diff options
author | Damien Miller <djm@mindrot.org> | 2011-10-18 16:05:19 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2011-10-18 16:05:19 +1100 |
commit | 390d0561fccfba5e2e97105f75b70b32aab59578 (patch) | |
tree | c1baadb7c116489ef2a6260d06fac81d66208c3e /ssh-keygen.c | |
parent | d3e6990c4ca1e6c8ad9e66f5e57a2b4545dbc940 (diff) |
- dtucker@cvs.openbsd.org 2011/10/16 11:02:46
[moduli.c ssh-keygen.1 ssh-keygen.c]
Add optional checkpoints for moduli screening. feedback & ok deraadt
Diffstat (limited to 'ssh-keygen.c')
-rw-r--r-- | ssh-keygen.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 4b6218b10..bd15cccff 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.210 2011/04/18 00:46:05 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.211 2011/10/16 11:02:46 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -154,7 +154,7 @@ char hostname[MAXHOSTNAMELEN]; | |||
154 | 154 | ||
155 | /* moduli.c */ | 155 | /* moduli.c */ |
156 | int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); | 156 | int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); |
157 | int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); | 157 | int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *); |
158 | 158 | ||
159 | static void | 159 | static void |
160 | type_bits_valid(int type, u_int32_t *bitsp) | 160 | type_bits_valid(int type, u_int32_t *bitsp) |
@@ -1881,6 +1881,7 @@ usage(void) | |||
1881 | fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); | 1881 | fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); |
1882 | fprintf(stderr, " -g Use generic DNS resource record format.\n"); | 1882 | fprintf(stderr, " -g Use generic DNS resource record format.\n"); |
1883 | fprintf(stderr, " -H Hash names in known_hosts file.\n"); | 1883 | fprintf(stderr, " -H Hash names in known_hosts file.\n"); |
1884 | fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); | ||
1884 | fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); | 1885 | fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); |
1885 | fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); | 1886 | fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); |
1886 | fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); | 1887 | fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); |
@@ -1916,6 +1917,7 @@ int | |||
1916 | main(int argc, char **argv) | 1917 | main(int argc, char **argv) |
1917 | { | 1918 | { |
1918 | char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; | 1919 | char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; |
1920 | char *checkpoint = NULL; | ||
1919 | char out_file[MAXPATHLEN], *rr_hostname = NULL; | 1921 | char out_file[MAXPATHLEN], *rr_hostname = NULL; |
1920 | Key *private, *public; | 1922 | Key *private, *public; |
1921 | struct passwd *pw; | 1923 | struct passwd *pw; |
@@ -1952,7 +1954,7 @@ main(int argc, char **argv) | |||
1952 | exit(1); | 1954 | exit(1); |
1953 | } | 1955 | } |
1954 | 1956 | ||
1955 | while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:" | 1957 | while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:K:P:m:N:n:" |
1956 | "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { | 1958 | "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { |
1957 | switch (opt) { | 1959 | switch (opt) { |
1958 | case 'A': | 1960 | case 'A': |
@@ -2103,6 +2105,11 @@ main(int argc, char **argv) | |||
2103 | sizeof(out_file)) | 2105 | sizeof(out_file)) |
2104 | fatal("Output filename too long"); | 2106 | fatal("Output filename too long"); |
2105 | break; | 2107 | break; |
2108 | case 'K': | ||
2109 | if (strlen(optarg) >= MAXPATHLEN) | ||
2110 | fatal("Checkpoint filename too long"); | ||
2111 | checkpoint = xstrdup(optarg); | ||
2112 | break; | ||
2106 | case 'S': | 2113 | case 'S': |
2107 | /* XXX - also compare length against bits */ | 2114 | /* XXX - also compare length against bits */ |
2108 | if (BN_hex2bn(&start, optarg) == 0) | 2115 | if (BN_hex2bn(&start, optarg) == 0) |
@@ -2225,7 +2232,8 @@ main(int argc, char **argv) | |||
2225 | fatal("Couldn't open moduli file \"%s\": %s", | 2232 | fatal("Couldn't open moduli file \"%s\": %s", |
2226 | out_file, strerror(errno)); | 2233 | out_file, strerror(errno)); |
2227 | } | 2234 | } |
2228 | if (prime_test(in, out, trials, generator_wanted) != 0) | 2235 | if (prime_test(in, out, trials, generator_wanted, checkpoint) |
2236 | != 0) | ||
2229 | fatal("modulus screening failed"); | 2237 | fatal("modulus screening failed"); |
2230 | return (0); | 2238 | return (0); |
2231 | } | 2239 | } |