:V:W:z")) != -1) {
                 switch (opt) {
                 case 'A':
                         gen_all_hostkeys = 1;
@@ -1980,6 +1984,12 @@ main(int argc, char **argv)
                 case 'I':
                         cert_key_id = optarg;
                         break;
+                case 'J':
+                        lines_to_process = strtoul(optarg, NULL, 10);
+                        break;
+                case 'j':
+                        start_lineno = strtoul(optarg, NULL, 10);
+                        break;
                 case 'R':
                         delete_host = 1;
                         rr_hostname = optarg;
@@ -2238,8 +2248,8 @@ main(int argc, char **argv)
                         fatal("Couldn't open moduli file \"%s\": %s",
                             out_file, strerror(errno));
                 }
-                if (prime_test(in, out, trials, generator_wanted, checkpoint)
-                    != 0)
+                if (prime_test(in, out, trials, generator_wanted, checkpoint,
+                    start_lineno, lines_to_process) != 0)
                         fatal("modulus screening failed");
                 return (0);
         }