The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,161 other followers

Builds ChaCha20 version of openssl on Mac OS X static without dylib for use with testssl.sh

Posted by jpluimers on 2016/08/17

A while ago, testssl.sh [WayBack] needed Darwin binaries (for OS X): Supply Darwin binaries + install documentation · Issue #127 · drwetter/testssl.sh [WayBack]

So I created the small Bourne shell (sh) script below to deliver them.

It allows me to update these gists:

The build script itself is in a gist as well: https://gist.github.com/f4de3937630b87753133.git [WayBack]

It helped me to contribute to these testssl.sh issues:

Not all of these binaries are in https://github.com/drwetter/testssl.sh/tree/master/bin [WayBack] as it makes the testssl.sh repository too bloated. Some (including non-OSX builds made by others) are here:

Eventually the script might get merged into https://github.com/drwetter/testssl.sh/blob/master/utils/make-openssl.sh [WayBack] as there is a Darwin switch in this commit: https://github.com/drwetter/testssl.sh/commit/6efc3e90f52e5926b0853d3b2fb221b631dcf452 [WayBack]

–jeroen

via: Builds ChaCha20 version of openssl on Mac OS X static without dylib for use with testssl.sh [WayBack]

#!/bin/sh
## -no-shared builds a static binary without the need of dylib files
# requires: Perl; reasonably new version of Xcode and https://github.com/PeterMosmans/openssl
pushd /tmp
git clone https://github.com/drwetter/openssl-pm-snapshot.git openssl
#git clone https://github.com/drwetter/openssl.git openssl
#git clone https://jpluimers@github.com/jpluimers/openssl.git openssl
#git clone https://github.com/PeterMosmans/openssl openssl
cd openssl
# bash debugging, see: http://stackoverflow.com/questions/2853803/in-a-shell-script-echo-shell-commands-as-they-are-executed/2853811#2853811
set -vx
outDirectory="../out"
binariesDirectory="$outDirectory/binaries.testssl.macOS"
reportsDirectory="$outDirectory/reports.testssl.macOS"
statisticsDirectory="$outDirectory/statistics.testssl.macOS"
# http://stackoverflow.com/questions/3963716/how-to-manually-expand-a-special-variable-ex-tilde-in-bash
binary_directory="${HOME}/Versioned/testssl.sh/bin/"
cipher_types=("DEFAULT" "ALL:COMPLEMENTOFALL")
# In $arguments, note -static is not supported on OS X as both cc and gcc direct to clang.
# You get the below error. See: http://stackoverflow.com/questions/5259249/creating-static-mac-os-x-c-build
# ld: library not found for -lcrt0.o
#cc_arguments_common="no-shared enable-static-engine no-zlib-dynamic enable-zlib enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc2 enable-rc5 enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS"
#cc_arguments_common="no-shared enable-static-engine no-zlib-dynamic enable-zlib enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc2 enable-rc5 enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake -DOPENSSL_USE_BUILD_DATE"
# for "zlib no-zlib-dynamic", you need the zlib-devel package on your Mac, see https://github.com/drwetter/testssl.sh/issues/164#issuecomment-132144489
# installing zlib-devel with `xcode-select –install`; see http://stackoverflow.com/questions/23749530/brew-install-zlib-devel-on-mac-os-x-mavericks/26912010#26912010
#cc_arguments_common="no-shared enable-static-engine zlib no-zlib-dynamic enable-zlib enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc2 enable-rc5 enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake -DOPENSSL_USE_BUILD_DATE"
cc_arguments_common="no-shared enable-static-engine zlib no-zlib-dynamic -DOPENSSL_USE_IPV6 \
-DOPENSSL_USE_BUILD_DATE enable-zlib \
enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc5 enable-rc2 \
enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake" # -DTEMP_GOST_TLS"
# notes:
# – removed because of cipher order: -DTEMP_GOST_TLS
cc_arguments_x86="$cc_arguments_common "
cc_arguments_x64="$cc_arguments_common enable-ec_nistp_64_gcc_128 "
# architecture names are the ones used in openssl/config:
architecture_darwin_x64="darwin64-x86_64-cc"
architecture_darwin_x86="darwin-i386-cc"
architectures=("$architecture_darwin_x64" "$architecture_darwin_x86")
