1 files changed, 160 insertions, 0 deletions
diff --git a/utils/make-openssl.sh b/utils/make-openssl.sh
new file mode 100755
index 0000000..931406a
--- /dev/null
+++ b/utils/make-openssl.sh
@@ -0,0 +1,160 @@
+#!/usr/bin/env bash
+#
+# This script compiles the "bad openssl" version, 1.0.2 supporting legacy
+# cryptography for Linux, FreeBSD and Darwin.
+#
+# License GPLv2, see ../LICENSE
+
+
+STDOPTIONS="--prefix=/usr/ -DOPENSSL_USE_BUILD_DATE enable-zlib \
+enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc5 enable-rc2 \
+enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
+enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake"
+
+
+error() {
+     tput bold
+     echo "### ERROR $1 ###"
+     tput sgr0
+     exit 2
+}
+
+clean() {
+     case $NOCLEAN in
+          yes|Y|YES) ;;
+          *)
+          if [ -e "Makefile" ]; then
+              make clean
+              [ $? -ne 0 ] && error "no openssl directory"
+          fi
+		;;
+     esac
+     return 0
+}
+
+makeall() {
+     make depend || error "depend"
+     make || error "making"
+     make report || error "testing/make report"
+     #FIXME: we need another error handler, as of now a failure doesn't mean a return status of != 0
+     # see https://github.com/openssl/openssl/pull/336
+     return 0
+}
+
+copyfiles() {
+     local ret
+     local target=../openssl.$(uname).$(uname -m).$1
+
+     echo; apps/openssl version -a; echo
+     if [ -e "$target" ]; then
+		case $(uname) in
+          	*BSD|*Darwin)
+               	mv $target $target-$(stat -f "%Sm" -t "%Y-%m-%d %H:%M" "$target" | sed -e 's/ .*$//' -e 's/-//g')
+				;;
+			*) mv $target $target-$(stat -c %y $target | awk '{ print $1 }' | sed -e 's/ .*$//' -e 's/-//g') ;;
+		esac
+     fi
+     cp -pf apps/openssl ../openssl.$(uname).$(uname -m).$1
+     ret=$?
+     echo
+     ls -l apps/openssl ../openssl.$(uname).$(uname -m).$1
+     return $ret
+}
+
+testv6_patch() {
+     if grep -q 'ending bracket for IPv6' apps/s_socket.c; then
+          STDOPTIONS="$STDOPTIONS -DOPENSSL_USE_IPV6"
+          echo "detected IPv6 patch thus compiling in IPv6 support"
+		echo
+     else
+          echo
+          echo "no IPv6 patch (Fedora) detected!!  -- Press ^C and dl & apply from"
+          echo "https://github.com/drwetter/testssl.sh/blob/master/bin/fedora-dirk-ipv6.diff"
+          echo "or press any key to ignore"
+          echo
+          read a
+     fi
+}
+
+
+
+echo
+echo "###################################################################"
+echo "#######   Build script for Peter Mosmans openssl fork       #######"
+echo "####### which contains all broken and all advanced features #######"
+echo "###################################################################"
+echo
+
+testv6_patch
+
+if [ "$1" = krb ]; then
+	name2add=krb
+else
+	if [ $(uname) != "Darwin" ]; then
+		name2add=static
+	else
+		name2add=dynamic
+	fi
+fi
+
+echo "doing a build for $(uname).$(uname -m)".$name2add
+echo
+sleep 3
+
+
+case $(uname) in
+     Linux|FreeBSD)
+		openssldir_option='--openssldir=/etc/ssl'
+		case $(uname -m) in
+         		i686|armv7l) clean
+				if [ "$1" = krb ]; then
+					./config $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
+				else
+					./config $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 -static
+				fi
+				[ $? -ne 0 ] && error "configuring"
+				;;
+			x86_64|amd64) clean
+               	if [ "$1" = krb ]; then
+					./config $openssldir_option $STDOPTIONS enable-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
+				else
+					./config $openssldir_option $STDOPTIONS enable-ec_nistp_64_gcc_128 -static
+				fi
+				[ $? -ne 0 ] && error "configuring"
+				;;
+			*) echo " Sorry, don't know this architecture $(uname -m)"
+               	exit 1
+               	;;
+         esac
+         ;;
+     Darwin)
+		openssldir_option='--openssldir=/private/etc/ssl/'
+		case $(uname -m) in
+			# No Kerberos (yet?) for Darwin. Static doesn't work for Darwin (#1204)
+			x86_64) clean || echo "nothing to clean"
+				./Configure $openssldir_option  $STDOPTIONS enable-ec_nistp_64_gcc_128 darwin64-x86_64-cc
+				[ $? -ne 0 ] && error "configuring"
+          		;;
+			i386) clean || echo "nothing to clean"
+				./config  $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 darwin64-x86_64-cc
+				[ $? -ne 0 ] && error "configuring"
+				;;
+		esac
+		;;
+	*) echo " Sorry, don't know this OS $(uname)"
+	;;
+esac
+
+
+makeall && copyfiles "$name2add"
+[ $? -ne 0 ] && error "copying files"
+echo
+echo "(w/o 4 GOST ciphers): $(apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l)"
+echo
+echo "------------ all ok ------------"
+echo
+
+
+#  vim:ts=5:sw=5:expandtab
+#  $Id: make-openssl.sh,v 1.20 2019/02/22 09:07:07 dirkw Exp $
+