Last active
September 7, 2016 20:30
-
-
Save jpluimers/f4de3937630b87753133 to your computer and use it in GitHub Desktop.
Builds ChaCha20 version of openssl on Mac OS X static without dylib for use with testssl.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
## -no-shared builds a static binary without the need of dylib files | |
# requires: Perl; reasonably new version of Xcode and https://github.com/PeterMosmans/openssl | |
pushd /tmp | |
git clone https://github.com/drwetter/openssl-pm-snapshot.git openssl | |
#git clone https://github.com/drwetter/openssl.git openssl | |
#git clone https://jpluimers@github.com/jpluimers/openssl.git openssl | |
#git clone https://github.com/PeterMosmans/openssl openssl | |
cd openssl | |
# bash debugging, see: http://stackoverflow.com/questions/2853803/in-a-shell-script-echo-shell-commands-as-they-are-executed/2853811#2853811 | |
set -vx | |
outDirectory="../out" | |
binariesDirectory="$outDirectory/binaries.testssl.macOS" | |
reportsDirectory="$outDirectory/reports.testssl.macOS" | |
statisticsDirectory="$outDirectory/statistics.testssl.macOS" | |
# http://stackoverflow.com/questions/3963716/how-to-manually-expand-a-special-variable-ex-tilde-in-bash | |
binary_directory="${HOME}/Versioned/testssl.sh/bin/" | |
cipher_types=("DEFAULT" "ALL:COMPLEMENTOFALL") | |
# In $arguments, note -static is not supported on OS X as both cc and gcc direct to clang. | |
# You get the below error. See: http://stackoverflow.com/questions/5259249/creating-static-mac-os-x-c-build | |
# ld: library not found for -lcrt0.o | |
#cc_arguments_common="no-shared enable-static-engine no-zlib-dynamic enable-zlib enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc2 enable-rc5 enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS" | |
#cc_arguments_common="no-shared enable-static-engine no-zlib-dynamic enable-zlib enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc2 enable-rc5 enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake -DOPENSSL_USE_BUILD_DATE" | |
# for "zlib no-zlib-dynamic", you need the zlib-devel package on your Mac, see https://github.com/drwetter/testssl.sh/issues/164#issuecomment-132144489 | |
# installing zlib-devel with `xcode-select --install`; see http://stackoverflow.com/questions/23749530/brew-install-zlib-devel-on-mac-os-x-mavericks/26912010#26912010 | |
#cc_arguments_common="no-shared enable-static-engine zlib no-zlib-dynamic enable-zlib enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc2 enable-rc5 enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake -DOPENSSL_USE_BUILD_DATE" | |
cc_arguments_common="no-shared enable-static-engine zlib no-zlib-dynamic -DOPENSSL_USE_IPV6 \ | |
-DOPENSSL_USE_BUILD_DATE enable-zlib \ | |
enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc5 enable-rc2 \ | |
enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \ | |
enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake" # -DTEMP_GOST_TLS" | |
# notes: | |
# - removed because of cipher order: -DTEMP_GOST_TLS | |
cc_arguments_x86="$cc_arguments_common " | |
cc_arguments_x64="$cc_arguments_common enable-ec_nistp_64_gcc_128 " | |
# architecture names are the ones used in openssl/config: | |
architecture_darwin_x64="darwin64-x86_64-cc" | |
architecture_darwin_x86="darwin-i386-cc" | |
architectures=("$architecture_darwin_x64" "$architecture_darwin_x86") | |
## Declare associative array: http://wiki.bash-hackers.org/commands/builtin/declare | |
## declare -A cc_arguments_by_architecture=(["$architecture_darwin_x64"]="$cc_arguments_x64" ["$architecture_darwin_x86"]="$cc_arguments_x86") | |
## But OS/X does not have bash version 4: http://stackoverflow.com/questions/6047648/bash-4-associative-arrays-error-declare-a-invalid-option | |
## So work around it using functions | |
## http://stackoverflow.com/questions/14482943/can-a-string-be-returned-from-a-bash-function-without-using-echo-or-global-varia | |
cc_arguments_by_architecture() { | |
case "$1" in | |
"$architecture_darwin_x64") echo "$cc_arguments_x64";; | |
