blob: 931406a2581c434fa7effbe297e099c5a8eef8ab (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
#!/usr/bin/env bash
#
# This script compiles the "bad openssl" version, 1.0.2 supporting legacy
# cryptography for Linux, FreeBSD and Darwin.
#
# License GPLv2, see ../LICENSE
STDOPTIONS="--prefix=/usr/ -DOPENSSL_USE_BUILD_DATE enable-zlib \
enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc5 enable-rc2 \
enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake"
error() {
tput bold
echo "### ERROR $1 ###"
tput sgr0
exit 2
}
clean() {
case $NOCLEAN in
yes|Y|YES) ;;
*)
if [ -e "Makefile" ]; then
make clean
[ $? -ne 0 ] && error "no openssl directory"
fi
;;
esac
return 0
}
makeall() {
make depend || error "depend"
make || error "making"
make report || error "testing/make report"
#FIXME: we need another error handler, as of now a failure doesn't mean a return status of != 0
# see https://github.com/openssl/openssl/pull/336
return 0
}
copyfiles() {
local ret
local target=../openssl.$(uname).$(uname -m).$1
echo; apps/openssl version -a; echo
if [ -e "$target" ]; then
case $(uname) in
*BSD|*Darwin)
mv $target $target-$(stat -f "%Sm" -t "%Y-%m-%d %H:%M" "$target" | sed -e 's/ .*$//' -e 's/-//g')
;;
*) mv $target $target-$(stat -c %y $target | awk '{ print $1 }' | sed -e 's/ .*$//' -e 's/-//g') ;;
esac
fi
cp -pf apps/openssl ../openssl.$(uname).$(uname -m).$1
ret=$?
echo
ls -l apps/openssl ../openssl.$(uname).$(uname -m).$1
return $ret
}
testv6_patch() {
if grep -q 'ending bracket for IPv6' apps/s_socket.c; then
STDOPTIONS="$STDOPTIONS -DOPENSSL_USE_IPV6"
echo "detected IPv6 patch thus compiling in IPv6 support"
echo
else
echo
echo "no IPv6 patch (Fedora) detected!! -- Press ^C and dl & apply from"
echo "https://github.com/drwetter/testssl.sh/blob/master/bin/fedora-dirk-ipv6.diff"
echo "or press any key to ignore"
echo
read a
fi
}
echo
echo "###################################################################"
echo "####### Build script for Peter Mosmans openssl fork #######"
echo "####### which contains all broken and all advanced features #######"
echo "###################################################################"
echo
testv6_patch
if [ "$1" = krb ]; then
name2add=krb
else
if [ $(uname) != "Darwin" ]; then
name2add=static
else
name2add=dynamic
fi
fi
echo "doing a build for $(uname).$(uname -m)".$name2add
echo
sleep 3
case $(uname) in
Linux|FreeBSD)
openssldir_option='--openssldir=/etc/ssl'
case $(uname -m) in
i686|armv7l) clean
if [ "$1" = krb ]; then
./config $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
else
./config $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 -static
fi
[ $? -ne 0 ] && error "configuring"
;;
x86_64|amd64) clean
if [ "$1" = krb ]; then
./config $openssldir_option $STDOPTIONS enable-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
else
./config $openssldir_option $STDOPTIONS enable-ec_nistp_64_gcc_128 -static
fi
[ $? -ne 0 ] && error "configuring"
;;
*) echo " Sorry, don't know this architecture $(uname -m)"
exit 1
;;
esac
;;
Darwin)
openssldir_option='--openssldir=/private/etc/ssl/'
case $(uname -m) in
# No Kerberos (yet?) for Darwin. Static doesn't work for Darwin (#1204)
x86_64) clean || echo "nothing to clean"
./Configure $openssldir_option $STDOPTIONS enable-ec_nistp_64_gcc_128 darwin64-x86_64-cc
[ $? -ne 0 ] && error "configuring"
;;
i386) clean || echo "nothing to clean"
./config $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 darwin64-x86_64-cc
[ $? -ne 0 ] && error "configuring"
;;
esac
;;
*) echo " Sorry, don't know this OS $(uname)"
;;
esac
makeall && copyfiles "$name2add"
[ $? -ne 0 ] && error "copying files"
echo
echo "(w/o 4 GOST ciphers): $(apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l)"
echo
echo "------------ all ok ------------"
echo
# vim:ts=5:sw=5:expandtab
# $Id: make-openssl.sh,v 1.20 2019/02/22 09:07:07 dirkw Exp $
|