Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save jpluimers/f4de3937630b87753133 to your computer and use it in GitHub Desktop.
Save jpluimers/f4de3937630b87753133 to your computer and use it in GitHub Desktop.
Builds ChaCha20 version of openssl on Mac OS X static without dylib for use with testssl.sh
#!/bin/sh
## -no-shared builds a static binary without the need of dylib files
# requires: Perl; reasonably new version of Xcode and https://github.com/PeterMosmans/openssl
pushd /tmp
git clone https://github.com/drwetter/openssl-pm-snapshot.git openssl
#git clone https://github.com/drwetter/openssl.git openssl
#git clone https://jpluimers@github.com/jpluimers/openssl.git openssl
#git clone https://github.com/PeterMosmans/openssl openssl
cd openssl
# bash debugging, see: http://stackoverflow.com/questions/2853803/in-a-shell-script-echo-shell-commands-as-they-are-executed/2853811#2853811
set -vx
outDirectory="../out"
binariesDirectory="$outDirectory/binaries.testssl.macOS"
reportsDirectory="$outDirectory/reports.testssl.macOS"
statisticsDirectory="$outDirectory/statistics.testssl.macOS"
# http://stackoverflow.com/questions/3963716/how-to-manually-expand-a-special-variable-ex-tilde-in-bash
binary_directory="${HOME}/Versioned/testssl.sh/bin/"
cipher_types=("DEFAULT" "ALL:COMPLEMENTOFALL")
# In $arguments, note -static is not supported on OS X as both cc and gcc direct to clang.
# You get the below error. See: http://stackoverflow.com/questions/5259249/creating-static-mac-os-x-c-build
# ld: library not found for -lcrt0.o
#cc_arguments_common="no-shared enable-static-engine no-zlib-dynamic enable-zlib enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc2 enable-rc5 enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS"
#cc_arguments_common="no-shared enable-static-engine no-zlib-dynamic enable-zlib enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc2 enable-rc5 enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake -DOPENSSL_USE_BUILD_DATE"
# for "zlib no-zlib-dynamic", you need the zlib-devel package on your Mac, see https://github.com/drwetter/testssl.sh/issues/164#issuecomment-132144489
# installing zlib-devel with `xcode-select --install`; see http://stackoverflow.com/questions/23749530/brew-install-zlib-devel-on-mac-os-x-mavericks/26912010#26912010
#cc_arguments_common="no-shared enable-static-engine zlib no-zlib-dynamic enable-zlib enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc2 enable-rc5 enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake -DOPENSSL_USE_BUILD_DATE"
cc_arguments_common="no-shared enable-static-engine zlib no-zlib-dynamic -DOPENSSL_USE_IPV6 \
-DOPENSSL_USE_BUILD_DATE enable-zlib \
enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc5 enable-rc2 \
enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake" # -DTEMP_GOST_TLS"
# notes:
# - removed because of cipher order: -DTEMP_GOST_TLS
cc_arguments_x86="$cc_arguments_common "
cc_arguments_x64="$cc_arguments_common enable-ec_nistp_64_gcc_128 "
# architecture names are the ones used in openssl/config:
architecture_darwin_x64="darwin64-x86_64-cc"
architecture_darwin_x86="darwin-i386-cc"
architectures=("$architecture_darwin_x64" "$architecture_darwin_x86")
## Declare associative array: http://wiki.bash-hackers.org/commands/builtin/declare
## declare -A cc_arguments_by_architecture=(["$architecture_darwin_x64"]="$cc_arguments_x64" ["$architecture_darwin_x86"]="$cc_arguments_x86")
## But OS/X does not have bash version 4: http://stackoverflow.com/questions/6047648/bash-4-associative-arrays-error-declare-a-invalid-option
## So work around it using functions
## http://stackoverflow.com/questions/14482943/can-a-string-be-returned-from-a-bash-function-without-using-echo-or-global-varia
cc_arguments_by_architecture() {
case "$1" in