"$architecture_darwin_x86") echo "$cc_arguments_x86";; | |
esac | |
} | |
build1architecture() { | |
target=$1 | |
# all but first: http://stackoverflow.com/questions/9057387/process-all-arguments-except-the-first-one/9057392#9057392 | |
arguments="${*:2}" | |
echo "Building for '$target' with arguments '$arguments'" | tee $outDirectory/$target.target.arguments.txt | |
make dclean > $outDirectory/$target.make.dclean.txt | |
make clean > $outDirectory/$target.make.clean.txt | |
2>&1 > $outDirectory/$target.Configure.txt ./Configure $target $arguments | |
> $outDirectory/$target.make.depend.txt make depend 2>&1 | |
> $outDirectory/$target.make.txt make 2>&1 | |
> $reportsDirectory/$target.make.test.txt make test 2>&1 | |
> $reportsDirectory/$target.make.report.txt make report 2>&1 | |
# `maketest.log` is created by `make report` | |
> $reportsDirectory/$target.make.test.maketest.log.txt cat maketest.log 2>&1 | |
mv apps/openssl $binariesDirectory/openssl.$target | |
mv testlog $statisticsDirectory/openssl.$target.testlog.txt | |
> $statisticsDirectory/openssl.$target.version.txt $binariesDirectory/openssl.$target version -a 2>&1 | |
> $statisticsDirectory/openssl.$target.ciphercount.txt echo "Cipher counts for $target" | |
for cipher_type in "${cipher_types[@]}" | |
do | |
get_ciphers="$binariesDirectory/openssl.$target ciphers -V $cipher_type" | |
echo $get_ciphers | |
>> $statisticsDirectory/openssl.$target.ciphercount.txt echo "Count for cypher type $cipher_type:" | |
$get_ciphers 2>&1 | grep 0x | wc -l >> $statisticsDirectory/openssl.$target.ciphercount.txt | |
> "$statisticsDirectory/openssl.$target.ciphers.$cipher_type.txt" $get_ciphers 2>&1 | sort | |
done | |
} | |
rm -rf $outDirectory | |
mkdir $outDirectory | |
mkdir $binariesDirectory | |
mkdir $reportsDirectory | |
mkdir $statisticsDirectory | |
for architecture in "${architectures[@]}" | |
do | |
## associative arrays: http://stackoverflow.com/questions/3112687/how-to-iterate-over-associative-array-in-bash/3113285#3113285 | |
## bash 4: | |
# build1architecture "$architecture" ${cc_arguments_by_architecture["$architecture"]} | |
## get associate simulation http://stackoverflow.com/questions/3236871/how-to-return-a-string-value-from-a-bash-function | |
build1architecture "$architecture" $(cc_arguments_by_architecture $architecture) | |
done | |
cat $statisticsDirectory/*count* | |
cat $statisticsDirectory/*testlog* | |
# target names are the ones used in uname: https://github.com/drwetter/testssl.sh/issues/127#issuecomment-127408205 | |
target_x86="Darwin.i386" | |
target_x64="Darwin.x86_64" | |
## bash 4 associative array: | |
# declare -A targets_by_architecture=(["$architecture_darwin_x64"]="$target_x64" ["$architecture_darwin_x86"]="$target_x86") | |
## simulate associative array using a function doing echo to stdout and evaluate the result | |
## http://stackoverflow.com/questions/14482943/can-a-string-be-returned-from-a-bash-function-without-using-echo-or-global-varia | |
targets_by_architecture() { | |
case "$1" in | |
"$architecture_darwin_x64") echo "$target_x64";; | |
"$architecture_darwin_x86") echo "$target_x86";; | |
esac | |
} | |
for architecture in "${architectures[@]}" | |
do | |
# bash 4: current_target=${targets_by_architecture["$architecture"]} | |
## get associate simulation http://stackoverflow.com/questions/3236871/how-to-return-a-string-value-from-a-bash-function | |
current_target=$(targets_by_architecture $architecture) | |
echo "architecture: $architecture leads to target: $current_target" | |
cp -p "$binariesDirectory/openssl.$architecture" "$binariesDirectory/openssl.$current_target" | |
strip "$binariesDirectory/openssl.$current_target" | |
cp -p "$binariesDirectory/openssl.$current_target" "$binary_directory/openssl.$current_target" | |
cp -p "$binariesDirectory/openssl.$architecture" "$binary_directory/openssl.$architecture" | |
pushd $binary_directory | |
git add openssl.$current_target | |
popd | |
done | |
popd |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment