diff options
| author | Damien Miller <djm@mindrot.org> | 2011-10-18 16:05:19 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2011-10-18 16:05:19 +1100 |
| commit | 390d0561fccfba5e2e97105f75b70b32aab59578 (patch) | |
| tree | c1baadb7c116489ef2a6260d06fac81d66208c3e /ssh-keygen.c | |
| parent | d3e6990c4ca1e6c8ad9e66f5e57a2b4545dbc940 (diff) | |
| download | openssh-git-390d0561fccfba5e2e97105f75b70b32aab59578.tar.gz | |
- dtucker@cvs.openbsd.org 2011/10/16 11:02:46
[moduli.c ssh-keygen.1 ssh-keygen.c]
Add optional checkpoints for moduli screening. feedback & ok deraadt
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 4b6218b1..bd15cccf 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.210 2011/04/18 00:46:05 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.211 2011/10/16 11:02:46 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -154,7 +154,7 @@ char hostname[MAXHOSTNAMELEN]; /* moduli.c */ int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *); -int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); +int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *); static void type_bits_valid(int type, u_int32_t *bitsp) @@ -1881,6 +1881,7 @@ usage(void) fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); fprintf(stderr, " -g Use generic DNS resource record format.\n"); fprintf(stderr, " -H Hash names in known_hosts file.\n"); + fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); @@ -1916,6 +1917,7 @@ int main(int argc, char **argv) { char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; + char *checkpoint = NULL; char out_file[MAXPATHLEN], *rr_hostname = NULL; Key *private, *public; struct passwd *pw; @@ -1952,7 +1954,7 @@ main(int argc, char **argv) exit(1); } - while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:" + while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:K:P:m:N:n:" "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { switch (opt) { case 'A': @@ -2103,6 +2105,11 @@ main(int argc, char **argv) sizeof(out_file)) fatal("Output filename too long"); break; + case 'K': + if (strlen(optarg) >= MAXPATHLEN) + fatal("Checkpoint filename too long"); + checkpoint = xstrdup(optarg); + break; case 'S': /* XXX - also compare length against bits */ if (BN_hex2bn(&start, optarg) == 0) @@ -2225,7 +2232,8 @@ main(int argc, char **argv) fatal("Couldn't open moduli file \"%s\": %s", out_file, strerror(errno)); } - if (prime_test(in, out, trials, generator_wanted) != 0) + if (prime_test(in, out, trials, generator_wanted, checkpoint) + != 0) fatal("modulus screening failed"); return (0); } |