Index: generic/gen_dh_params ================================================================== --- generic/gen_dh_params +++ generic/gen_dh_params @@ -11,33 +11,80 @@ bits="`echo "${arg}" | cut -f 2 -d =`" ;; esac done -openssl_dhparam() { +openssl_dhparam1() { if openssl dhparam -C "$@" | sed \ -e 's/^\(static \)*DH \*get_dh[0-9]*/static DH *get_dhParams/' \ -e '/^-----BEGIN DH PARAMETERS-----$/,/^-----END DH PARAMETERS-----$/ d;/^#/ d' then return 0 fi return 1 } + +# OpenSSL 3.0 openssl-dhparam has no "-C" option, so we emulate it here +openssl_dhparam3() { + if openssl dhparam -text 2048 | \ + sed -E -e '/^---/,/^---/d' \ + -e '/(DH|prime|generator)/d' \ + -e 's/([0-9a-h]{2})(:|$$)/0x\1, /g' \ + -e generateddh.txt + then + else + return 0 + fi + + + cat << \_EOF_ +/* + * OpenSSL no longer offers the "-C" option for its dhparam + * subcommand, so we keep our own C-code here... + */ + +static DH * get_dhParams(void) { + static unsigned char dhp_2048[] = { +#include "generateddh.txt" + }; + static unsigned char dhg_2048[] = { + 0x02 + }; + DH *dh = DH_new(); + BIGNUM *p, *g; + + if (dh == NULL) + return NULL; + p = BN_bin2bn(dhp_2048, sizeof(dhp_2048), NULL); + g = BN_bin2bn(dhg_2048, sizeof(dhg_2048), NULL); + if (p == NULL || g == NULL + || !DH_set0_pqg(dh, p, NULL, g)) { + DH_free(dh); + BN_free(p); + BN_free(g); + return NULL; + } + return dh; +} +_EOF_ + + return 0 +} gen_dh_params_openssl() { - openssl_dhparam "${bits}" < /dev/null || return 1 + openssl_dhparam3 "${bits}" < /dev/null || return 1 return 0 } gen_dh_params_remote() { url="https://2ton.com.au/dhparam/${bits}" r_input="`curl -sS "${url}"`" || \ r_input="`wget -O - -o /dev/null "${url}"`" || return 1 - if r_output="`echo "${r_input}" | openssl_dhparam`"; then + if r_output="`echo "${r_input}" | openssl_dhparam1`"; then echo "${r_output}" return 0 fi @@ -44,10 +91,12 @@ return 1 } gen_dh_params_fallback() { cat << \_EOF_ +#include +#include DH *get_dhParams(void) { static unsigned char dhp[] = { _EOF_ case "${bits}" in 2048) @@ -268,13 +317,13 @@ echo "** Generating DH Primes. **" >&2 echo "** This will take a while. **" >&2 echo "*****************************" >&2 echo "Use OpenSSL" >&2 gen_dh_params_openssl && exit 0 -echo "Use Remote" >&2 -gen_dh_params_remote && exit 0 +#echo "Use Remote" >&2 +#gen_dh_params_remote && exit 0 echo "Use fallback" >&2 gen_dh_params_fallback && exit 0 echo "Unable to generate parameters for DH of ${bits} bits" >&2 exit 1