From 1a9482d53347de04be5ef1ac557cc0e33b5be1fb Mon Sep 17 00:00:00 2001
From: Timothy Redaelli <tredaelli@redhat.com>
Date: Thu, 22 Sep 2022 15:40:32 +0200
Subject: dhparams: Fix .c file generation with OpenSSL >= 3.0.

Since OpenSSL upstream commit 1696b8909bbe
("Remove -C from dhparam,dsaparam,ecparam") "openssl dhparam" doesn't
support -C anymore.

This commit changes generate-dhparams-c to generate dhparams.c by parsing
"openssl dhparam -in "$1" -text -noout" output directly.

The generated file won't be used on OpenSSL >= 3.0, but it's still
needed to be generated if OVS is built on OpenSSL < 3.0.

Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
 build-aux/generate-dhparams-c | 79 ++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 71 insertions(+), 8 deletions(-)

diff --git a/build-aux/generate-dhparams-c b/build-aux/generate-dhparams-c
index 1884c99e1..a80db6207 100755
--- a/build-aux/generate-dhparams-c
+++ b/build-aux/generate-dhparams-c
@@ -1,5 +1,74 @@
 #! /bin/sh -e
 
+dhparam_to_c() {
+    local bits
+    local get_p=0
+    local line
+    local nl="
+"
+    local p
+    local i=0
+    while read -r line; do
+        case "$line" in
+            *"DH Parameters: "*)
+                bits=${line#*DH Parameters: (}
+                bits=${bits% bit)}
+                continue
+                ;;
+            "P:"|"prime:")
+                get_p=1
+                continue
+                ;;
+            "G: "*|"generator: "*)
+                g=${line#*(}
+                g=${g%)}
+                g=$(printf "0x%.2X" "$g")
+                continue
+                ;;
+        esac
+        if [ "$get_p" = 1 ]; then
+            IFS=":"
+            for x in $line; do
+                [ -z "$p" ] && [ "$x" = "00" ] && continue
+                [ $i -ge 10 ] && i=0
+                [ $i -eq 0 ] && p="$p$nl       "
+                x=0x$x
+                p=$(printf "%s 0x%.2X," "$p" "$x")
+                i=$((i + 1))
+            done
+            unset IFS
+        fi
+    done <<EOF
+$(openssl dhparam -in "$1" -text -noout)
+EOF
+    p=${p%,}
+    cat <<EOF
+DH *get_dh${bits}(void)
+{
+    static unsigned char dhp_${bits}[] = {$p
+    };
+    static unsigned char dhg_${bits}[] = {
+        $g
+    };
+    DH *dh = DH_new();
+    BIGNUM *p, *g;
+
+    if (dh == NULL)
+        return NULL;
+    p = BN_bin2bn(dhp_${bits}, sizeof(dhp_${bits}), NULL);
+    g = BN_bin2bn(dhg_${bits}, sizeof(dhg_${bits}), NULL);
+    if (p == NULL || g == NULL
+            || !my_DH_set0_pqg(dh, p, NULL, g)) {
+        DH_free(dh);
+        BN_free(p);
+        BN_free(g);
+        return NULL;
+    }
+    return dh;
+}
+EOF
+}
+
 cat <<'EOF'
 /* Generated automatically; do not modify!     -*- buffer-read-only: t -*-
  *
@@ -22,11 +91,5 @@ my_DH_set0_pqg(DH *dh, BIGNUM *p, const BIGNUM **q OVS_UNUSED, BIGNUM *g)
 #endif
 }
 EOF
-(openssl dhparam -C -in lib/dh2048.pem -noout &&
-openssl dhparam -C -in lib/dh4096.pem -noout) | sed '
-    s/^static DH/DH/
-    s/\(get_dh[0-9]*\)()/\1(void)/
-    s/\(DH_set0_pqg\)/my_\1/
-    s/[ 	]*$//
-    s/	/        /g
-'
+dhparam_to_c lib/dh2048.pem
+dhparam_to_c lib/dh4096.pem
-- 
cgit v1.2.1