From a563cced062d0d74843c0ee56a82faa860f10855 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 22 Apr 2012 11:07:28 +1000 Subject: - djm@cvs.openbsd.org 2012/02/29 11:21:26 [ssh-keygen.c] allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@ --- ssh-keygen.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'ssh-keygen.c') diff --git a/ssh-keygen.c b/ssh-keygen.c index 5fcd3a159..c5130c86e 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.212 2011/10/16 15:02:41 jmc Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.213 2012/02/29 11:21:26 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -265,6 +265,10 @@ do_convert_to_ssh2(struct passwd *pw, Key *k) u_char *blob; char comment[61]; + if (k->type == KEY_RSA1) { + fprintf(stderr, "version 1 keys are not supported\n"); + exit(1); + } if (key_to_blob(k, &blob, &len) <= 0) { fprintf(stderr, "key_to_blob failed\n"); exit(1); @@ -288,6 +292,7 @@ static void do_convert_to_pkcs8(Key *k) { switch (key_type_plain(k->type)) { + case KEY_RSA1: case KEY_RSA: if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) fatal("PEM_write_RSA_PUBKEY failed"); @@ -312,6 +317,7 @@ static void do_convert_to_pem(Key *k) { switch (key_type_plain(k->type)) { + case KEY_RSA1: case KEY_RSA: if (!PEM_write_RSAPublicKey(stdout, k->rsa)) fatal("PEM_write_RSAPublicKey failed"); @@ -345,10 +351,6 @@ do_convert_to(struct passwd *pw) exit(1); } } - if (k->type == KEY_RSA1) { - fprintf(stderr, "version 1 keys are not supported\n"); - exit(1); - } switch (convert_format) { case FMT_RFC4716: -- cgit v1.2.3 From 3bde12aeef60c9e1221316aff1fe1aca78eca027 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 20 Jun 2012 21:51:11 +1000 Subject: - djm@cvs.openbsd.org 2012/05/23 03:28:28 [dns.c dns.h key.c key.h ssh-keygen.c] add support for RFC6594 SSHFP DNS records for ECDSA key types. patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@ --- ChangeLog | 4 +++ dns.c | 103 +++++++++++++++++++++++++++++++++++++++-------------------- dns.h | 15 +++++---- key.c | 5 ++- key.h | 5 +-- ssh-keygen.c | 4 ++- 6 files changed, 92 insertions(+), 44 deletions(-) (limited to 'ssh-keygen.c') diff --git a/ChangeLog b/ChangeLog index 419640c2a..f0356d32e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,10 @@ [mux.c] fix double-free in new session handler NB. Id sync only + - djm@cvs.openbsd.org 2012/05/23 03:28:28 + [dns.c dns.h key.c key.h ssh-keygen.c] + add support for RFC6594 SSHFP DNS records for ECDSA key types. + patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@ 20120519 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch diff --git a/dns.c b/dns.c index 131cb3d8b..9e3084ba5 100644 --- a/dns.c +++ b/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.27 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: dns.c,v 1.28 2012/05/23 03:28:28 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -78,27 +78,46 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, u_char **digest, u_int *digest_len, Key *key) { int success = 0; + enum fp_type fp_type = 0; switch (key->type) { case KEY_RSA: *algorithm = SSHFP_KEY_RSA; + if (!*digest_type) + *digest_type = SSHFP_HASH_SHA1; break; case KEY_DSA: *algorithm = SSHFP_KEY_DSA; + if (!*digest_type) + *digest_type = SSHFP_HASH_SHA1; + break; + case KEY_ECDSA: + *algorithm = SSHFP_KEY_ECDSA; + if (!*digest_type) + *digest_type = SSHFP_HASH_SHA256; break; - /* XXX KEY_ECDSA */ default: *algorithm = SSHFP_KEY_RESERVED; /* 0 */ + *digest_type = SSHFP_HASH_RESERVED; /* 0 */ + } + + switch (*digest_type) { + case SSHFP_HASH_SHA1: + fp_type = SSH_FP_SHA1; + break; + case SSHFP_HASH_SHA256: + fp_type = SSH_FP_SHA256; + break; + default: + *digest_type = SSHFP_HASH_RESERVED; /* 0 */ } - if (*algorithm) { - *digest_type = SSHFP_HASH_SHA1; - *digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len); + if (*algorithm && *digest_type) { + *digest = key_fingerprint_raw(key, fp_type, digest_len); if (*digest == NULL) fatal("dns_read_key: null from key_fingerprint_raw()"); success = 1; } else { - *digest_type = SSHFP_HASH_RESERVED; *digest = NULL; *digest_len = 0; success = 0; @@ -180,7 +199,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, struct rrsetinfo *fingerprints = NULL; u_int8_t hostkey_algorithm; - u_int8_t hostkey_digest_type; + u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED; u_char *hostkey_digest; u_int hostkey_digest_len; @@ -216,7 +235,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, fingerprints->rri_nrdatas); } - /* Initialize host key parameters */ + /* Initialize default host key parameters */ if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type, &hostkey_digest, &hostkey_digest_len, hostkey)) { error("Error calculating host key fingerprint."); @@ -240,16 +259,27 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, continue; } + if (hostkey_digest_type != dnskey_digest_type) { + hostkey_digest_type = dnskey_digest_type; + xfree(hostkey_digest); + + /* Initialize host key parameters */ + if (!dns_read_key(&hostkey_algorithm, + &hostkey_digest_type, &hostkey_digest, + &hostkey_digest_len, hostkey)) { + error("Error calculating key fingerprint."); + freerrset(fingerprints); + return -1; + } + } + /* Check if the current key is the same as the given key */ if (hostkey_algorithm == dnskey_algorithm && hostkey_digest_type == dnskey_digest_type) { - if (hostkey_digest_len == dnskey_digest_len && - memcmp(hostkey_digest, dnskey_digest, - hostkey_digest_len) == 0) { - + timingsafe_bcmp(hostkey_digest, dnskey_digest, + hostkey_digest_len) == 0) *flags |= DNS_VERIFY_MATCH; - } } xfree(dnskey_digest); } @@ -275,31 +305,36 @@ int export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) { u_int8_t rdata_pubkey_algorithm = 0; - u_int8_t rdata_digest_type = SSHFP_HASH_SHA1; + u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED; + u_int8_t dtype; u_char *rdata_digest; - u_int rdata_digest_len; - - u_int i; + u_int i, rdata_digest_len; int success = 0; - if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, - &rdata_digest, &rdata_digest_len, key)) { - - if (generic) - fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname, - DNS_RDATATYPE_SSHFP, 2 + rdata_digest_len, - rdata_pubkey_algorithm, rdata_digest_type); - else - fprintf(f, "%s IN SSHFP %d %d ", hostname, - rdata_pubkey_algorithm, rdata_digest_type); + for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { + rdata_digest_type = dtype; + if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, + &rdata_digest, &rdata_digest_len, key)) { + if (generic) { + fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", + hostname, DNS_RDATATYPE_SSHFP, + 2 + rdata_digest_len, + rdata_pubkey_algorithm, rdata_digest_type); + } else { + fprintf(f, "%s IN SSHFP %d %d ", hostname, + rdata_pubkey_algorithm, rdata_digest_type); + } + for (i = 0; i < rdata_digest_len; i++) + fprintf(f, "%02x", rdata_digest[i]); + fprintf(f, "\n"); + xfree(rdata_digest); /* from key_fingerprint_raw() */ + success = 1; + } + } - for (i = 0; i < rdata_digest_len; i++) - fprintf(f, "%02x", rdata_digest[i]); - fprintf(f, "\n"); - xfree(rdata_digest); /* from key_fingerprint_raw() */ - success = 1; - } else { - error("export_dns_rr: unsupported algorithm"); + /* No SSHFP record was generated at all */ + if (success == 0) { + error("%s: unsupported algorithm and/or digest_type", __func__); } return success; diff --git a/dns.h b/dns.h index 90cfd7b92..d5f428177 100644 --- a/dns.h +++ b/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.11 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: dns.h,v 1.12 2012/05/23 03:28:28 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -29,14 +29,17 @@ #define DNS_H enum sshfp_types { - SSHFP_KEY_RESERVED, - SSHFP_KEY_RSA, - SSHFP_KEY_DSA + SSHFP_KEY_RESERVED = 0, + SSHFP_KEY_RSA = 1, + SSHFP_KEY_DSA = 2, + SSHFP_KEY_ECDSA = 3 }; enum sshfp_hashes { - SSHFP_HASH_RESERVED, - SSHFP_HASH_SHA1 + SSHFP_HASH_RESERVED = 0, + SSHFP_HASH_SHA1 = 1, + SSHFP_HASH_SHA256 = 2, + SSHFP_HASH_MAX = 3 }; #define DNS_RDATACLASS_IN 1 diff --git a/key.c b/key.c index 5cc4132c0..8ef0b7e3c 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.98 2011/10/18 04:58:26 djm Exp $ */ +/* $OpenBSD: key.c,v 1.99 2012/05/23 03:28:28 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -342,6 +342,9 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) case SSH_FP_SHA1: md = EVP_sha1(); break; + case SSH_FP_SHA256: + md = EVP_sha256(); + break; default: fatal("key_fingerprint_raw: bad digest type %d", dgst_type); diff --git a/key.h b/key.h index ec5ac5eb8..39e5577f6 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.33 2010/10/28 11:22:09 djm Exp $ */ +/* $OpenBSD: key.h,v 1.34 2012/05/23 03:28:28 