#! /usr/bin/env sh
bits='2048'
openssl_dhparam() {
if [ -x "`which openssl 2>/dev/null`" ]; then
o_output="`openssl dhparam -C "$@" 2>/dev/null`" || return 1
o_output="`echo "${o_output}" | sed 's/get_dh[0-9]\+/get_dhParams/'`" || return 1
o_output="`echo "${o_output}" | sed '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d'`" || return 1
echo "${o_output}"
return 0
fi
return 1
}
gen_dh_params_openssl() {
openssl_dhparam "${bits}" < /dev/null || return 1
return 0
}
gen_dh_params_remote() {
url="https://2ton.com.au/dhparam/${bits}"
r_input="`curl -sS "${url}"`" || \
r_input="`wget -O - -o /dev/null "${url}"`" || return 1
if r_output="`echo "${r_input}" | openssl_dhparam`"; then
echo "${r_output}"
return 0
fi
return 1
}
gen_dh_params_fallback() {
if [ "${bits}" = '2048' ]; then
cat << \_EOF_
DH *get_dhParams(void) {
static unsigned char dhp_2048[] = {
0xC1,0x51,0x58,0x69,0xFB,0xE8,0x6C,0x47,0x2B,0x86,0x61,0x4F,
0x20,0x2E,0xD3,0xFC,0x19,0xEE,0xB8,0xF3,0x35,0x7D,0xBA,0x86,
0x2A,0xC3,0xC8,0x6E,0xF4,0x99,0x75,0x65,0xD3,0x7A,0x9E,0xDF,
0xD4,0x1F,0x88,0xE3,0x17,0xFC,0xA1,0xED,0xA2,0xB6,0x77,0x84,
0xAA,0x08,0xF2,0x97,0x59,0x7A,0xA0,0x03,0x0D,0x3E,0x7E,0x6D,
0x65,0x6A,0xA4,0xEA,0x54,0xA9,0x52,0x5F,0x63,0xB4,0xBC,0x98,
0x4E,0xF6,0xE1,0xA4,0xEE,0x16,0x0A,0xB0,0x01,0xBD,0x9F,0xA1,
0xE8,0x23,0x29,0x56,0x40,0x95,0x13,0xEB,0xCB,0xD5,0xFC,0x76,
0x1A,0x41,0x26,0xCE,0x20,0xEB,0x30,0x10,0x17,0x07,0xE1,0x8C,
0xAC,0x57,0x37,0x8B,0xE8,0x01,0xDE,0xA9,0xEF,0xA4,0xC2,0xA4,
0x6E,0x48,0x25,0x11,0x33,0x11,0xD4,0x52,0x79,0x87,0x9F,0x75,
0x61,0xF7,0x9C,0x7D,0x36,0x41,0xCB,0xEC,0x8F,0xEA,0x4A,0x47,
0x6A,0x36,0x37,0x75,0xB9,0x8E,0xF5,0x5F,0x67,0xCF,0x1F,0xD8,
0xCA,0x70,0x42,0xC7,0xA2,0xED,0x0F,0x7D,0xBE,0x43,0x08,0x28,
0x66,0x3D,0xDD,0x87,0x0D,0x61,0x6E,0xD0,0xE7,0x49,0xD1,0x70,
0xA9,0x4D,0xD5,0xFD,0xED,0xF2,0x6D,0x32,0x17,0x97,0x5B,0x06,
0x60,0x9C,0x5F,0xA3,0x5D,0x34,0x14,0x7E,0x63,0x54,0xE4,0x7E,
0x09,0x8F,0xBB,0x8E,0xA0,0xD0,0x96,0xAC,0x30,0x20,0x39,0x3B,
0x8C,0x92,0x65,0x37,0x0A,0x8F,0xEC,0x72,0x8B,0x61,0x7D,0x62,
0x24,0x54,0xE9,0x1D,0x01,0x68,0x89,0xC4,0x7B,0x3C,0x48,0x62,
0x9B,0x83,0x11,0x3A,0x0B,0x0D,0xEF,0x5A,0xE4,0x7A,0xA0,0x69,
0xF4,0x54,0xB5,0x5B,
};
static unsigned char dhg_2048[] = {
0x02,
};
DH *dh = DH_new();;
BIGNUM *dhp_bn, *dhg_bn;
if (dh == NULL) {
return NULL;
}
dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
#ifdef TCLTLS_OPENSSL_PRE_1_1_API
dh->p = dhp_bn;
dh->g = dhg_bn;
if (dhp_bn == NULL || dhg_bn == NULL) {
#else
if (dhp_bn == NULL || dhg_bn == NULL || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
#endif
DH_free(dh);
BN_free(dhp_bn);
BN_free(dhg_bn);
return(NULL);
}
return(dh);
}
_EOF_
return 0
fi
return 1
}
# Enable support for giving the same DH params each time
if [ "$1" = 'fallback' ]; then
gen_dh_params_fallback && exit 0
echo "Unable to generate fallback parameters for DH of ${bits} bits" >&2
exit 1
fi
echo "*****************************" >&2
echo "** Generating DH Primes. **" >&2
echo "** This will take a while. **" >&2
echo "*****************************" >&2
gen_dh_params_openssl && exit 0
gen_dh_params_remote && exit 0
gen_dh_params_fallback && exit 0
echo "Unable to generate parameters for DH of ${bits} bits" >&2
exit 1