openvswitch: add openssl-1.1 compatibility

Do not call library initialization when compiling with openssl 1.1. The package generates the C source files for its DH parameters at compile time using the host installed openssl. This patch adds a DH source, using the same parameters, compatible with openssl 1.0 and 1.1. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-06-06 08:50:21 -03:00 · 2018-06-06 08:50:21 -03:00 · 10345fbba5
parent f837e8c4c7
commit 10345fbba5
3 changed files with 340 additions and 1 deletions
--- a/net/openvswitch/Makefile
+++ b/net/openvswitch/Makefile
@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=openvswitch
 PKG_VERSION:=2.9.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.openvswitch.org/releases/
 PKG_HASH:=90f084dc282fdb588a2cfff351fea359492f69600f1e4a1286e24e44901de113
--- a/net/openvswitch/patches/0105-removed-calls-to-API-deprecated-in-openssl-1.1.patch
+++ b/net/openvswitch/patches/0105-removed-calls-to-API-deprecated-in-openssl-1.1.patch
@ -0,0 +1,34 @@
+From bca4ff53aef16d38aeb1569edaaca6ac4feac6e8 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Tue, 5 Jun 2018 10:36:51 -0300
+Subject: [PATCH] Removed calls to AP deprecated in openssl 1.1
+
+In openssl 1.1, there is no need to initialize the library.  It is
+automatically done when first used.  This allows to compile openvswitch
+with openssl 1.1.0 with deprecated API disabled.
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Signed-off-by: Ben Pfaff <blp@ovn.org>
+---
+ lib/stream-ssl.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
+index ebb6f3a6c8..c7443470f5 100644
+--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
+@@ -947,12 +947,14 @@ do_ssl_init(void)
+ {
+     SSL_METHOD *method;
+ 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+ #ifdef _WIN32
+     /* The following call is needed if we "#include <openssl/applink.c>". */
+     CRYPTO_malloc_init();
+ #endif
+     SSL_library_init();
+     SSL_load_error_strings();
+#endif
+ 
+     if (!RAND_status()) {
+         /* We occasionally see OpenSSL fail to seed its random number generator
--- a/net/openvswitch/patches/0106-include-pre-generated-dhparams-c.patch
+++ b/net/openvswitch/patches/0106-include-pre-generated-dhparams-c.patch
@ -0,0 +1,305 @@
+From a513cb5fed8c4f63d60b6da12ae9f63a258a9e44 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Wed, 6 Jun 2018 08:20:35 -0300
+Subject: [PATCH] dhparams: Add pregenerated .c file to the repository.
+
+The version of dhparams.c generated by any given version of OpenSSL or
+LibreSSL might work only with that version of the library.  This can be
+inconvenient for cross-compiling if the "openssl" program on the build
+machine has a different version from the library on the host where OVS will
+run, since it could generate code that won't compile.
+
+This commit fixes the problem by generating dhparams.c that works on the
+currently important versions of OpenSSL and LibreSSL.