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -48,7 +48,8 @@ enum types { }; enum fp_type { SSH_FP_SHA1, - SSH_FP_MD5 + SSH_FP_MD5, + SSH_FP_SHA256 }; enum fp_rep { SSH_FP_HEX, diff --git a/ssh-keygen.c b/ssh-keygen.c index c5130c86e..9407321d5 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.213 2012/02/29 11:21:26 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.214 2012/05/23 03:28:28 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -2194,6 +2194,8 @@ main(int argc, char **argv) _PATH_HOST_RSA_KEY_FILE, rr_hostname); n += do_print_resource_record(pw, _PATH_HOST_DSA_KEY_FILE, rr_hostname); + n += do_print_resource_record(pw, + _PATH_HOST_ECDSA_KEY_FILE, rr_hostname); if (n == 0) fatal("no keys found."); -- cgit v1.2.3 From dfceafe8b11a4a1f9890a37e0cd88b01eb9cc30c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 6 Jul 2012 13:44:19 +1000 Subject: - dtucker@cvs.openbsd.org 2012/07/06 00:41:59 [moduli.c ssh-keygen.1 ssh-keygen.c] Add options to specify starting line number and number of lines to process when screening moduli candidates. This allows processing of different parts of a candidate moduli file in parallel. man page help jmc@, ok djm@ --- ChangeLog | 6 ++++++ moduli.c | 18 +++++++++++++----- ssh-keygen.1 | 18 +++++++++++++++--- ssh-keygen.c | 22 ++++++++++++++++------ 4 files changed, 50 insertions(+), 14 deletions(-) (limited to 'ssh-keygen.c') diff --git a/ChangeLog b/ChangeLog index 63045f048..0d876d2ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,12 @@ - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT esperi.org.uk; ok dtucker@ +- (djm) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2012/07/06 00:41:59 + [moduli.c ssh-keygen.1 ssh-keygen.c] + Add options to specify starting line number and number of lines to process + when screening moduli candidates. This allows processing of different + parts of a candidate moduli file in parallel. man page help jmc@, ok djm@ 20120704 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for diff --git a/moduli.c b/moduli.c index 973ee6288..5267bb9ab 100644 --- a/moduli.c +++ b/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.25 2011/10/19 00:06:10 djm Exp $ */ +/* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -140,7 +140,8 @@ static u_int32_t largebits, largememory; /* megabytes */ static BIGNUM *largebase; int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); -int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *); +int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, + unsigned long); /* * print moduli out in consistent form, @@ -495,14 +496,14 @@ read_checkpoint(char *cpfile) */ int prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, - char *checkpoint_file) + char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines) { BIGNUM *q, *p, *a; BN_CTX *ctx; char *cp, *lp; u_int32_t count_in = 0, count_out = 0, count_possible = 0; u_int32_t generator_known, in_tests, in_tries, in_type, in_size; - unsigned long last_processed = 0; + unsigned long last_processed = 0, end_lineno; time_t time_start, time_stop; int res; @@ -525,10 +526,17 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, if (checkpoint_file != NULL) last_processed = read_checkpoint(checkpoint_file); + if (start_lineno > last_processed) + last_processed = start_lineno; + if (num_lines == 0) + end_lineno = ULONG_MAX; + else + end_lineno = last_processed + num_lines; + debug2("process line %lu to line %lu", last_processed, end_lineno); res = 0; lp = xmalloc(QLINESIZE + 1); - while (fgets(lp, QLINESIZE + 1, in) != NULL) { + while (fgets(lp, QLINESIZE + 1, in) != NULL && count_in < end_lineno) { count_in++; if (checkpoint_file != NULL) { if (count_in <= last_processed) { diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 41da2077b..03f927edf 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.108 2011/10/16 11:02:46 dtucker Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.109 2012/07/06 00:41:59 dtucker Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 16 2011 $ +.Dd $Mdocdate: July 6 2012 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -104,6 +104,8 @@ .Fl f Ar input_file .Op Fl v .Op Fl a Ar num_trials +.Op Fl J Ar num_lines +.Op Fl j Ar start_line .Op Fl K Ar checkpt .Op Fl W Ar generator .Nm ssh-keygen @@ -297,6 +299,16 @@ in the format specified by the .Fl m option and print an OpenSSH