diff options
| author | Timothy Redaelli <tredaelli@redhat.com> | 2022-09-22 15:40:32 +0200 |
|---|---|---|
| committer | Ilya Maximets <i.maximets@ovn.org> | 2022-10-07 10:52:20 +0200 |
| commit | 1a9482d53347de04be5ef1ac557cc0e33b5be1fb (patch) | |
| tree | 61e77048e431edd885baf77a4bc009eaef4658aa | |
| parent | 6c47354069ef26a4e89fd3832e148ae86a57d44d (diff) | |
| download | openvswitch-1a9482d53347de04be5ef1ac557cc0e33b5be1fb.tar.gz | |
dhparams: Fix .c file generation with OpenSSL >= 3.0.
Since OpenSSL upstream commit 1696b8909bbe
("Remove -C from dhparam,dsaparam,ecparam") "openssl dhparam" doesn't
support -C anymore.
This commit changes generate-dhparams-c to generate dhparams.c by parsing
"openssl dhparam -in "$1" -text -noout" output directly.
The generated file won't be used on OpenSSL >= 3.0, but it's still
needed to be generated if OVS is built on OpenSSL < 3.0.
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
| -rwxr-xr-x | build-aux/generate-dhparams-c | 79 |
1 files changed, 71 insertions, 8 deletions
diff --git a/build-aux/generate-dhparams-c b/build-aux/generate-dhparams-c index 1884c99e1..a80db6207 100755 --- a/build-aux/generate-dhparams-c +++ b/build-aux/generate-dhparams-c @@ -1,5 +1,74 @@ #! /bin/sh -e +dhparam_to_c() { + local bits + local get_p=0 + local line + local nl=" +" + local p + local i=0 + while read -r line; do + case "$line" in + *"DH Parameters: "*) + bits=${line#*DH Parameters: (} + bits=${bits% bit)} + continue + ;; + "P:"|"prime:") + get_p=1 + continue + ;; + "G: "*|"generator: "*) + g=${line#*(} + g=${g%)} + g=$(printf "0x%.2X" "$g") + continue + ;; + esac + if [ "$get_p" = 1 ]; then + IFS=":" + for x in $line; do + [ -z "$p" ] && [ "$x" = "00" ] && continue + [ $i -ge 10 ] && i=0 + [ $i -eq 0 ] && p="$p$nl " + x=0x$x + p=$(printf "%s 0x%.2X," "$p" "$x") + i=$((i + 1)) + done + unset IFS + fi + done <<EOF +$(openssl dhparam -in "$1" -text -noout) +EOF + p=${p%,} + cat <<EOF +DH *get_dh${bits}(void) +{ + static unsigned char dhp_${bits}[] = {$p + }; + static unsigned char dhg_${bits}[] = { + $g + }; + DH *dh = DH_new(); + BIGNUM *p, *g; + + if (dh == NULL) + return NULL; + p = BN_bin2bn(dhp_${bits}, sizeof(dhp_${bits}), NULL); + g = BN_bin2bn(dhg_${bits}, sizeof(dhg_${bits}), NULL); + if (p == NULL || g == NULL + || !my_DH_set0_pqg(dh, p, NULL, g)) { + DH_free(dh); + BN_free(p); + BN_free(g); + return NULL; + } + return dh; +} +EOF +} + cat <<'EOF' /* Generated automatically; do not modify! -*- buffer-read-only: t -*- * @@ -22,11 +91,5 @@ my_DH_set0_pqg(DH *dh, BIGNUM *p, const BIGNUM **q OVS_UNUSED, BIGNUM *g) #endif } EOF -(openssl dhparam -C -in lib/dh2048.pem -noout && -openssl dhparam -C -in lib/dh4096.pem -noout) | sed ' - s/^static DH/DH/ - s/\(get_dh[0-9]*\)()/\1(void)/ - s/\(DH_set0_pqg\)/my_\1/ - s/[ ]*$// - s/ / /g -' +dhparam_to_c lib/dh2048.pem +dhparam_to_c lib/dh4096.pem |