+
+Submitted-at: https://github.com/openvswitch/ovs/pull/235
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Signed-off-by: Ben Pfaff <blp@ovn.org>
+---
+ build-aux/automake.mk         |   1 +
+ build-aux/generate-dhparams-c |  31 +++++++
+ lib/automake.mk               |  17 ++--
+ lib/dhparams.c                | 192 ++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 233 insertions(+), 9 deletions(-)
+ create mode 100755 build-aux/generate-dhparams-c
+ create mode 100644 lib/dhparams.c
+
+diff --git a/build-aux/automake.mk b/build-aux/automake.mk
+index a1f2f856f..3a3b31ce1 100644
+--- a/build-aux/automake.mk
+++ b/build-aux/automake.mk
+@@ -4,6 +4,7 @@ EXTRA_DIST += \
+ 	build-aux/cksum-schema-check \
+ 	build-aux/dist-docs \
+ 	build-aux/dpdkstrip.py \
+	build-aux/generate-dhparams-c \
+ 	build-aux/sodepends.py \
+ 	build-aux/soexpand.py \
+ 	build-aux/text2c \
+diff --git a/build-aux/generate-dhparams-c b/build-aux/generate-dhparams-c
+new file mode 100755
+index 000000000..a75e1d5a7
+--- /dev/null
+++ b/build-aux/generate-dhparams-c
+@@ -0,0 +1,31 @@
+#! /bin/sh -e
+
+cat <<'EOF'
+/* Generated automatically; do not modify!     -*- buffer-read-only: t -*-
+ *
+ * If you do need to regenerate this file, run "make generate-dhparams-c". */
+
+#include <config.h>
+#include "lib/dhparams.h"
+#include "openvswitch/util.h"
+
+static int
+my_DH_set0_pqg(DH *dh, BIGNUM *p, const BIGNUM **q OVS_UNUSED, BIGNUM *g)
+{
+    ovs_assert(q == NULL);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+    dh->p = p;
+    dh->g = g;
+    return 1;
+#else
+    return DH_set0_pqg(dh, p, NULL, g);
+#endif
+}
+EOF
+(openssl dhparam -C -in lib/dh1024.pem -noout &&
+openssl dhparam -C -in lib/dh2048.pem -noout &&
+openssl dhparam -C -in lib/dh4096.pem -noout) | sed '
+    s/\(get_dh[0-9]*\)()/\1(void)/
+    s/\(DH_set0_pqg\)/my_\1/
+    s/[ 	]*$//
+'
+diff --git a/lib/automake.mk b/lib/automake.mk
+index fb781e847..3bec3fd56 100644
+--- a/lib/automake.mk
+++ b/lib/automake.mk
+@@ -450,15 +450,16 @@ lib_libopenvswitch_la_SOURCES += \
+ 	lib/route-table-bsd.c
+ endif
+ 
+.PHONY: generate-dhparams-c
+ if HAVE_OPENSSL
+-lib_libopenvswitch_la_SOURCES += lib/stream-ssl.c
+-nodist_lib_libopenvswitch_la_SOURCES += lib/dhparams.c
+-lib/dhparams.c: lib/dh1024.pem lib/dh2048.pem lib/dh4096.pem
+-	$(AM_V_GEN)(echo '#include "lib/dhparams.h"' &&                 \
+-	 openssl dhparam -C -in $(srcdir)/lib/dh1024.pem -noout &&	\
+-	 openssl dhparam -C -in $(srcdir)/lib/dh2048.pem -noout &&	\
+-	 openssl dhparam -C -in $(srcdir)/lib/dh4096.pem -noout)	\
+-	| sed 's/\(get_dh[0-9]*\)()/\1(void)/' > lib/dhparams.c.tmp &&  \
+lib_libopenvswitch_la_SOURCES += lib/stream-ssl.c lib/dhparams.c
+
+# Manually regenerates lib/dhparams.c.  Not normally necessary since
+# lib/dhparams.c is part of the repository and doesn't normally need
+# updates.
