- dtucker@cvs.openbsd.org 2011/10/16 11:02:46

[moduli.c ssh-keygen.1 ssh-keygen.c] Add optional checkpoints for moduli screening. feedback & ok deraadt
author: Damien Miller <djm@mindrot.org> 2011-10-18 16:05:19 +1100
committer: Damien Miller <djm@mindrot.org> 2011-10-18 16:05:19 +1100
commit: 390d0561fccfba5e2e97105f75b70b32aab59578 (patch)
tree: c1baadb7c116489ef2a6260d06fac81d66208c3e /ssh-keygen.c
parent: d3e6990c4ca1e6c8ad9e66f5e57a2b4545dbc940 (diff)
1 files changed, 12 insertions, 4 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 4b6218b10..bd15cccff 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.210 2011/04/18 00:46:05 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.211 2011/10/16 11:02:46 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -154,7 +154,7 @@ char hostname[MAXHOSTNAMELEN];
 /* moduli.c */
 int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
-int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
+int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *);
 static void
 type_bits_valid(int type, u_int32_t *bitsp)
@@ -1881,6 +1881,7 @@ usage(void)
        fprintf(stderr, "  -G file     Generate candidates for DH-GEX moduli.\n");
        fprintf(stderr, "  -g          Use generic DNS resource record format.\n");
        fprintf(stderr, "  -H          Hash names in known_hosts file.\n");
+        fprintf(stderr, "  -K checkpt  Write checkpoints to this file.\n");
        fprintf(stderr, "  -h          Generate host certificate instead of a user certificate.\n");
        fprintf(stderr, "  -I key_id   Key identifier to include in certificate.\n");
        fprintf(stderr, "  -i          Import foreign format to OpenSSH key file.\n");
@@ -1916,6 +1917,7 @@ int
 main(int argc, char **argv)
 {
        char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
+        char *checkpoint = NULL;
        char out_file[MAXPATHLEN], *rr_hostname = NULL;
        Key *private, *public;
        struct passwd *pw;
@@ -1952,7 +1954,7 @@ main(int argc, char **argv)
                exit(1);
        }
-        while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:"
+        while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:K:P:m:N:n:"
            "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {
                switch (opt) {
                case 'A':
@@ -2103,6 +2105,11 @@ main(int argc, char **argv)
                            sizeof(out_file))
                                fatal("Output filename too long");
                        break;
+                case 'K':
+                        if (strlen(optarg) >= MAXPATHLEN)
+                                fatal("Checkpoint filename too long");
+                        checkpoint = xstrdup(optarg);
+                        break;
                case 'S':
                        /* XXX - also compare length against bits */
                        if (BN_hex2bn(&start, optarg) == 0)
@@ -2225,7 +2232,8 @@ main(int argc, char **argv)
                        fatal("Couldn't open moduli file \"%s\": %s",
                            out_file, strerror(errno));
                }
-                if (prime_test(in, out, trials, generator_wanted) != 0)
+                if (prime_test(in, out, trials, generator_wanted, checkpoint)
+                    != 0)
                        fatal("modulus screening failed");
                return (0);
        }
author	Damien Miller <djm@mindrot.org>	2011-10-18 16:05:19 +1100
committer	Damien Miller <djm@mindrot.org>	2011-10-18 16:05:19 +1100
commit	390d0561fccfba5e2e97105f75b70b32aab59578 (patch)
tree	c1baadb7c116489ef2a6260d06fac81d66208c3e /ssh-keygen.c
parent	d3e6990c4ca1e6c8ad9e66f5e57a2b4545dbc940 (diff)