utils/make-openssl.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

#!/usr/bin/env bash
#
# This script compiles the "bad openssl" version, 1.0.2 supporting legacy
# cryptography for Linux, FreeBSD and Darwin.
#
# License GPLv2, see ../LICENSE


STDOPTIONS="--prefix=/usr/ -DOPENSSL_USE_BUILD_DATE enable-zlib \
enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc5 enable-rc2 \
enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake"


error() {
     tput bold
     echo "### ERROR $1 ###"
     tput sgr0
     exit 2
}

clean() {
     case $NOCLEAN in
          yes|Y|YES) ;;
          *)
          if [ -e "Makefile" ]; then
              make clean
              [ $? -ne 0 ] && error "no openssl directory"
          fi
		;;
     esac
     return 0
}

makeall() {
     make depend || error "depend"
     make || error "making"
     make report || error "testing/make report"
     #FIXME: we need another error handler, as of now a failure doesn't mean a return status of != 0
     # see https://github.com/openssl/openssl/pull/336
     return 0
}

copyfiles() {
     local ret
     local target=../openssl.$(uname).$(uname -m).$1

     echo; apps/openssl version -a; echo
     if [ -e "$target" ]; then
		case $(uname) in
          	*BSD|*Darwin)
               	mv $target $target-$(stat -f "%Sm" -t "%Y-%m-%d %H:%M" "$target" | sed -e 's/ .*$//' -e 's/-//g')
				;;
			*) mv $target $target-$(stat -c %y $target | awk '{ print $1 }' | sed -e 's/ .*$//' -e 's/-//g') ;;
		esac
     fi
     cp -pf apps/openssl ../openssl.$(uname).$(uname -m).$1
     ret=$?
     echo
     ls -l apps/openssl ../openssl.$(uname).$(uname -m).$1
     return $ret
}

testv6_patch() {
     if grep -q 'ending bracket for IPv6' apps/s_socket.c; then
          STDOPTIONS="$STDOPTIONS -DOPENSSL_USE_IPV6"
          echo "detected IPv6 patch thus compiling in IPv6 support"
		echo
     else
          echo
          echo "no IPv6 patch (Fedora) detected!!  -- Press ^C and dl & apply from"
          echo "https://github.com/drwetter/testssl.sh/blob/master/bin/fedora-dirk-ipv6.diff"
          echo "or press any key to ignore"
          echo
          read a
     fi
}


echo
echo "###################################################################"
echo "#######   Build script for Peter Mosmans openssl fork       #######"
echo "####### which contains all broken and all advanced features #######"
echo "###################################################################"
echo

testv6_patch

if [ "$1" = krb ]; then
	name2add=krb
else
	if [ $(uname) != "Darwin" ]; then
		name2add=static
	else
		name2add=dynamic
	fi
fi

echo "doing a build for $(uname).$(uname -m)".$name2add
echo
sleep 3


case $(uname) in
     Linux|FreeBSD)
		openssldir_option='--openssldir=/etc/ssl'
		case $(uname -m) in
         		i686|armv7l) clean
				if [ "$1" = krb ]; then
					./config $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
				else
					./config $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 -static
				fi
				[ $? -ne 0 ] && error "configuring"
				;;
			x86_64|amd64) clean
               	if [ "$1" = krb ]; then
					./config $openssldir_option $STDOPTIONS enable-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
				else
					./config $openssldir_option $STDOPTIONS enable-ec_nistp_64_gcc_128 -static
				fi
				[ $? -ne 0 ] && error "configuring"
				;;
			*) echo " Sorry, don't know this architecture $(uname -m)"
               	exit 1
               	;;
         esac
         ;;
     Darwin)
		openssldir_option='--openssldir=/private/etc/ssl/'
		case $(uname -m) in
			# No Kerberos (yet?) for Darwin. Static doesn't work for Darwin (#1204)
			x86_64) clean || echo "nothing to clean"
				./Configure $openssldir_option  $STDOPTIONS enable-ec_nistp_64_gcc_128 darwin64-x86_64-cc
				[ $? -ne 0 ] && error "configuring"
          		;;
			i386) clean || echo "nothing to clean"
				./config  $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 darwin64-x86_64-cc
				[ $? -ne 0 ] && error "configuring"
				;;
		esac
		;;
	*) echo " Sorry, don't know this OS $(uname)"
	;;
esac


makeall && copyfiles "$name2add"
[ $? -ne 0 ] && error "copying files"
echo
echo "(w/o 4 GOST ciphers): $(apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l)"
echo
echo "------------ all ok ------------"
echo


#  vim:ts=5:sw=5:expandtab
#  $Id: make-openssl.sh,v 1.20 2019/02/22 09:07:07 dirkw Exp $