+generate-dhparams-c:
+	$(AM_V_GEN)cd $(srcdir) && \
+	build-aux/generate-dhparams-c > lib/dhparams.c.tmp && \
+ 	mv lib/dhparams.c.tmp lib/dhparams.c
+ else
+ lib_libopenvswitch_la_SOURCES += lib/stream-nossl.c
+diff --git a/lib/dhparams.c b/lib/dhparams.c
+new file mode 100644
+index 000000000..c9c338bf1
+--- /dev/null
+++ b/lib/dhparams.c
+@@ -0,0 +1,192 @@
+/* Generated automatically; do not modify!     -*- buffer-read-only: t -*-
+ *
+ * If you do need to regenerate this file, run "make generate-dhparams-c". */
+
+#include <config.h>
+#include "lib/dhparams.h"
+#include "openvswitch/util.h"
+
+static int
+my_DH_set0_pqg(DH *dh, BIGNUM *p, const BIGNUM **q OVS_UNUSED, BIGNUM *g)
+{
+    ovs_assert(q == NULL);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
+    dh->p = p;
+    dh->g = g;
+    return 1;
+#else
+    return DH_set0_pqg(dh, p, NULL, g);
+#endif
+}
+#ifndef HEADER_DH_H
+# include <openssl/dh.h>
+#endif
+
+DH *get_dh1024(void)
+{
+    static unsigned char dhp_1024[] = {
+	0xF4, 0x88, 0xFD, 0x58, 0x4E, 0x49, 0xDB, 0xCD, 0x20, 0xB4,
+	0x9D, 0xE4, 0x91, 0x07, 0x36, 0x6B, 0x33, 0x6C, 0x38, 0x0D,
+	0x45, 0x1D, 0x0F, 0x7C, 0x88, 0xB3, 0x1C, 0x7C, 0x5B, 0x2D,
+	0x8E, 0xF6, 0xF3, 0xC9, 0x23, 0xC0, 0x43, 0xF0, 0xA5, 0x5B,
+	0x18, 0x8D, 0x8E, 0xBB, 0x55, 0x8C, 0xB8, 0x5D, 0x38, 0xD3,
+	0x34, 0xFD, 0x7C, 0x17, 0x57, 0x43, 0xA3, 0x1D, 0x18, 0x6C,
+	0xDE, 0x33, 0x21, 0x2C, 0xB5, 0x2A, 0xFF, 0x3C, 0xE1, 0xB1,
+	0x29, 0x40, 0x18, 0x11, 0x8D, 0x7C, 0x84, 0xA7, 0x0A, 0x72,
+	0xD6, 0x86, 0xC4, 0x03, 0x19, 0xC8, 0x07, 0x29, 0x7A, 0xCA,
+	0x95, 0x0C, 0xD9, 0x96, 0x9F, 0xAB, 0xD0, 0x0A, 0x50, 0x9B,
+	0x02, 0x46, 0xD3, 0x08, 0x3D, 0x66, 0xA4, 0x5D, 0x41, 0x9F,
+	0x9C, 0x7C, 0xBD, 0x89, 0x4B, 0x22, 0x19, 0x26, 0xBA, 0xAB,
+	0xA2, 0x5E, 0xC3, 0x55, 0xE9, 0x2F, 0x78, 0xC7
+    };
+    static unsigned char dhg_1024[] = {
+	0x02
+    };
+    DH *dh = DH_new();
+    BIGNUM *dhp_bn, *dhg_bn;
+
+    if (dh == NULL)
+        return NULL;
+    dhp_bn = BN_bin2bn(dhp_1024, sizeof (dhp_1024), NULL);
+    dhg_bn = BN_bin2bn(dhg_1024, sizeof (dhg_1024), NULL);