## Declare associative array: http://wiki.bash-hackers.org/commands/builtin/declare
## declare -A cc_arguments_by_architecture=(["$architecture_darwin_x64"]="$cc_arguments_x64" ["$architecture_darwin_x86"]="$cc_arguments_x86")
## But OS/X does not have bash version 4: http://stackoverflow.com/questions/6047648/bash-4-associative-arrays-error-declare-a-invalid-option
## So work around it using functions
## http://stackoverflow.com/questions/14482943/can-a-string-be-returned-from-a-bash-function-without-using-echo-or-global-varia
cc_arguments_by_architecture() {
case "$1" in
"$architecture_darwin_x64") echo "$cc_arguments_x64";;
"$architecture_darwin_x86") echo "$cc_arguments_x86";;
esac
}
build1architecture() {
target=$1
# all but first: http://stackoverflow.com/questions/9057387/process-all-arguments-except-the-first-one/9057392#9057392
arguments="${*:2}"
echo "Building for '$target' with arguments '$arguments'" | tee $outDirectory/$target.target.arguments.txt
make dclean > $outDirectory/$target.make.dclean.txt
make clean > $outDirectory/$target.make.clean.txt
2>&1 > $outDirectory/$target.Configure.txt ./Configure $target $arguments
> $outDirectory/$target.make.depend.txt make depend 2>&1
> $outDirectory/$target.make.txt make 2>&1
> $reportsDirectory/$target.make.test.txt make test 2>&1
> $reportsDirectory/$target.make.report.txt make report 2>&1
# `maketest.log` is created by `make report`
> $reportsDirectory/$target.make.test.maketest.log.txt cat maketest.log 2>&1
mv apps/openssl $binariesDirectory/openssl.$target
mv testlog $statisticsDirectory/openssl.$target.testlog.txt
> $statisticsDirectory/openssl.$target.version.txt $binariesDirectory/openssl.$target version -a 2>&1
> $statisticsDirectory/openssl.$target.ciphercount.txt echo "Cipher counts for $target"
for cipher_type in "${cipher_types[@]}"
do
get_ciphers="$binariesDirectory/openssl.$target ciphers -V $cipher_type"
echo $get_ciphers
>> $statisticsDirectory/openssl.$target.ciphercount.txt echo "Count for cypher type $cipher_type:"
$get_ciphers 2>&1 | grep 0x | wc -l >> $statisticsDirectory/openssl.$target.ciphercount.txt
> "$statisticsDirectory/openssl.$target.ciphers.$cipher_type.txt" $get_ciphers 2>&1 | sort
done
}
rm -rf $outDirectory
mkdir $outDirectory
mkdir $binariesDirectory
mkdir $reportsDirectory
mkdir $statisticsDirectory
for architecture in "${architectures[@]}"
do
## associative arrays: http://stackoverflow.com/questions/3112687/how-to-iterate-over-associative-array-in-bash/3113285#3113285
## bash 4:
# build1architecture "$architecture" ${cc_arguments_by_architecture["$architecture"]}
## get associate simulation http://stackoverflow.com/questions/3236871/how-to-return-a-string-value-from-a-bash-function
build1architecture "$architecture" $(cc_arguments_by_architecture $architecture)
done
cat $statisticsDirectory/*count*
cat $statisticsDirectory/*testlog*
# target names are the ones used in uname: https://github.com/drwetter/testssl.sh/issues/127#issuecomment-127408205
target_x86="Darwin.i386"
target_x64="Darwin.x86_64"
## bash 4 associative array:
# declare -A targets_by_architecture=(["$architecture_darwin_x64"]="$target_x64" ["$architecture_darwin_x86"]="$target_x86")
## simulate associative array using a function doing echo to stdout and evaluate the result
## http://stackoverflow.com/questions/14482943/can-a-string-be-returned-from-a-bash-function-without-using-echo-or-global-varia
targets_by_architecture() {
case "$1" in
"$architecture_darwin_x64") echo "$target_x64";;
"$architecture_darwin_x86") echo "$target_x86";;
esac
}
for architecture in "${architectures[@]}"
do
# bash 4: current_target=${targets_by_architecture["$architecture"]}
## get associate simulation http://stackoverflow.com/questions/3236871/how-to-return-a-string-value-from-a-bash-function
current_target=$(targets_by_architecture $architecture)
echo "architecture: $architecture leads to target: $current_target"
cp -p "$binariesDirectory/openssl.$architecture" "$binariesDirectory/openssl.$current_target"
strip "$binariesDirectory/openssl.$current_target"
cp -p "$binariesDirectory/openssl.$current_target" "$binary_directory/openssl.$current_target"
cp -p "$binariesDirectory/openssl.$architecture" "$binary_directory/openssl.$architecture"
pushd $binary_directory
git add openssl.$current_target
popd
done
popd

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: