From: dtucker@openbsd.org <dtucker@openbsd.org>
Date: Sat, 24 May 2025 03:37:40 +0000 (+0000)
Subject: upstream: Remove ssh-keygen's moduli screen -Omemory option.
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=216824172724a50a4a75439fb2b4b8edccf5b733;p=thirdparty%2Fopenssh-portable.git

upstream: Remove ssh-keygen's moduli screen -Omemory option.

This vaguely made sense 20 years ago, but these days you'd be hard
pressed to *find* a machine small enough to not support the maximum
(127MB), and no one is screening moduli on such machines anyway,
so just use the max.  This also fixes Coverity CID 470522 by deleting
code in question.  "kill it with fire" djm@.

OpenBSD-Commit-ID: 39036aa406a99f0a91923aa3a96afff1205558e6
---

diff --git a/moduli.c b/moduli.c
index 481ca2aa8..999a90984 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.39 2023/03/02 06:41:56 dtucker Exp $ */
+/* $OpenBSD: moduli.c,v 1.40 2025/05/24 03:39:48 dtucker Exp $ */
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -87,13 +87,6 @@
 #define SHIFT_MEGABYTE	(20)
 #define SHIFT_MEGAWORD	(SHIFT_MEGABYTE-SHIFT_BYTE)
 
-/*
- * Using virtual memory can cause thrashing.  This should be the largest
- * number that is supported without a large amount of disk activity --
- * that would increase the run time from hours to days or weeks!
- */
-#define LARGE_MINIMUM	(8UL)	/* megabytes */
-
 /*
  * Do not increase this number beyond the unsigned integer bit size.
  * Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits).
@@ -142,7 +135,7 @@ static u_int32_t *LargeSieve, largewords, largetries, largenumbers;
 static u_int32_t largebits, largememory;	/* megabytes */
 static BIGNUM *largebase;
 
-int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
+int gen_candidates(FILE *, u_int32_t, BIGNUM *);
 int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
     unsigned long);
 
@@ -242,7 +235,7 @@ sieve_large(u_int32_t s32)
  * The list is checked against small known primes (less than 2**30).
  */
 int
-gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
+gen_candidates(FILE *out, u_int32_t power, BIGNUM *start)
 {
 	BIGNUM *q;
 	u_int32_t j, r, s, t;
@@ -252,15 +245,6 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
 	u_int32_t i;
 	int ret = 0;
 
-	largememory = memory;
-
-	if (memory != 0 &&
-	    (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
-		error("Invalid memory amount (min %ld, max %ld)",
-		    LARGE_MINIMUM, LARGE_MAXIMUM);
-		return (-1);
-	}
-
 	/*
 	 * Set power to the length in bits of the prime to be generated.
 	 * This is changed to 1 less than the desired safe prime moduli p.
@@ -274,33 +258,9 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
 	}
 	power--; /* decrement before squaring */
 
-	/*
-	 * The density of ordinary primes is on the order of 1/bits, so the
-	 * density of safe primes should be about (1/bits)**2. Set test range
-	 * to something well above bits**2 to be reasonably sure (but not
-	 * guaranteed) of catching at least one safe prime.
-	 */
-	largewords = ((power * power) >> (SHIFT_WORD - TEST_POWER));
-
-	/*
-	 * Need idea of how much memory is available. We don't have to use all
-	 * of it.
-	 */
-	if (largememory > LARGE_MAXIMUM) {
-		logit("Limited memory: %u MB; limit %lu MB",
-		    largememory, LARGE_MAXIMUM);
-		largememory = LARGE_MAXIMUM;
-	}
-
-	if (largewords <= (largememory << SHIFT_MEGAWORD)) {
-		logit("Increased memory: %u MB; need %u bytes",
-		    largememory, (largewords << SHIFT_BYTE));
-		largewords = (largememory << SHIFT_MEGAWORD);
-	} else if (largememory > 0) {
-		logit("Decreased memory: %u MB; want %u bytes",
-		    largememory, (largewords << SHIFT_BYTE));
-		largewords = (largememory << SHIFT_MEGAWORD);
-	}
+	/* Always use the maximum amount of memory supported by the algorithm. */
+	largememory = LARGE_MAXIMUM;
+	largewords = (largememory << SHIFT_MEGAWORD);
 