+    if (dhp_bn == NULL || dhg_bn == NULL
+            || !my_DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+        DH_free(dh);
+        BN_free(dhp_bn);
+        BN_free(dhg_bn);
+        return NULL;
+    }
+    return dh;
+}
+#ifndef HEADER_DH_H
+# include <openssl/dh.h>
+#endif
+
+DH *get_dh2048(void)
+{
+    static unsigned char dhp_2048[] = {
+	0xF6, 0x42, 0x57, 0xB7, 0x08, 0x7F, 0x08, 0x17, 0x72, 0xA2,
+	0xBA, 0xD6, 0xA9, 0x42, 0xF3, 0x05, 0xE8, 0xF9, 0x53, 0x11,
+	0x39, 0x4F, 0xB6, 0xF1, 0x6E, 0xB9, 0x4B, 0x38, 0x20, 0xDA,
+	0x01, 0xA7, 0x56, 0xA3, 0x14, 0xE9, 0x8F, 0x40, 0x55, 0xF3,
+	0xD0, 0x07, 0xC6, 0xCB, 0x43, 0xA9, 0x94, 0xAD, 0xF7, 0x4C,
+	0x64, 0x86, 0x49, 0xF8, 0x0C, 0x83, 0xBD, 0x65, 0xE9, 0x17,
+	0xD4, 0xA1, 0xD3, 0x50, 0xF8, 0xF5, 0x59, 0x5F, 0xDC, 0x76,
+	0x52, 0x4F, 0x3D, 0x3D, 0x8D, 0xDB, 0xCE, 0x99, 0xE1, 0x57,
+	0x92, 0x59, 0xCD, 0xFD, 0xB8, 0xAE, 0x74, 0x4F, 0xC5, 0xFC,
+	0x76, 0xBC, 0x83, 0xC5, 0x47, 0x30, 0x61, 0xCE, 0x7C, 0xC9,
+	0x66, 0xFF, 0x15, 0xF9, 0xBB, 0xFD, 0x91, 0x5E, 0xC7, 0x01,
+	0xAA, 0xD3, 0x5B, 0x9E, 0x8D, 0xA0, 0xA5, 0x72, 0x3A, 0xD4,
+	0x1A, 0xF0, 0xBF, 0x46, 0x00, 0x58, 0x2B, 0xE5, 0xF4, 0x88,
+	0xFD, 0x58, 0x4E, 0x49, 0xDB, 0xCD, 0x20, 0xB4, 0x9D, 0xE4,
+	0x91, 0x07, 0x36, 0x6B, 0x33, 0x6C, 0x38, 0x0D, 0x45, 0x1D,
+	0x0F, 0x7C, 0x88, 0xB3, 0x1C, 0x7C, 0x5B, 0x2D, 0x8E, 0xF6,
+	0xF3, 0xC9, 0x23, 0xC0, 0x43, 0xF0, 0xA5, 0x5B, 0x18, 0x8D,
+	0x8E, 0xBB, 0x55, 0x8C, 0xB8, 0x5D, 0x38, 0xD3, 0x34, 0xFD,
+	0x7C, 0x17, 0x57, 0x43, 0xA3, 0x1D, 0x18, 0x6C, 0xDE, 0x33,
+	0x21, 0x2C, 0xB5, 0x2A, 0xFF, 0x3C, 0xE1, 0xB1, 0x29, 0x40,
+	0x18, 0x11, 0x8D, 0x7C, 0x84, 0xA7, 0x0A, 0x72, 0xD6, 0x86,
+	0xC4, 0x03, 0x19, 0xC8, 0x07, 0x29, 0x7A, 0xCA, 0x95, 0x0C,
+	0xD9, 0x96, 0x9F, 0xAB, 0xD0, 0x0A, 0x50, 0x9B, 0x02, 0x46,
+	0xD3, 0x08, 0x3D, 0x66, 0xA4, 0x5D, 0x41, 0x9F, 0x9C, 0x7C,
+	0xBD, 0x89, 0x4B, 0x22, 0x19, 0x26, 0xBA, 0xAB, 0xA2, 0x5E,
+	0xC3, 0x55, 0xE9, 0x32, 0x0B, 0x3B
+    };
+    static unsigned char dhg_2048[] = {
+	0x02
+    };
+    DH *dh = DH_new();
+    BIGNUM *dhp_bn, *dhg_bn;
+
+    if (dh == NULL)
+        return NULL;
+    dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
+    dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
+    if (dhp_bn == NULL || dhg_bn == NULL
+            || !my_DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+        DH_free(dh);
+        BN_free(dhp_bn);
+        BN_free(dhg_bn);
+        return NULL;
+    }
+    return dh;
+}
+#ifndef HEADER_DH_H
+# include <openssl/dh.h>
+#endif
+
+DH *get_dh4096(void)
+{
+    static unsigned char dhp_4096[] = {
+	0xFA, 0x14, 0x72, 0x52, 0xC1, 0x4D, 0xE1, 0x5A, 0x49, 0xD4,
+	0xEF, 0x09, 0x2D, 0xC0, 0xA8, 0xFD, 0x55, 0xAB, 0xD7, 0xD9,
+	0x37, 0x04, 0x28, 0x09, 0xE2, 0xE9, 0x3E, 0x77, 0xE2, 0xA1,
+	0x7A, 0x18, 0xDD, 0x46, 0xA3, 0x43, 0x37, 0x23, 0x90, 0x97,
+	0xF3, 0x0E, 0xC9, 0x03, 0x50, 0x7D, 0x65, 0xCF, 0x78, 0x62,
+	0xA6, 0x3A, 0x62, 0x22, 0x83, 0xA1, 0x2F, 0xFE, 0x79, 0xBA,
+	0x35, 0xFF, 0x59, 0xD8, 0x1D, 0x61, 0xDD, 0x1E, 0x21, 0x13,
+	0x17, 0xFE, 0xCD, 0x38, 0x87, 0x9E, 0xF5, 0x4F, 0x79, 0x10,
+	0x61, 0x8D, 0xD4, 0x22, 0xF3, 0x5A, 0xED, 0x5D, 0xEA, 0x21,
+	0xE9, 0x33, 0x6B, 0x48, 0x12, 0x0A, 0x20, 0x77, 0xD4, 0x25,
+	0x60, 0x61, 0xDE, 0xF6, 0xB4, 0x4F, 0x1C, 0x63, 0x40, 0x8B,
+	0x3A, 0x21, 0x93, 0x8B, 0x79, 0x53, 0x51, 0x2C, 0xCA, 0xB3,
+	0x7B, 0x29, 0x56, 0xA8, 0xC7, 0xF8, 0xF4, 0x7B, 0x08, 0x5E,
+	0xA6, 0xDC, 0xA2, 0x45, 0x12, 0x56, 0xDD, 0x41, 0x92, 0xF2,
+	0xDD, 0x5B, 0x8F, 0x23, 0xF0, 0xF3, 0xEF, 0xE4, 0x3B, 0x0A,
+	0x44, 0xDD, 0xED, 0x96, 0x84, 0xF1, 0xA8, 0x32, 0x46, 0xA3,
+	0xDB, 0x4A, 0xBE, 0x3D, 0x45, 0xBA, 0x4E, 0xF8, 0x03, 0xE5,
+	0xDD, 0x6B, 0x59, 0x0D, 0x84, 0x1E, 0xCA, 0x16, 0x5A, 0x8C,
+	0xC8, 0xDF, 0x7C, 0x54, 0x44, 0xC4, 0x27, 0xA7, 0x3B, 0x2A,
+	0x97, 0xCE, 0xA3, 0x7D, 0x26, 0x9C, 0xAD, 0xF4, 0xC2, 0xAC,
+	0x37, 0x4B, 0xC3, 0xAD, 0x68, 0x84, 0x7F, 0x99, 0xA6, 0x17,
+	0xEF, 0x6B, 0x46, 0x3A, 0x7A, 0x36, 0x7A, 0x11, 0x43, 0x92,
+	0xAD, 0xE9, 0x9C, 0xFB, 0x44, 0x6C, 0x3D, 0x82, 0x49, 0xCC,
+	0x5C, 0x6A, 0x52, 0x42, 0xF8, 0x42, 0xFB, 0x44, 0xF9, 0x39,
+	0x73, 0xFB, 0x60, 0x79, 0x3B, 0xC2, 0x9E, 0x0B, 0xDC, 0xD4,
+	0xA6, 0x67, 0xF7, 0x66, 0x3F, 0xFC, 0x42, 0x3B, 0x1B, 0xDB,