compatible private (or public) key to stdout. +.It Fl J Ar num_lines +Exit after screening the specified number of lines +while performing DH candidate screening using the +.Fl T +option. +.It Fl j Ar start_line +Start screening at the specified line number +while performing DH candidate screening using the +.Fl T +option. .It Fl K Ar checkpt Write the last line processed to the file .Ar checkpt @@ -518,7 +530,7 @@ This may be overridden using the .Fl S option, which specifies a different start point (in hex). .Pp -Once a set of candidates have been generated, they must be tested for +Once a set of candidates have been generated, they must be screened for suitability. This may be performed using the .Fl T diff --git a/ssh-keygen.c b/ssh-keygen.c index 9407321d5..57679ee43 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.214 2012/05/23 03:28:28 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.215 2012/07/06 00:41:59 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -154,7 +154,8 @@ char hostname[MAXHOSTNAMELEN]; /* moduli.c */ int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); -int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *); +int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long, + unsigned long); static void type_bits_valid(int type, u_int32_t *bitsp) @@ -1888,6 +1889,8 @@ usage(void) fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); + fprintf(stderr, " -J number Screen this number of moduli lines\n"); + fprintf(stderr, " -j number Start screening moduli at specified line.\n"); fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); fprintf(stderr, " -L Print the contents of a certificate.\n"); fprintf(stderr, " -l Show fingerprint of key file.\n"); @@ -1930,6 +1933,7 @@ main(int argc, char **argv) u_int32_t memory = 0, generator_wanted = 0, trials = 100; int do_gen_candidates = 0, do_screen_candidates = 0; int gen_all_hostkeys = 0; + unsigned long start_lineno = 0, lines_to_process = 0; BIGNUM *start = NULL; FILE *f; const char *errstr; @@ -1958,8 +1962,8 @@ main(int argc, char **argv) exit(1); } - while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:K:P:m:N:n:" - "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { + while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:J:j:K:P:" + "m:N:n:O:C:r:g:R:T:G:M:S:s:a:V:W:z")) != -1) { switch (opt) { case 'A': gen_all_hostkeys = 1; @@ -1980,6 +1984,12 @@ main(int argc, char **argv) case 'I': cert_key_id = optarg; break; + case 'J': + lines_to_process = strtoul(optarg, NULL, 10); + break; + case 'j': + start_lineno = strtoul(optarg, NULL, 10); + break; case 'R': delete_host = 1; rr_hostname = optarg; @@ -2238,8 +2248,8 @@ main(int argc, char **argv) fatal("Couldn't open moduli file \"%s\": %s", out_file, strerror(errno)); } - if (prime_test(in, out, trials, generator_wanted, checkpoint) - != 0) + if (prime_test(in, out, trials, generator_wanted, checkpoint, + start_lineno, lines_to_process) != 0) fatal("modulus screening failed"); return (0); } -- cgit v1.2.3 From 709a1e90d9cfb7a0e8cdf57fa967d163c010a6bb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jul 2012 12:20:43 +1000 Subject: - jmc@cvs.openbsd.org 2012/07/06 06:38:03 [ssh-keygen.c] missing full stop in usage(); --- ChangeLog | 6 ++++++ ssh-keygen.c | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'ssh-keygen.c') diff --git a/ChangeLog b/ChangeLog index 1bd4d2c50..885a721ff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20120731 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2012/07/06 06:38:03 + [ssh-keygen.c] + missing full stop in usage(); + 20120720 - (dtucker) Import regened moduli file. diff --git a/ssh-keygen.c b/ssh-keygen.c index 57679ee43..a223ddc81 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.215 2012/07/06 00:41:59 dtucker Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.216 2012/07/06 06:38:03 jmc Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1889,7 +1889,7 @@ usage(void) fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); - fprintf(stderr, " -J number Screen this number of moduli lines\n"); + fprintf(stderr, " -J number Screen this number of moduli lines.\n"); fprintf(stderr, " -j number Start screening moduli at specified line.\n"); fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); fprintf(stderr, " -L Print the contents of a certificate.\n"); -- cgit v1.2.3