#!/usr/bin/env bash
#
# This script compiles the "bad openssl" version, 1.0.2 supporting legacy
# cryptography for Linux, FreeBSD and Darwin.
#
# License GPLv2, see ../LICENSE


STDOPTIONS="--prefix=/usr/ -DOPENSSL_USE_BUILD_DATE enable-zlib \
enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc5 enable-rc2 \
enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake"


error() {
     tput bold
     echo "### ERROR $1 ###"
     tput sgr0
     exit 2
}

clean() {
     case $NOCLEAN in
          yes|Y|YES) ;;
          *)
          if [ -e "Makefile" ]; then
              make clean
              [ $? -ne 0 ] && error "no openssl directory"
          fi
		;;
     esac
     return 0
}

makeall() {
     make depend || error "depend"
     make || error "making"
     make report || error "testing/make report"
     #FIXME: we need another error handler, as of now a failure doesn't mean a return status of != 0
     # see https://github.com/openssl/openssl/pull/336
     return 0
}

copyfiles() {
     local ret
     local target=../openssl.$(uname).$(uname -m).$1

     echo; apps/openssl version -a; echo
     if [ -e "$target" ]; then
		case $(uname) in
          	*BSD|*Darwin)
               	mv $target $target-$(stat -f "%Sm" -t "%Y-%m-%d %H:%M" "$target" | sed -e 's/ .*$//' -e 's/-//g')
				;;
			*) mv $target $target-$(stat -c %y $target | awk '{ print $1 }' | sed -e 's/ .*$//' -e 's/-//g') ;;
		esac
     fi
     cp -pf apps/openssl ../openssl.$(uname).$(uname -m).$1
     ret=$?
     echo
     ls -l apps/openssl ../openssl.$(uname).$(uname -m).$1
     return $ret
}

testv6_patch() {
     if grep -q 'ending bracket for IPv6' apps/s_socket.c; then
          STDOPTIONS="$STDOPTIONS -DOPENSSL_USE_IPV6"
          echo "detected IPv6 patch thus compiling in IPv6 support"
		echo
     else
          echo
          echo "no IPv6 patch (Fedora) detected!!  -- Press ^C and dl & apply from"
          echo "https://github.com/drwetter/testssl.sh/blob/master/bin/fedora-dirk-ipv6.diff"
          echo "or press any key to ignore"
          echo
          read a
     fi
}



echo
echo "###################################################################"
echo "#######   Build script for Peter Mosmans openssl fork       #######"
echo "####### which contains all broken and all advanced features #######"
echo "###################################################################"
echo

testv6_patch

if [ "$1" = krb ]; then
	name2add=krb
else
	if [ $(uname) != "Darwin" ]; then
		name2add=static
	else
		name2add=dynamic
	fi
fi

echo "doing a build for $(uname).$(uname -m)".$name2add
echo
sleep 3


case $(uname) in
     Linux|FreeBSD)
		openssldir_option='--openssldir=/etc/ssl'
		case $(uname -m) in
         		i686|armv7l) clean
				if [ "$1" = krb ]; then
					./config $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
				else
					./config $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 -static
				fi
				[ $? -ne 0 ] && error "configuring"
				;;
			x86_64|amd64) clean
               	if [ "$1" = krb ]; then
					./config $openssldir_option $STDOPTIONS enable-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
				else
					./config $openssldir_option $STDOPTIONS enable-ec_nistp_64_gcc_128 -static
				fi
				[ $? -ne 0 ] && error "configuring"
				;;
			*) echo " Sorry, don't know this architecture $(uname -m)"
               	exit 1
               	;;
         esac
         ;;
     Darwin)
		openssldir_option='--openssldir=/private/etc/ssl/'
		case $(uname -m) in
			# No Kerberos (yet?) for Darwin. Static doesn't work for Darwin (#1204)
			x86_64) clean || echo "nothing to clean"
				./Configure $openssldir_option  $STDOPTIONS enable-ec_nistp_64_gcc_128 darwin64-x86_64-cc
				[ $? -ne 0 ] && error "configuring"
          		;;
			i386) clean || echo "nothing to clean"
				./config  $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 darwin64-x86_64-cc
				[ $? -ne 0 ] && error "configuring"
				;;
		esac
		;;
	*) echo " Sorry, don't know this OS $(uname)"
	;;
esac


makeall && copyfiles "$name2add"
[ $? -ne 0 ] && error "copying files"
echo
echo "(w/o 4 GOST ciphers): $(apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l)"
echo
echo "------------ all ok ------------"
echo


#  vim:ts=5:sw=5:expandtab
#  $Id: make-openssl.sh,v 1.20 2019/02/22 09:07:07 dirkw Exp $