Add options to specify starting line number and number of lines to process

when screening moduli candidates. This allows processing of different parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
author: dtucker <dtucker@openbsd.org> 2012-07-06 00:41:59 +0000
committer: dtucker <dtucker@openbsd.org> 2012-07-06 00:41:59 +0000
commit: a8888ec57029e816e5b0f4821729fdae666b9c33 (patch)
tree: 390872f48cc8657d3c98ecd83939f4cd14368049
parent: error and warning messages should be explicit, sigh... (diff)
download: wireguard-openbsd-a8888ec57029e816e5b0f4821729fdae666b9c33.tar.xz
wireguard-openbsd-a8888ec57029e816e5b0f4821729fdae666b9c33.zip
3 files changed, 44 insertions, 14 deletions
diff --git a/usr.bin/ssh/moduli.c b/usr.bin/ssh/moduli.c
index e6ea2e2b6ea..bc9a61031ca 100644
--- a/usr.bin/ssh/moduli.c
+++ b/usr.bin/ssh/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.25 2011/10/19 00:06:10 djm Exp $ */
+/* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -136,7 +136,8 @@ static u_int32_t largebits, largememory;	/* megabytes */
 static BIGNUM *largebase;
 
 int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
-int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *);
+int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
+    unsigned long);
 
 /*
  * print moduli out in consistent form,
@@ -491,14 +492,14 @@ read_checkpoint(char *cpfile)
  */
 int
 prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
-    char *checkpoint_file)
+    char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines)
 {
 	BIGNUM *q, *p, *a;
 	BN_CTX *ctx;
 	char *cp, *lp;
 	u_int32_t count_in = 0, count_out = 0, count_possible = 0;
 	u_int32_t generator_known, in_tests, in_tries, in_type, in_size;
-	unsigned long last_processed = 0;
+	unsigned long last_processed = 0, end_lineno;
 	time_t time_start, time_stop;
 	int res;
 
@@ -521,10 +522,17 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
 
 	if (checkpoint_file != NULL)
 		last_processed = read_checkpoint(checkpoint_file);
+	if (start_lineno > last_processed)
+		last_processed = start_lineno;
+	if (num_lines == 0)
+		end_lineno = ULONG_MAX;
+	else
+		end_lineno = last_processed + num_lines;
+	debug2("process line %lu to line %lu", last_processed, end_lineno);
 
 	res = 0;
 	lp = xmalloc(QLINESIZE + 1);
-	while (fgets(lp, QLINESIZE + 1, in) != NULL) {
+	while (fgets(lp, QLINESIZE + 1, in) != NULL && count_in < end_lineno) {
 		count_in++;
 		if (checkpoint_file != NULL) {
 			if (count_in <= last_processed) {
diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1
index 41da2077b58..03f927edfcb 100644
--- a/usr.bin/ssh/ssh-keygen.1
+++ b/usr.bin/ssh/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.108 2011/10/16 11:02:46 dtucker Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.109 2012/07/06 00:41:59 dtucker Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 16 2011 $
+.Dd $Mdocdate: July 6 2012 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -104,6 +104,8 @@
 .Fl f Ar input_file
 .Op Fl v
 .Op Fl a Ar num_trials
+.Op Fl J Ar num_lines
+.Op Fl j Ar start_line
 .Op Fl K Ar checkpt
 .Op Fl W Ar generator
 .Nm ssh-keygen
@@ -297,6 +299,16 @@ in the format specified by the
 .Fl m
 option and print an OpenSSH compatible private
 (or public) key to stdout.
+.It Fl J Ar num_lines
+Exit after screening the specified number of lines
+while performing DH candidate screening using the
+.Fl T
+option.
+.It Fl j Ar start_line
+Start screening at the specified line number
+while performing DH candidate screening using the
+.Fl T
+option.
 .It Fl K Ar checkpt
 Write the last line processed to the file
 .Ar checkpt
@@ -518,7 +530,7 @@ This may be overridden using the
 .Fl S
 option, which specifies a different start point (in hex).
 .Pp
-Once a set of candidates have been generated, they must be tested for
+Once a set of candidates have been generated, they must be screened for
 suitability.
 This may be performed using the
 .Fl T
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index e0d015eca6c..d41aa945915 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.214 2012/05/23 03:28:28 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.215 2012/07/06 00:41:59 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -149,7 +149,8 @@ char hostname[MAXHOSTNAMELEN];
 
 /* moduli.c */
 int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
-int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *);
+int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
+    unsigned long);
 
 static void
 type_bits_valid(int type, u_int32_t *bitsp)
@@ -1873,6 +1874,8 @@ usage(void)
 	fprintf(stderr, "  -h          Generate host certificate instead of a user certificate.\n");
 	fprintf(stderr, "  -I key_id   Key identifier to include in certificate.\n");
 	fprintf(stderr, "  -i          Import foreign format to OpenSSH key file.\n");
+	fprintf(stderr, "  -J number   Screen this number of moduli lines\n");
+	fprintf(stderr, "  -j number   Start screening moduli at specified line.\n");
 	fprintf(stderr, "  -K checkpt  Write checkpoints to this file.\n");
 	fprintf(stderr, "  -L          Print the contents of a certificate.\n");
 	fprintf(stderr, "  -l          Show fingerprint of key file.\n");
@@ -1915,6 +1918,7 @@ main(int argc, char **argv)
 	u_int32_t memory = 0, generator_wanted = 0, trials = 100;
 	int do_gen_candidates = 0, do_screen_candidates = 0;
 	int gen_all_hostkeys = 0;
+	unsigned long start_lineno = 0, lines_to_process = 0;
 	BIGNUM *start = NULL;
 	FILE *f;
 	const char *errstr;
@@ -1939,8 +1943,8 @@ main(int argc, char **argv)
 		exit(1);
 	}
 
-	while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:K:P:m:N:n:"
-	    "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {
+	while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:J:j:K:P:"
+	    "m:N:n:O:C:r:g:R:T:G:M:S:s:a:V:W:z")) != -1) {
 		switch (opt) {
 		case 'A':
 			gen_all_hostkeys = 1;
@@ -1961,6 +1965,12 @@ main(int argc, char **argv)
 		case 'I':
 			cert_key_id = optarg;
 			break;
+		case 'J':
+			lines_to_process = strtoul(optarg, NULL, 10);
+                        break;
+		case 'j':
+			start_lineno = strtoul(optarg, NULL, 10);
+                        break;
 		case 'R':
 			delete_host = 1;
 			rr_hostname = optarg;
@@ -2219,8 +2229,8 @@ main(int argc, char **argv)
 			fatal("Couldn't open moduli file \"%s\": %s",
 			    out_file, strerror(errno));
 		}
-		if (prime_test(in, out, trials, generator_wanted, checkpoint)
-		    != 0)
+		if (prime_test(in, out, trials, generator_wanted, checkpoint,
+		    start_lineno, lines_to_process) != 0)
 			fatal("modulus screening failed");
 		return (0);
 	}
author	dtucker <dtucker@openbsd.org>	2012-07-06 00:41:59 +0000
committer	dtucker <dtucker@openbsd.org>	2012-07-06 00:41:59 +0000
commit	a8888ec57029e816e5b0f4821729fdae666b9c33 (patch)
tree	390872f48cc8657d3c98ecd83939f4cd14368049
parent	error and warning messages should be explicit, sigh... (diff)
download	wireguard-openbsd-a8888ec57029e816e5b0f4821729fdae666b9c33.tar.xz wireguard-openbsd-a8888ec57029e816e5b0f4821729fdae666b9c33.zip