- ease of making openssl binary with make-openssl.sh

- Hint where the Readme is - removal of old binaries
2025-10-31 13:55:25 +01:00 · 2015-06-10 08:15:28 +02:00
parent 0f5c4981cb
commit 8acc17b4bc
9 changed files with 85 additions and 106 deletions
--- a/openssl-bins/Readme.md
+++ b/openssl-bins/Readme.md
@@ -0,0 +1,6 @@
 Compiling and Usage Instructions
 ================================
 see Readme.md in bin directory
--- a/openssl-bins/make-openssl.sh
+++ b/openssl-bins/make-openssl.sh
@@ -0,0 +1,79 @@
 #!/bin/bash
 echo
 echo "have you patched yet?"
 read a
 STDOPTIONS="--prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
 enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
 enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake"
 clean() {
 	make clean
 	#[ $? -ne 0 ] && error "no openssl directory"
 	return 0
 }
 error() {
 	tput bold
 	echo "ERROR $1"
 	tput sgr0
 	exit 2
 }
 makeall() {
 	make depend && make && make report
 	if [ $? -ne 0 ]; then
 		error "making"
 	fi
 	return 0
 }
 copyfiles() {
 	echo; apps/openssl version -a; echo
 	cp -p apps/openssl ../openssl$1
 	echo
 	return $?
 }
 case `uname -m` in
 	"i686") clean ;
 		if [[ "$1" = krb ]]; then
 			name2add=krb
 			./config $STDOPTIONS no-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
 		else
 			name2add=static
 			./config $STDOPTIONS no-ec_nistp_64_gcc_128 -static
 		fi
 		[ $? -ne 0 ] && error "configuring"
 		makeall && copyfiles "32-$name2add"
 		[ $? -ne 0 ] && error "copying files"
 		apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l
 		echo
 		echo "------------ all ok ------------"
 		echo 
 		;;
 	"x86_64") clean;
 		if [[ "$1" = krb ]]; then
 			name2add=krb
 			./config $STDOPTIONS enable-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
 		else
 			name2add=static
 			./config $STDOPTIONS enable-ec_nistp_64_gcc_128 -static
 		fi
 		[ $? -ne 0 ] && error "configuring"
 		makeall && copyfiles "64-$name2add"
 		[ $? -ne 0 ] && error "copying files"
 		apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l
 		echo
 		echo "------------ all ok ------------"
 		echo 
 		;;
 	*)	echo "architecture ???" 
 		exit 1
 		;;
 esac
 #  vim:tw=90:ts=5:sw=5
 #  $Id: make-openssl.sh,v 1.6 2015/04/02 07:39:27 dirkw Exp $ 
--- a/openssl-bins/openssl-1.0.2-beta1/Readme.md
+++ b/openssl-bins/openssl-1.0.2-beta1/Readme.md
@@ -1,32 +0,0 @@
 Instructions
 ----
 Both versions here are compiled from OpenSSL 1.0.2-beta1. The
 * 64 bit version was compiled under Opensuse 12.3
 * 32 bit version was compiled under Ubuntu 12.04 LTS
 Both are statically linked, except a few libraries which are nowadays sometimes 
 hard to link in, i.e. the dynamic loader (libdl) and glibc (libc).
 If you want to compile OpenSSL yourself, here are my configure options:
 ### for 32 Bit:
 > --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 enable-gost enable-cms enable-md2 enable-mdc2 enable-rc5 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-idea -Wa,--noexecstack no-dane no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-multiblock no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-zlib-dynamic static-engine
 ### for 64Bit:
 > --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-ec_nistp_64_gcc_128 enable-rc5 enable-rc2 enable-gost enable-cms enable-md2 enable-mdc2 enable-rc5 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-idea -Wa,--noexecstack no-dane no-gmp no-jpake no-krb5 no-libunbound no-multiblock no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-zlib-dynamic static-engine
 And: You have to patch the sources, see file vanilla.patch otherwise you miss the experimental
 and some RC4/MD5 cipher suites. "openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l" lists for me 150 
 ciphers as opposed to 109 from Ubuntu or Opensuse. More soon to come!