+	0x4F, 0x66, 0xDC, 0xA5, 0x8F, 0x66, 0xF9, 0xEA, 0xC1, 0xED,
+	0x31, 0xFB, 0x48, 0xA1, 0x82, 0x7D, 0xF8, 0xE0, 0xCC, 0xB1,
+	0xC7, 0x03, 0xE4, 0xF8, 0xB3, 0xFE, 0xB7, 0xA3, 0x13, 0x73,
+	0xA6, 0x7B, 0xC1, 0x0E, 0x39, 0xC7, 0x94, 0x48, 0x26, 0x00,
+	0x85, 0x79, 0xFC, 0x6F, 0x7A, 0xAF, 0xC5, 0x52, 0x35, 0x75,
+	0xD7, 0x75, 0xA4, 0x40, 0xFA, 0x14, 0x74, 0x61, 0x16, 0xF2,
+	0xEB, 0x67, 0x11, 0x6F, 0x04, 0x43, 0x3D, 0x11, 0x14, 0x4C,
+	0xA7, 0x94, 0x2A, 0x39, 0xA1, 0xC9, 0x90, 0xCF, 0x83, 0xC6,
+	0xFF, 0x02, 0x8F, 0xA3, 0x2A, 0xAC, 0x26, 0xDF, 0x0B, 0x8B,
+	0xBE, 0x64, 0x4A, 0xF1, 0xA1, 0xDC, 0xEE, 0xBA, 0xC8, 0x03,
+	0x82, 0xF6, 0x62, 0x2C, 0x5D, 0xB6, 0xBB, 0x13, 0x19, 0x6E,
+	0x86, 0xC5, 0x5B, 0x2B, 0x5E, 0x3A, 0xF3, 0xB3, 0x28, 0x6B,
+	0x70, 0x71, 0x3A, 0x8E, 0xFF, 0x5C, 0x15, 0xE6, 0x02, 0xA4,
+	0xCE, 0xED, 0x59, 0x56, 0xCC, 0x15, 0x51, 0x07, 0x79, 0x1A,
+	0x0F, 0x25, 0x26, 0x27, 0x30, 0xA9, 0x15, 0xB2, 0xC8, 0xD4,
+	0x5C, 0xCC, 0x30, 0xE8, 0x1B, 0xD8, 0xD5, 0x0F, 0x19, 0xA8,
+	0x80, 0xA4, 0xC7, 0x01, 0xAA, 0x8B, 0xBA, 0x53, 0xBB, 0x47,
+	0xC2, 0x1F, 0x6B, 0x54, 0xB0, 0x17, 0x60, 0xED, 0x79, 0x21,
+	0x95, 0xB6, 0x05, 0x84, 0x37, 0xC8, 0x03, 0xA4, 0xDD, 0xD1,
+	0x06, 0x69, 0x8F, 0x4C, 0x39, 0xE0, 0xC8, 0x5D, 0x83, 0x1D,
+	0xBE, 0x6A, 0x9A, 0x99, 0xF3, 0x9F, 0x0B, 0x45, 0x29, 0xD4,
+	0xCB, 0x29, 0x66, 0xEE, 0x1E, 0x7E, 0x3D, 0xD7, 0x13, 0x4E,
+	0xDB, 0x90, 0x90, 0x58, 0xCB, 0x5E, 0x9B, 0xCD, 0x2E, 0x2B,
+	0x0F, 0xA9, 0x4E, 0x78, 0xAC, 0x05, 0x11, 0x7F, 0xE3, 0x9E,
+	0x27, 0xD4, 0x99, 0xE1, 0xB9, 0xBD, 0x78, 0xE1, 0x84, 0x41,
+	0xA0, 0xDF
+    };
+    static unsigned char dhg_4096[] = {
+	0x02
+    };
+    DH *dh = DH_new();
+    BIGNUM *dhp_bn, *dhg_bn;
+
+    if (dh == NULL)
+        return NULL;
+    dhp_bn = BN_bin2bn(dhp_4096, sizeof (dhp_4096), NULL);
+    dhg_bn = BN_bin2bn(dhg_4096, sizeof (dhg_4096), NULL);
+    if (dhp_bn == NULL || dhg_bn == NULL
+            || !my_DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+        DH_free(dh);
+        BN_free(dhp_bn);
+        BN_free(dhg_bn);
+        return NULL;
+    }
+    return dh;
+}
+-- 
+2.16.4
+