diff mbox series

[ovs-dev,1/2] dhparams: Fix .c file generation with OpenSSL >= 3.0

Message ID bdc320080e1a73adaf949c153976c369ca67cd0f.1663852673.git.tredaelli@redhat.com
State Accepted
Commit 1a9482d53347de04be5ef1ac557cc0e33b5be1fb
Headers show
Series Remove deprecated OpenSSL functions on openssl 3.0 | expand

Checks

Context Check Description
ovsrobot/apply-robot success apply and check: success
ovsrobot/github-robot-_Build_and_Test success github build: passed
ovsrobot/intel-ovs-compilation success test: success

Commit Message

Timothy Redaelli Sept. 22, 2022, 1:40 p.m. UTC 
Since OpenSSL upstream commit 1696b8909bbe
("Remove -C from dhparam,dsaparam,ecparam") "openssl dhparam" doesn't
support -C anymore.

This commit changes generate-dhparams-c to generate dhparams.c by parsing
"openssl dhparam -in "$1" -text -noout" output directly.

The generated file won't be used on OpenSSL >= 3.0, but it's still
needed to be generated if OVS is built on OpenSSL < 3.0.

Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
---
 build-aux/generate-dhparams-c | 79 +++++++++++++++++++++++++++++++----
 1 file changed, 71 insertions(+), 8 deletions(-)
diff mbox series

Patch

diff --git a/build-aux/generate-dhparams-c b/build-aux/generate-dhparams-c
index 1884c99e1..a80db6207 100755
--- a/build-aux/generate-dhparams-c
+++ b/build-aux/generate-dhparams-c
@@ -1,5 +1,74 @@ 
 #! /bin/sh -e
 
+dhparam_to_c() {
+    local bits
+    local get_p=0
+    local line
+    local nl="
+"
+    local p
+    local i=0
+    while read -r line; do
+        case "$line" in
+            *"DH Parameters: "*)
+                bits=${line#*DH Parameters: (}
+                bits=${bits% bit)}
+                continue
+                ;;
+            "P:"|"prime:")
+                get_p=1
+                continue
+                ;;
+            "G: "*|"generator: "*)
+                g=${line#*(}
+                g=${g%)}
+                g=$(printf "0x%.2X" "$g")
+                continue
+                ;;
+        esac
+        if [ "$get_p" = 1 ]; then
+            IFS=":"
+            for x in $line; do
+                [ -z "$p" ] && [ "$x" = "00" ] && continue
+                [ $i -ge 10 ] && i=0
+                [ $i -eq 0 ] && p="$p$nl       "
+                x=0x$x
+                p=$(printf "%s 0x%.2X," "$p" "$x")
+                i=$((i + 1))
+            done
+            unset IFS
+        fi
+    done <<EOF
+$(openssl dhparam -in "$1" -text -noout)
+EOF
+    p=${p%,}
+    cat <<EOF
+DH *get_dh${bits}(void)
+{
+    static unsigned char dhp_${bits}[] = {$p
+    };
+    static unsigned char dhg_${bits}[] = {
+        $g
+    };
+    DH *dh = DH_new();
+    BIGNUM *p, *g;
+
+    if (dh == NULL)
+        return NULL;
+    p = BN_bin2bn(dhp_${bits}, sizeof(dhp_${bits}), NULL);
+    g = BN_bin2bn(dhg_${bits}, sizeof(dhg_${bits}), NULL);
+    if (p == NULL || g == NULL
+            || !my_DH_set0_pqg(dh, p, NULL, g)) {
+        DH_free(dh);
+        BN_free(p);
+        BN_free(g);
+        return NULL;
+    }
+    return dh;
+}
+EOF
+}
+
 cat <<'EOF'
 /* Generated automatically; do not modify!     -*- buffer-read-only: t -*-
  *
@@ -22,11 +91,5 @@  my_DH_set0_pqg(DH *dh, BIGNUM *p, const BIGNUM **q OVS_UNUSED, BIGNUM *g)
 #endif
 }
 EOF
-(openssl dhparam -C -in lib/dh2048.pem -noout &&
-openssl dhparam -C -in lib/dh4096.pem -noout) | sed '
-    s/^static DH/DH/
-    s/\(get_dh[0-9]*\)()/\1(void)/
-    s/\(DH_set0_pqg\)/my_\1/
-    s/[ 	]*$//
-    s/	/        /g
-'
+dhparam_to_c lib/dh2048.pem
+dhparam_to_c lib/dh4096.pem