mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-22 09:58:01 +00:00
Code Issues Releases Wiki Activity
ovs/build-aux/generate-dhparams-c

92 lines
2.1 KiB
Plaintext
Raw Normal View History

dhparams: Add pregenerated .c file to the repository. The version of dhparams.c generated by any given version of OpenSSL or LibreSSL might work only with that version of the library. This can be inconvenient for cross-compiling if the "openssl" program on the build machine has a different version from the library on the host where OVS will run, since it could generate code that won't compile. This commit fixes the problem by generating dhparams.c that works on the currently important versions of OpenSSL and LibreSSL. Submitted-at: https://github.com/openvswitch/ovs/pull/235 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-06-05 15:25:42 -07:00
#! /bin/sh -e
dhparams: Fix .c file generation with OpenSSL >= 3.0. Since OpenSSL upstream commit 1696b8909bbe ("Remove -C from dhparam,dsaparam,ecparam") "openssl dhparam" doesn't support -C anymore. This commit changes generate-dhparams-c to generate dhparams.c by parsing "openssl dhparam -in "$1" -text -noout" output directly. The generated file won't be used on OpenSSL >= 3.0, but it's still needed to be generated if OVS is built on OpenSSL < 3.0. Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2022-09-22 15:40:32 +02:00
dhparam_to_c() {
local bits
local get_p=0
local line
local nl="
"
local p
local i=0
while read -r line; do
case "$line" in
*"DH Parameters: "*)
bits=${line#*DH Parameters: (}
bits=${bits% bit)}
continue
;;
"P:"|"prime:")
get_p=1
continue
;;
"G: "*|"generator: "*)
g=${line#*(}
g=${g%)}
g=$(printf "0x%.2X" "$g")
continue
;;
esac
if [ "$get_p" = 1 ]; then
IFS=":"
for x in $line; do
[ -z "$p" ] && [ "$x" = "00" ] && continue
[ $i -ge 10 ] && i=0
[ $i -eq 0 ] && p="$p$nl "
x=0x$x
p=$(printf "%s 0x%.2X," "$p" "$x")
i=$((i + 1))
done
unset IFS
fi
done <<EOF
$(openssl dhparam -in "$1" -text -noout)
EOF
p=${p%,}
cat <<EOF
DH *get_dh${bits}(void)
{
static unsigned char dhp_${bits}[] = {$p
};
static unsigned char dhg_${bits}[] = {
$g
};
DH *dh = DH_new();
BIGNUM *p, *g;
if (dh == NULL)
return NULL;
p = BN_bin2bn(dhp_${bits}, sizeof(dhp_${bits}), NULL);
g = BN_bin2bn(dhg_${bits}, sizeof(dhg_${bits}), NULL);
if (p == NULL || g == NULL
|| !my_DH_set0_pqg(dh, p, NULL, g)) {
DH_free(dh);
BN_free(p);
BN_free(g);
return NULL;
}
return dh;
}
EOF
}
dhparams: Add pregenerated .c file to the repository. The version of dhparams.c generated by any given version of OpenSSL or LibreSSL might work only with that version of the library. This can be inconvenient for cross-compiling if the "openssl" program on the build machine has a different version from the library on the host where OVS will run, since it could generate code that won't compile. This commit fixes the problem by generating dhparams.c that works on the currently important versions of OpenSSL and LibreSSL. Submitted-at: https://github.com/openvswitch/ovs/pull/235 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-06-05 15:25:42 -07:00
cat <<'EOF'
/* Generated automatically; do not modify! -*- buffer-read-only: t -*-
*
* If you do need to regenerate this file, run "make generate-dhparams-c". */
#include <config.h>
#include "lib/dhparams.h"
#include "openvswitch/util.h"
Add support for OpenSSL 3.0 functions. In OpenSSL 3.0 some functions were deprecated and replaced. This commit adds some #ifdef to build without warning on both OpenSSL 1.x and OpenSSL 3.x. For OpenSSL 3.x, the default built-in DH parameters are used (as suggested by SSL_CTX_set_dh_auto manpage). Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2022-09-22 15:40:33 +02:00
#if OPENSSL_VERSION_NUMBER < 0x3000000fL
dhparams: Add pregenerated .c file to the repository. The version of dhparams.c generated by any given version of OpenSSL or LibreSSL might work only with that version of the library. This can be inconvenient for cross-compiling if the "openssl" program on the build machine has a different version from the library on the host where OVS will run, since it could generate code that won't compile. This commit fixes the problem by generating dhparams.c that works on the currently important versions of OpenSSL and LibreSSL. Submitted-at: https://github.com/openvswitch/ovs/pull/235 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
2018-06-05 15:25:42 -07:00
static int
my_DH_set0_pqg(DH *dh, BIGNUM *p, const BIGNUM **q OVS_UNUSED, BIGNUM *g)
{
ovs_assert(q == NULL);
return DH_set0_pqg(dh, p, NULL, g);
}
EOF
dhparams: Fix .c file generation with OpenSSL >= 3.0. Since OpenSSL upstream commit 1696b8909bbe ("Remove -C from dhparam,dsaparam,ecparam") "openssl dhparam" doesn't support -C anymore. This commit changes generate-dhparams-c to generate dhparams.c by parsing "openssl dhparam -in "$1" -text -noout" output directly. The generated file won't be used on OpenSSL >= 3.0, but it's still needed to be generated if OVS is built on OpenSSL < 3.0. Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2022-09-22 15:40:32 +02:00
dhparam_to_c lib/dh2048.pem
dhparam_to_c lib/dh4096.pem
Add support for OpenSSL 3.0 functions. In OpenSSL 3.0 some functions were deprecated and replaced. This commit adds some #ifdef to build without warning on both OpenSSL 1.x and OpenSSL 3.x. For OpenSSL 3.x, the default built-in DH parameters are used (as suggested by SSL_CTX_set_dh_auto manpage). Signed-off-by: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2022-09-22 15:40:33 +02:00
echo "#endif"
Reference in New Issue Copy Permalink