"$architecture_darwin_x64") echo "$cc_arguments_x64";;
"$architecture_darwin_x86") echo "$cc_arguments_x86";;
esac
}
build1architecture() {
target=$1
# all but first: http://stackoverflow.com/questions/9057387/process-all-arguments-except-the-first-one/9057392#9057392
arguments="${*:2}"
echo "Building for '$target' with arguments '$arguments'" | tee $outDirectory/$target.target.arguments.txt
make dclean > $outDirectory/$target.make.dclean.txt
make clean > $outDirectory/$target.make.clean.txt
2>&1 > $outDirectory/$target.Configure.txt ./Configure $target $arguments
> $outDirectory/$target.make.depend.txt make depend 2>&1
> $outDirectory/$target.make.txt make 2>&1
> $reportsDirectory/$target.make.test.txt make test 2>&1
> $reportsDirectory/$target.make.report.txt make report 2>&1
# `maketest.log` is created by `make report`
> $reportsDirectory/$target.make.test.maketest.log.txt cat maketest.log 2>&1
mv apps/openssl $binariesDirectory/openssl.$target
mv testlog $statisticsDirectory/openssl.$target.testlog.txt
> $statisticsDirectory/openssl.$target.version.txt $binariesDirectory/openssl.$target version -a 2>&1
> $statisticsDirectory/openssl.$target.ciphercount.txt echo "Cipher counts for $target"
for cipher_type in "${cipher_types[@]}"
do
get_ciphers="$binariesDirectory/openssl.$target ciphers -V $cipher_type"
echo $get_ciphers
>> $statisticsDirectory/openssl.$target.ciphercount.txt echo "Count for cypher type $cipher_type:"
$get_ciphers 2>&1 | grep 0x | wc -l >> $statisticsDirectory/openssl.$target.ciphercount.txt
> "$statisticsDirectory/openssl.$target.ciphers.$cipher_type.txt" $get_ciphers 2>&1 | sort
done
}
rm -rf $outDirectory
mkdir $outDirectory
mkdir $binariesDirectory
mkdir $reportsDirectory
mkdir $statisticsDirectory
for architecture in "${architectures[@]}"
do
## associative arrays: http://stackoverflow.com/questions/3112687/how-to-iterate-over-associative-array-in-bash/3113285#3113285
## bash 4:
# build1architecture "$architecture" ${cc_arguments_by_architecture["$architecture"]}
## get associate simulation http://stackoverflow.com/questions/3236871/how-to-return-a-string-value-from-a-bash-function
build1architecture "$architecture" $(cc_arguments_by_architecture $architecture)
done
cat $statisticsDirectory/*count*
cat $statisticsDirectory/*testlog*
# target names are the ones used in uname: https://github.com/drwetter/testssl.sh/issues/127#issuecomment-127408205
target_x86="Darwin.i386"
target_x64="Darwin.x86_64"
## bash 4 associative array:
# declare -A targets_by_architecture=(["$architecture_darwin_x64"]="$target_x64" ["$architecture_darwin_x86"]="$target_x86")
## simulate associative array using a function doing echo to stdout and evaluate the result
## http://stackoverflow.com/questions/14482943/can-a-string-be-returned-from-a-bash-function-without-using-echo-or-global-varia
targets_by_architecture() {
case "$1" in
"$architecture_darwin_x64") echo "$target_x64";;
"$architecture_darwin_x86") echo "$target_x86";;
esac
}
for architecture in "${architectures[@]}"
do
# bash 4: current_target=${targets_by_architecture["$architecture"]}
## get associate simulation http://stackoverflow.com/questions/3236871/how-to-return-a-string-value-from-a-bash-function
current_target=$(targets_by_architecture $architecture)
echo "architecture: $architecture leads to target: $current_target"
cp -p "$binariesDirectory/openssl.$architecture" "$binariesDirectory/openssl.$current_target"
strip "$binariesDirectory/openssl.$current_target"
cp -p "$binariesDirectory/openssl.$current_target" "$binary_directory/openssl.$current_target"
cp -p "$binariesDirectory/openssl.$architecture" "$binary_directory/openssl.$architecture"
pushd $binary_directory
git add openssl.$current_target
popd
done
popd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment