- djm@cvs.openbsd.org 2003/12/22 09:16:58

     [moduli.c ssh-keygen.1 ssh-keygen.c]
     tidy up moduli generation debugging, add -v (verbose/debug) option to
     ssh-keygen; ok markus@

4 files changed, 55 insertions, 13 deletions

diff --git a/ChangeLog b/ChangeLog
index 0cd1a31c9..62095746d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20031231
+ - (dtucker) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2003/12/22 09:16:58
+     [moduli.c ssh-keygen.1 ssh-keygen.c]
+     tidy up moduli generation debugging, add -v (verbose/debug) option to
+     ssh-keygen; ok markus@
+
 20031219
  - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we
    typedef size_t ourselves.
@@ -1616,4 +1623,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3152 2003/12/18 23:58:43 dtucker Exp $
+$Id: ChangeLog,v 1.3153 2003/12/31 00:34:51 dtucker Exp $
diff --git a/moduli.c b/moduli.c
index 371319d0f..a09073aed 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.4 2003/12/09 13:52:55 dtucker Exp $ */
+/* $OpenBSD: moduli.c,v 1.5 2003/12/22 09:16:57 djm Exp $ */
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -72,9 +72,10 @@
 #define QTEST_JACOBI            (0x08)
 #define QTEST_ELLIPTIC          (0x10)
 
-/* Size: decimal.
+/*
+ * Size: decimal.
  * Specifies the number of the most significant bit (0 to M).
- ** WARNING: internally, usually 1 to N.
+ * WARNING: internally, usually 1 to N.
  */
 #define QSIZE_MINIMUM           (511)
 
@@ -169,7 +170,7 @@ sieve_large(u_int32_t s)
 {
         u_int32_t r, u;
 
-        debug2("sieve_large %u", s);
+        debug3("sieve_large %u", s);
         largetries++;
         /* r = largebase mod s */
         r = BN_mod_word(largebase, s);
@@ -474,6 +475,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
                         debug2("%10u: known composite", count_in);
                         continue;
                 }
+
                 /* tries */
                 in_tries = strtoul(cp, &cp, 10);
 
@@ -498,13 +500,20 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
                         in_size += 1;
                         generator_known = 0;
                         break;
-                default:
+                case QTYPE_UNSTRUCTURED:
+                case QTYPE_SAFE:
+                case QTYPE_SCHNOOR:
+                case QTYPE_STRONG:
+                case QTYPE_UNKNOWN:
                         debug2("%10u: (%u)", count_in, in_type);
                         a = p;
                         BN_hex2bn(&a, cp);
                         /* q = (p-1) / 2 */
                         BN_rshift(q, p, 1);
                         break;
+                default:
+                        debug2("Unknown prime type");
+                        break;
                 }
 
                 /*
@@ -524,6 +533,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
                         in_tries += trials;
                 else
                         in_tries = trials;
+
                 /*
                  * guess unknown generator
                  */
@@ -535,9 +545,8 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
                         else {
                                 u_int32_t r = BN_mod_word(p, 10);
 
-                                if (r == 3 || r == 7) {
+                                if (r == 3 || r == 7)
                                         generator_known = 5;
-                                }
                         }
                 }
                 /*
@@ -569,7 +578,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
                  * vast majority of composite q's.
                  */
                 if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) {
-                        debug2("%10u: q failed first possible prime test",
+                        debug("%10u: q failed first possible prime test",
                             count_in);
                         continue;
                 }
@@ -582,7 +591,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
                  * doesn't hurt to specify a high iteration count.
                  */
                 if (!BN_is_prime(p, trials, NULL, ctx, NULL)) {
-                        debug2("%10u: p is not prime", count_in);
+                        debug("%10u: p is not prime", count_in);
                         continue;
                 }
                 debug("%10u: p is almost certainly prime", count_in);
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index dc4bcacd0..6dd615428 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.60 2003/07/28 09:49:56 djm Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -89,12 +89,14 @@
 .Op Fl g
 .Nm ssh-keygen
 .Fl G Ar output_file
+.Op Fl v
 .Op Fl b Ar bits
 .Op Fl M Ar memory
 .Op Fl S Ar start_point
 .Nm ssh-keygen
 .Fl T Ar output_file
 .Fl f Ar input_file
+.Op Fl v
 .Op Fl a Ar num_trials
 .Op Fl W Ar generator
 .Sh DESCRIPTION
@@ -263,6 +265,16 @@ Specify desired generator when testing candidate moduli for DH-GEX.
 .It Fl U Ar reader
 Upload an existing RSA private key into the smartcard in
 .Ar reader .
+.It Fl v
+Verbose mode.
+Causes
+.Nm
+to print debugging messages about its progress.
+This is helpful for debugging moduli generation.
+Multiple
+.Fl v
+options increase the verbosity.
+The maximum is 3.
 .It Fl r Ar hostname
 Print DNS resource record with the specified
 .Ar hostname .
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 961fd43e5..1156a010a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.112 2003/11/23 23:18:45 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -797,6 +797,7 @@ main(int ac, char **av)
         int opt, type, fd, download = 0, memory = 0;
         int generator_wanted = 0, trials = 100;
         int do_gen_candidates = 0, do_screen_candidates = 0;
+        int log_level = SYSLOG_LEVEL_INFO;
         BIGNUM *start = NULL;
         FILE *f;
 
@@ -823,7 +824,7 @@ main(int ac, char **av)
         }
 
         while ((opt = getopt(ac, av,
-            "degiqpclBRxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
+            "degiqpclBRvxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
                 switch (opt) {
                 case 'b':
                         bits = atoi(optarg);
@@ -891,6 +892,15 @@ main(int ac, char **av)
                 case 'U':
                         reader_id = optarg;
                         break;
+                case 'v':
+                        if (log_level == SYSLOG_LEVEL_INFO)
+                                log_level = SYSLOG_LEVEL_DEBUG1;
+                        else {
+                                if (log_level >= SYSLOG_LEVEL_DEBUG1 && 
+                                    log_level < SYSLOG_LEVEL_DEBUG3)
+                                        log_level++;
+                        }
+                        break;
                 case 'r':
                         resource_record_hostname = optarg;
                         break;
@@ -932,6 +942,10 @@ main(int ac, char **av)
                         usage();
                 }
         }
+
+        /* reinit */
+        log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1);
+
         if (optind < ac) {
                 printf("Too many arguments.\n");
                 usage();