From 5d5d21af046e468b5bc70cd63122f73dc6088890 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Tue, 17 Jul 2018 00:41:21 +0200
Subject: [PATCH] Make script for OpenSSL 1.1.1 tree

---
 utils/make-openssl111.sh | 95 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 95 insertions(+)
 create mode 100755 utils/make-openssl111.sh

diff --git a/utils/make-openssl111.sh b/utils/make-openssl111.sh
new file mode 100755
index 0000000..4c57663
--- /dev/null
+++ b/utils/make-openssl111.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+#
+#  vim:tw=90:ts=5:sw=5
+
+echo
+echo "#####################################################"
+echo "#######    Build script for openssl 1.1.1     #######"
+echo "#######  (contains some weak ryptography)     #######"
+echo "#####################################################"
+echo
+
+OPT11="enable-tls1_3 enable-tls13downgrade enable-ec_nistp_64_gcc_128 sctp enable-aria enable-asan enable-rc5 enable-ssl3 enable-ssl3-method enable-dynamic-engine enable-ssl-trace"
+
+STDOPTIONS="--prefix=/usr/ --openssldir=/etc/ssl -DOPENSSL_USE_BUILD_DATE enable-zlib \
+enable-heartbeats enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers zlib no-shared \
+enable-rc2 enable-gost enable-cms enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
+enable-seed enable-camellia enable-idea enable-rfc3779"
+
+grep OPENSSL_VERSION_TEXT include/openssl/opensslv.h | grep -q 1.1.1 && STDOPTIONS="$STDOPTIONS $OPT11"
+
+clean() {
+	case $NOCLEAN in
+		yes|Y|YES) ;;
+		*) make clean ;;
+	esac
+	#[ $? -ne 0 ] && error "no openssl directory"
+	return 0
+}
+
+error() {
+	tput bold
+	echo "ERROR $1"
+	tput sgr0
+	exit 2
+}
+
+makeall() {
+	make depend && make -j2 # && make report
+	if [ $? -ne 0 ]; then
+#FIXME: we need another error handler, as a failure doesb't mean a return status of 1
+		error "making"
+		return 1
+	fi
+	return 0
+}
+
+copyfiles() {
+	echo; apps/openssl version -a; echo
+	cp -p apps/openssl ../openssl.$(uname).$(uname -m).$1
+	echo
+	return $?
+}
+
+
+case $(uname -m) in
+	"i686") clean
+		if [[ "$1" = krb ]]; then
+			name2add=krb
+			./config $STDOPTIONS no-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
+		else
+			name2add=static
+			#export CFLAGS='-fPIC'
+			./config $STDOPTIONS no-ec_nistp_64_gcc_128 -static
+		fi
+		[ $? -ne 0 ] && error "configuring"
+		makeall && copyfiles "$name2add"
+		[ $? -ne 0 ] && error "copying files"
+		apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l
+		echo
+		echo "------------ all ok ------------"
+		echo
+		;;
+	"x86_64") clean
+		if [[ "$1" = krb ]]; then
+			name2add=krb
+			./config $STDOPTIONS enable-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
+		else
+			#name2add=static
+			#./config $STDOPTIONS enable-ec_nistp_64_gcc_128 -static
+			echo \"$STDOPTIONS\"
+			sleep 3
+			./config $STDOPTIONS enable-ec_nistp_64_gcc_128
+		fi
+		[ $? -ne 0 ] && error "configuring"
+		makeall && copyfiles "$name2add"
+		[ $? -ne 0 ] && error "copying files"
+		apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l
+		echo
+		echo "------------ all ok ------------"
+		echo
+		;;
+	*)	echo " Sorry, don't know this architecture $(uname -m)"
+		exit 1
+		;;
+esac