diff --git a/openssl-bins/openssl-1.0.2-chacha.pm/new-ciphers.diffed2vanilla.txt b/bin/new-ciphers.diffed2vanilla.txt similarity index 100% rename from openssl-bins/openssl-1.0.2-chacha.pm/new-ciphers.diffed2vanilla.txt rename to bin/new-ciphers.diffed2vanilla.txt diff --git a/openssl-bins/openssl-1.0.2-chacha.pm/new-ciphers.std_distro.txt b/bin/new-ciphers.std_distro.txt similarity index 100% rename from openssl-bins/openssl-1.0.2-chacha.pm/new-ciphers.std_distro.txt rename to bin/new-ciphers.std_distro.txt diff --git a/openssl-bins/openssl-1.0.2-chacha.pm/openssl-Vall.krb.txt b/bin/openssl-Vall.krb.txt similarity index 100% rename from openssl-bins/openssl-1.0.2-chacha.pm/openssl-Vall.krb.txt rename to bin/openssl-Vall.krb.txt diff --git a/openssl-bins/openssl-1.0.2-chacha.pm/openssl-Vall.txt b/bin/openssl-Vall.txt similarity index 100% rename from openssl-bins/openssl-1.0.2-chacha.pm/openssl-Vall.txt rename to bin/openssl-Vall.txt diff --git a/openssl-bins/openssl-1.0.2-chacha.pm/Readme.md b/openssl-bins/openssl-1.0.2-chacha.pm/Readme.md deleted file mode 100644 index 305b18f..0000000 --- a/openssl-bins/openssl-1.0.2-chacha.pm/Readme.md +++ /dev/null @@ -1,96 +0,0 @@ - -Compiling and Usage Instructions -================================ - -The precompiled binaries provided here have extended support for everything -which is normally not configured to be compiled (40+56 Bit, export/ANON ciphers, weak DH ciphers, -SSLv2 etc.) -- all the dirty features needed for testing. OTOH the binaries also come with extended support for new / advanced cipher suites and/or features which are not (yet?) in the official branch. - -The binaries in this directory are all compiled from an OpenSSL 1.0.2 fork -from Peter Mosmans. He has patched the master git branch -to support CHACHA20 + POLY1305 and other ciphers like CAMELIA 256 Bit. - -The binary ``openssl-1.0.2pm.darwin.64``, based on Peter Mosmans 1.0.2b-dev, was borrowed with permission from Julien Vehent's cipherscan. - - - -General -------- - -Both 64+32 bit Linux binaries were compiled under Ubuntu 12.04 LTS. Likely you -cannot use them for older distributions, younger worked in my test environments. I provide -for each distributions two sets of binaries: - -* completely statically linked binaries -* dynamically linked binaries, additionally with MIT Kerberos support ("krb5" in the name). - They provide also KRB5-* and EXP-KRB5-* support (in OpenSSL terminology, see krb5-ciphers.txt). - -For the latter you need a whopping bunch of kerberos runtime libraries which you maybe need to -install from your distributor (libgssapi_krb5, libkrb5, libcom_err, libk5crypto, libkrb5support, -libkeyutils). The 'static' binaries do not have MIT kerberos support as there are no -static kerberos libs and I did not bother to compile them from the sources. - - -Compilation instructions ------------------------- - -If you want to compile OpenSSL yourself, here are the instructions: - -1.) get openssl from Peter Mosmans' repo: - - git clone https://github.com/PeterMosmans/openssl - cd openssl - -2.) configure the damned thing. Options I used (see https://github.com/drwetter/testssl.sh/blob/master/openssl-bins/make-openssl.sh) - -**for 64Bit including Kerberos ciphers:** - - ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \ - enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \ - enable-seed enable-camellia enable-idea enable-rfc3779 enable-ec_nistp_64_gcc_128 \ - --with-krb5-flavor=MIT experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS - -**for 64Bit, static binaries:** - - ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \ - enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \ - enable-seed enable-camellia enable-idea enable-rfc3779 enable-ec_nistp_64_gcc_128 \ - -static experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS - -**for 32 Bit including Kerberos ciphers:** - - ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \ - enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \ - enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \ - --with-krb5-flavor=MIT experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS - - **for 32 Bit, static binaries:** - - ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \ - enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \ - enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \ - -static experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS - -Two GOST [1][2] ciphers (``GOST-GOST94``, ``GOST-MD5``) come with ``-DTEMP_GOST_TLS``, four additional come via openssl engine. ``-DTEMP_GOST_TLS`` on earlier versions of openssl broke things. - -So the difference you maybe spotted: If you don't have / don't want Kerberos libraries and devel rpms/debs, omit "--with-krb5-flavor=MIT" (see examples). -If you have another Kerberos flavor you would need to figure out by yourself. - -3.) make depend - -4.) make - -5.) make report (check whether it runs ok!) - -6.) "./apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l" lists now for me -* 193(+4 GOST) ciphers -- including kerberos -* 179(+4 GOST) ciphers without kerberos - -as opposed to 111/109 from Ubuntu or Opensuse. - -**Never use these binaries for anything other than testing** - -Enjoy, Dirk - -[1] https://en.wikipedia.org/wiki/GOST_%29block_cipher%29 -[2] http://fossies.org/linux/openssl/engines/ccgost/README.gost