9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
-
+
+
+
|
;;
bits=*)
bits="`echo "${arg}" | cut -f 2 -d =`"
;;
esac
done
openssl_dhparam() {
if openssl dhparam -C "$@" | sed \
openssl_dhparam1() {
dir=''
if [ -n "${OPENSSL}" ]; then
dir="${OPENSSL}/"
fi
if ${dir}openssl dhparam -C "$@" | sed \
-e 's/^\(static \)*DH \*get_dh[0-9]*/static DH *get_dhParams/' \
-e '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d'
then
return 0
fi
return 1
}
# OpenSSL 3.0 openssl-dhparam has no "-C" option, so we emulate it here
openssl_dhparam3() {
dir=''
if [ -n "${OPENSSL}" ]; then
dir="${OPENSSL}/"
fi
cat << \_EOF_
#include <openssl/dh.h>
#include <openssl/bn.h>
static DH *get_dhParams(void) {
static unsigned char dhp[] = {
_EOF_
if ${dir}openssl dhparam -text "$@" | \
sed -E -e '/^---/,/^---/d' \
-e '/(DH|prime|generator|P|G|recommended)/d' \
-e 's/([0-9a-h]{2})(:|$$)/0x\1, /g'
then
break
else
return 1
fi
cat << \_EOF_
};
static unsigned char dhg[] = {
0x02,
};
DH *dh = DH_new();;
BIGNUM *p, *g;
if (dh == NULL) {
return NULL;
}
p = BN_bin2bn(dhp, sizeof (dhp), NULL);
g = BN_bin2bn(dhg, sizeof (dhg), NULL);
if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) {
DH_free(dh);
BN_free(p);
BN_free(g);
return(NULL);
}
return dh;
}
_EOF_
return 0
}
gen_dh_params_openssl() {
openssl_dhparam "${bits}" < /dev/null || return 1
openssl_dhparam3 "${bits}" < /dev/null || return 1
return 0
}
gen_dh_params_remote() {
url="https://2ton.com.au/dhparam/${bits}"
r_input="`curl -sS "${url}"`" || \
r_input="`wget -O - -o /dev/null "${url}"`" || return 1
if r_output="`echo "${r_input}" | openssl_dhparam`"; then
if r_output="`echo "${r_input}" | openssl_dhparam1`"; then
echo "${r_output}"
return 0
fi
return 1
}
gen_dh_params_fallback() {
cat << \_EOF_
#include <openssl/dh.h>
#include <openssl/bn.h>
DH *get_dhParams(void) {
static unsigned char dhp[] = {
_EOF_
case "${bits}" in
2048)
cat << \_EOF_
0xC1,0x51,0x58,0x69,0xFB,0xE8,0x6C,0x47,0x2B,0x86,0x61,0x4F,
|
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
|
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
-
-
-
-
-
-
-
|
if (dh == NULL) {
return NULL;
}
dhp_bn = BN_bin2bn(dhp, sizeof (dhp), NULL);
dhg_bn = BN_bin2bn(dhg, sizeof (dhg), NULL);
#ifdef TCLTLS_OPENSSL_PRE_1_1_API
dh->p = dhp_bn;
dh->g = dhg_bn;
if (dhp_bn == NULL || dhg_bn == NULL) {
#else
#endif
|
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
|
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
|
-
-
+
+
|
echo "*****************************" >&2
echo "** Generating DH Primes. **" >&2
echo "** This will take a while. **" >&2
echo "*****************************" >&2
echo "Use OpenSSL" >&2
gen_dh_params_openssl && exit 0
echo "Use Remote" >&2
gen_dh_params_remote && exit 0
#echo "Use Remote" >&2
#gen_dh_params_remote && exit 0
echo "Use fallback" >&2
gen_dh_params_fallback && exit 0
echo "Unable to generate parameters for DH of ${bits} bits" >&2
exit 1
|