-/* $OpenBSD: moduli.c,v 1.39 2023/03/02 06:41:56 dtucker Exp $ */
+/* $OpenBSD: moduli.c,v 1.40 2025/05/24 03:39:48 dtucker Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
#define SHIFT_MEGABYTE (20)
#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE)
-/*
- * Using virtual memory can cause thrashing. This should be the largest
- * number that is supported without a large amount of disk activity --
- * that would increase the run time from hours to days or weeks!
- */
-#define LARGE_MINIMUM (8UL) /* megabytes */
-
/*
* Do not increase this number beyond the unsigned integer bit size.
* Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits).
static u_int32_t largebits, largememory; /* megabytes */
static BIGNUM *largebase;
-int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
+int gen_candidates(FILE *, u_int32_t, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
unsigned long);
* The list is checked against small known primes (less than 2**30).
*/
int
-gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
+gen_candidates(FILE *out, u_int32_t power, BIGNUM *start)
{
BIGNUM *q;
u_int32_t j, r, s, t;
u_int32_t i;
int ret = 0;
- largememory = memory;
-
- if (memory != 0 &&
- (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
- error("Invalid memory amount (min %ld, max %ld)",
- LARGE_MINIMUM, LARGE_MAXIMUM);
- return (-1);
- }
-
/*
* Set power to the length in bits of the prime to be generated.
* This is changed to 1 less than the desired safe prime moduli p.
}
power--; /* decrement before squaring */
- /*
- * The density of ordinary primes is on the order of 1/bits, so the
- * density of safe primes should be about (1/bits)**2. Set test range
- * to something well above bits**2 to be reasonably sure (but not
- * guaranteed) of catching at least one safe prime.
- */
- largewords = ((power * power) >> (SHIFT_WORD - TEST_POWER));
-
- /*
- * Need idea of how much memory is available. We don't have to use all
- * of it.
- */
- if (largememory > LARGE_MAXIMUM) {
- logit("Limited memory: %u MB; limit %lu MB",
- largememory, LARGE_MAXIMUM);
- largememory = LARGE_MAXIMUM;
- }
-
- if (largewords <= (largememory << SHIFT_MEGAWORD)) {
- logit("Increased memory: %u MB; need %u bytes",
- largememory, (largewords << SHIFT_BYTE));
- largewords = (largememory << SHIFT_MEGAWORD);
- } else if (largememory > 0) {
- logit("Decreased memory: %u MB; want %u bytes",
- largememory, (largewords << SHIFT_BYTE));
- largewords = (largememory << SHIFT_MEGAWORD);
- }
+ /* Always use the maximum amount of memory supported by the algorithm. */
+ largememory = LARGE_MAXIMUM;
+ largewords = (largememory << SHIFT_MEGAWORD);
TinySieve = xcalloc(tinywords, sizeof(u_int32_t));
tinybits = tinywords << SHIFT_WORD;
SmallSieve = xcalloc(smallwords, sizeof(u_int32_t));
smallbits = smallwords << SHIFT_WORD;
- /*
- * dynamically determine available memory
- */
- while ((LargeSieve = calloc(largewords, sizeof(u_int32_t))) == NULL)
- largewords -= (1L << (SHIFT_MEGAWORD - 2)); /* 1/4 MB chunks */
-
+ LargeSieve = xcalloc(largewords, sizeof(u_int32_t));
largebits = largewords << SHIFT_WORD;
largenumbers = largebits * 2; /* even numbers excluded */
-.\" $OpenBSD: ssh-keygen.1,v 1.234 2024/11/27 13:00:23 djm Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.235 2025/05/24 03:40:54 dtucker Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: November 27 2024 $
+.Dd $Mdocdate: May 24 2025 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
candidate screening.
This will be used to skip lines in the input file that have already been
processed if the job is restarted.
-.It Ic memory Ns = Ns Ar mbytes
-Specify the amount of memory to use (in megabytes) when generating
-candidate moduli for DH-GEX.
.It Ic start Ns = Ns Ar hex-value
Specify start point (in hex) when generating candidate moduli for DH-GEX.
.It Ic generator Ns = Ns Ar value
-/* $OpenBSD: ssh-keygen.c,v 1.480 2025/05/24 02:01:28 dtucker Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.481 2025/05/24 03:37:40 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#ifdef WITH_OPENSSL
/* moduli.c */
-int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
+int gen_candidates(FILE *, u_int32_t, BIGNUM *);
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
unsigned long);
#endif
{
#ifdef WITH_OPENSSL
/* Moduli generation/screening */
- u_int32_t memory = 0;
BIGNUM *start = NULL;
int moduli_bits = 0;
FILE *out;
/* Parse options */
for (i = 0; i < nopts; i++) {
- if ((p = strprefix(opts[i], "memory=", 0)) != NULL) {
- memory = (u_int32_t)strtonum(p, 1, UINT_MAX, &errstr);
- if (errstr) {
- fatal("Memory limit is %s: %s", errstr, p);
- }
- } else if ((p = strprefix(opts[i], "start=", 0)) != NULL) {
+ if ((p = strprefix(opts[i], "start=", 0)) != NULL) {
/* XXX - also compare length against bits */
if (BN_hex2bn(&start, p) == 0)
fatal("Invalid start point.");
if (moduli_bits == 0)
moduli_bits = DEFAULT_BITS;
- if (gen_candidates(out, memory, moduli_bits, start) != 0)
+ if (gen_candidates(out, moduli_bits, start) != 0)
fatal("modulus candidate generation failed");
#else /* WITH_OPENSSL */
fatal("Moduli generation is not supported");
projects / thirdparty / openssh-portable.git / commitdiff