 	TinySieve = xcalloc(tinywords, sizeof(u_int32_t));
 	tinybits = tinywords << SHIFT_WORD;
@@ -308,12 +268,7 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
 	SmallSieve = xcalloc(smallwords, sizeof(u_int32_t));
 	smallbits = smallwords << SHIFT_WORD;
 
-	/*
-	 * dynamically determine available memory
-	 */
-	while ((LargeSieve = calloc(largewords, sizeof(u_int32_t))) == NULL)
-		largewords -= (1L << (SHIFT_MEGAWORD - 2)); /* 1/4 MB chunks */
-
+	LargeSieve = xcalloc(largewords, sizeof(u_int32_t));
 	largebits = largewords << SHIFT_WORD;
 	largenumbers = largebits * 2;	/* even numbers excluded */
 
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 00246a861..3caf09712 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.234 2024/11/27 13:00:23 djm Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.235 2025/05/24 03:40:54 dtucker Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 27 2024 $
+.Dd $Mdocdate: May 24 2025 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -878,9 +878,6 @@ Write the last line processed to the specified file while performing DH
 candidate screening.
 This will be used to skip lines in the input file that have already been
 processed if the job is restarted.
-.It Ic memory Ns = Ns Ar mbytes
-Specify the amount of memory to use (in megabytes) when generating
-candidate moduli for DH-GEX.
 .It Ic start Ns = Ns Ar hex-value
 Specify start point (in hex) when generating candidate moduli for DH-GEX.
 .It Ic generator Ns = Ns Ar value
diff --git a/ssh-keygen.c b/ssh-keygen.c
index ac0170de4..867fbd1ca 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.480 2025/05/24 02:01:28 dtucker Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.481 2025/05/24 03:37:40 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -166,7 +166,7 @@ static char hostname[NI_MAXHOST];
 
 #ifdef WITH_OPENSSL
 /* moduli.c */
-int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
+int gen_candidates(FILE *, u_int32_t, BIGNUM *);
 int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
     unsigned long);
 #endif
@@ -2923,7 +2923,6 @@ do_moduli_gen(const char *out_file, char **opts, size_t nopts)
 {
 #ifdef WITH_OPENSSL
 	/* Moduli generation/screening */
-	u_int32_t memory = 0;
 	BIGNUM *start = NULL;
 	int moduli_bits = 0;
 	FILE *out;
@@ -2932,12 +2931,7 @@ do_moduli_gen(const char *out_file, char **opts, size_t nopts)
 
 	/* Parse options */
 	for (i = 0; i < nopts; i++) {
-		if ((p = strprefix(opts[i], "memory=", 0)) != NULL) {
-			memory = (u_int32_t)strtonum(p, 1, UINT_MAX, &errstr);
-			if (errstr) {
-				fatal("Memory limit is %s: %s", errstr, p);
-			}
-		} else if ((p = strprefix(opts[i], "start=", 0)) != NULL) {
+		if ((p = strprefix(opts[i], "start=", 0)) != NULL) {
 			/* XXX - also compare length against bits */
 			if (BN_hex2bn(&start, p) == 0)
 				fatal("Invalid start point.");
@@ -2962,7 +2956,7 @@ do_moduli_gen(const char *out_file, char **opts, size_t nopts)
 
 	if (moduli_bits == 0)
 		moduli_bits = DEFAULT_BITS;
-	if (gen_candidates(out, memory, moduli_bits, start) != 0)
+	if (gen_candidates(out, moduli_bits, start) != 0)
 		fatal("modulus candidate generation failed");
 #else /* WITH_OPENSSL */
 	fatal("Moduli generation is not supported");