mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-10-31 05:45:26 +01:00
161 lines
4.3 KiB
Bash
Executable File
161 lines
4.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
#
|
|
# This script compiles the "bad openssl" version, 1.0.2 supporting legacy
|
|
# cryptography for Linux, FreeBSD and Darwin.
|
|
#
|
|
# License GPLv2, see ../LICENSE
|
|
|
|
|
|
STDOPTIONS="--prefix=/usr/ -DOPENSSL_USE_BUILD_DATE enable-zlib \
|
|
enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc5 enable-rc2 \
|
|
enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
|
|
enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake"
|
|
|
|
|
|
error() {
|
|
tput bold
|
|
echo "### ERROR $1 ###"
|
|
tput sgr0
|
|
exit 2
|
|
}
|
|
|
|
clean() {
|
|
case $NOCLEAN in
|
|
yes|Y|YES) ;;
|
|
*)
|
|
if [ -e "Makefile" ]; then
|
|
make clean
|
|
[ $? -ne 0 ] && error "no openssl directory"
|
|
fi
|
|
;;
|
|
esac
|
|
return 0
|
|
}
|
|
|
|
makeall() {
|
|
make depend || error "depend"
|
|
make || error "making"
|
|
make report || error "testing/make report"
|
|
#FIXME: we need another error handler, as of now a failure doesn't mean a return status of != 0
|
|
# see https://github.com/openssl/openssl/pull/336
|
|
return 0
|
|
}
|
|
|
|
copyfiles() {
|
|
local ret
|
|
local target=../openssl.$(uname).$(uname -m).$1
|
|
|
|
echo; apps/openssl version -a; echo
|
|
if [ -e "$target" ]; then
|
|
case $(uname) in
|
|
*BSD|*Darwin)
|
|
mv $target $target-$(stat -f "%Sm" -t "%Y-%m-%d %H:%M" "$target" | sed -e 's/ .*$//' -e 's/-//g')
|
|
;;
|
|
*) mv $target $target-$(stat -c %y $target | awk '{ print $1 }' | sed -e 's/ .*$//' -e 's/-//g') ;;
|
|
esac
|
|
fi
|
|
cp -pf apps/openssl ../openssl.$(uname).$(uname -m).$1
|
|
ret=$?
|
|
echo
|
|
ls -l apps/openssl ../openssl.$(uname).$(uname -m).$1
|
|
return $ret
|
|
}
|
|
|
|
testv6_patch() {
|
|
if grep -q 'ending bracket for IPv6' apps/s_socket.c; then
|
|
STDOPTIONS="$STDOPTIONS -DOPENSSL_USE_IPV6"
|
|
echo "detected IPv6 patch thus compiling in IPv6 support"
|
|
echo
|
|
else
|
|
echo
|
|
echo "no IPv6 patch (Fedora) detected!! -- Press ^C and dl & apply from"
|
|
echo "https://github.com/testssl/testssl.sh/blob/master/bin/fedora-dirk-ipv6.diff"
|
|
echo "or press any key to ignore"
|
|
echo
|
|
read a
|
|
fi
|
|
}
|
|
|
|
|
|
|
|
echo
|
|
echo "###################################################################"
|
|
echo "####### Build script for Peter Mosmans openssl fork #######"
|
|
echo "####### which contains all broken and all advanced features #######"
|
|
echo "###################################################################"
|
|
echo
|
|
|
|
testv6_patch
|
|
|
|
if [ "$1" = krb ]; then
|
|
name2add=krb
|
|
else
|
|
if [ $(uname) != "Darwin" ]; then
|
|
name2add=static
|
|
else
|
|
name2add=dynamic
|
|
fi
|
|
fi
|
|
|
|
echo "doing a build for $(uname).$(uname -m)".$name2add
|
|
echo
|
|
sleep 3
|
|
|
|
|
|
case $(uname) in
|
|
Linux|FreeBSD)
|
|
openssldir_option='--openssldir=/etc/ssl'
|
|
case $(uname -m) in
|
|
i686|armv7l) clean
|
|
if [ "$1" = krb ]; then
|
|
./config $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
|
|
else
|
|
./config $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 -static
|
|
fi
|
|
[ $? -ne 0 ] && error "configuring"
|
|
;;
|
|
x86_64|amd64) clean
|
|
if [ "$1" = krb ]; then
|
|
./config $openssldir_option $STDOPTIONS enable-ec_nistp_64_gcc_128 --with-krb5-flavor=MIT
|
|
else
|
|
./config $openssldir_option $STDOPTIONS enable-ec_nistp_64_gcc_128 -static
|
|
fi
|
|
[ $? -ne 0 ] && error "configuring"
|
|
;;
|
|
*) echo " Sorry, don't know this architecture $(uname -m)"
|
|
exit 1
|
|
;;
|
|
esac
|
|
;;
|
|
Darwin)
|
|
openssldir_option='--openssldir=/private/etc/ssl/'
|
|
case $(uname -m) in
|
|
# No Kerberos (yet?) for Darwin. Static doesn't work for Darwin (#1204)
|
|
x86_64) clean || echo "nothing to clean"
|
|
./Configure $openssldir_option $STDOPTIONS enable-ec_nistp_64_gcc_128 darwin64-x86_64-cc
|
|
[ $? -ne 0 ] && error "configuring"
|
|
;;
|
|
i386) clean || echo "nothing to clean"
|
|
./config $openssldir_option $STDOPTIONS no-ec_nistp_64_gcc_128 darwin64-x86_64-cc
|
|
[ $? -ne 0 ] && error "configuring"
|
|
;;
|
|
esac
|
|
;;
|
|
*) echo " Sorry, don't know this OS $(uname)"
|
|
;;
|
|
esac
|
|
|
|
|
|
makeall && copyfiles "$name2add"
|
|
[ $? -ne 0 ] && error "copying files"
|
|
echo
|
|
echo "(w/o 4 GOST ciphers): $(apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l)"
|
|
echo
|
|
echo "------------ all ok ------------"
|
|
echo
|
|
|
|
|
|
# vim:ts=5:sw=5:expandtab
|
|
# $Id: make-openssl.sh,v 1.20 2019/02/22 09:07:07 dirkw Exp $
|
|
|