 **Don't use them for other purposes except testing!**
 Enjoy,
 Dirk
--- a/openssl-bins/openssl-1.0.2-beta1/openssl.i686
+++ b/openssl-bins/openssl-1.0.2-beta1/openssl.i686
--- a/openssl-bins/openssl-1.0.2-beta1/openssl.i686.asc
+++ b/openssl-bins/openssl-1.0.2-beta1/openssl.i686.asc
@@ -1,7 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 iD8DBQBTtWqtWZzt6LgYwDkRAh66AKDPH+8Z96WkGMY37JQ660TdCuiuNACfY6wi
 RAhPwM6AiWqkJfcnltSJ9kc=
 =eyei
 -----END PGP SIGNATURE-----
--- a/openssl-bins/openssl-1.0.2-beta1/openssl.x86_64
+++ b/openssl-bins/openssl-1.0.2-beta1/openssl.x86_64
--- a/openssl-bins/openssl-1.0.2-beta1/openssl.x86_64.asc
+++ b/openssl-bins/openssl-1.0.2-beta1/openssl.x86_64.asc
@@ -1,7 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 iD8DBQBTtWqzWZzt6LgYwDkRAgXhAKCSnhieSIzcIxUSUlHThrLLmXp71QCg0K9e
 bvp1NF/9InyxgD53PXddEA4=
 =/OeI
 -----END PGP SIGNATURE-----
--- a/openssl-bins/openssl-1.0.2-beta1/readme.txt
+++ b/openssl-bins/openssl-1.0.2-beta1/readme.txt
@@ -1,29 +0,0 @@
 Both versions here are compiled from OpenSSL 1.0.2-beta1. The
 64 bit version was compiled under Opensuse 12.3
 32 bit version was compiled under Ubuntu 12.04 LTS
 Both are statically linked, except a few libraries which
 are nowadays sometimes hard to link in, i.e. the dynamic
 loader (libdl) and glibc (libc).
 If you want to compile OpenSSL yourself, here are my configure options:
 for 32 Bit:
 --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 enable-gost enable-cms enable-md2 enable-mdc2 enable-rc5 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-idea -Wa,--noexecstack no-dane no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-multiblock no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-zlib-dynamic static-engine
 for 64Bit:
 --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-ec_nistp_64_gcc_128 enable-rc5 enable-rc2 enable-gost enable-cms enable-md2 enable-mdc2 enable-rc5 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-idea -Wa,--noexecstack no-dane no-gmp no-jpake no-krb5 no-libunbound no-multiblock no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-zlib-dynamic static-engine
 And: You have to patch the sources, see file vanilla.patch otherwise you miss the experimental
 and some RC4/MD5 cipher suites. "openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l" lists for me 150 
 ciphers as opposed to 109 from Ubuntu or Opensuse. More soon to come!
 Don't use them for other purposes except testing!
 Enjoy,
 Dirk
--- a/openssl-bins/openssl-1.0.2-beta1/vanilla.patch
+++ b/openssl-bins/openssl-1.0.2-beta1/vanilla.patch
@@ -1,31 +0,0 @@
 --- ./ssl/tls1.h.orig   2014-03-03 20:43:11.535295959 +0100
 +++ ./ssl/tls1.h        2014-03-03 20:43:25.911430196 +0100
@@ -157,7 +157,7 @@
 extern "C" {
 #endif
 -#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES   0
 +#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES   1
 #define TLS1_2_VERSION                 0x0303
 #define TLS1_2_VERSION_MAJOR           0x03
 --- ./ssl/s2_lib.c.orig 2014-03-05 18:16:40.966589866 +0100
 +++ ./ssl/s2_lib.c      2014-03-05 18:17:36.572043680 +0100
@@ -122,7 +122,7 @@
 /* list of available SSLv2 ciphers (sorted by id) */
 OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
 -#if 0
 +#if 1
 /* NULL_WITH_MD5 v3 */
        {
        1,
@@ -254,7 +254,7 @@
        168,
        },
 -#if 0
 +#if 1
 /* RC4_64_WITH_MD5 */
        {
        1,