bin mess cleanup contibued

2015-09-03 12:53:21 +02:00 · 2015-09-03 12:53:21 +02:00 · 4c52c4121b
parent 49802e8a41
commit 4c52c4121b
5 changed files with 0 additions and 96 deletions
--- a/openssl-bins/openssl-1.0.2-chacha.pm/new-ciphers.diffed2vanilla.txt
+++ b/openssl-bins/openssl-1.0.2-chacha.pm/new-ciphers.diffed2vanilla.txt
--- a/openssl-bins/openssl-1.0.2-chacha.pm/new-ciphers.std_distro.txt
+++ b/openssl-bins/openssl-1.0.2-chacha.pm/new-ciphers.std_distro.txt
--- a/openssl-bins/openssl-1.0.2-chacha.pm/openssl-Vall.krb.txt
+++ b/openssl-bins/openssl-1.0.2-chacha.pm/openssl-Vall.krb.txt
--- a/openssl-bins/openssl-1.0.2-chacha.pm/openssl-Vall.txt
+++ b/openssl-bins/openssl-1.0.2-chacha.pm/openssl-Vall.txt
--- a/openssl-bins/openssl-1.0.2-chacha.pm/Readme.md
+++ b/openssl-bins/openssl-1.0.2-chacha.pm/Readme.md
@ -1,96 +0,0 @@
-
-Compiling and Usage Instructions
-================================
-
-The precompiled binaries provided here have extended support for everything
-which is normally not configured to be compiled (40+56 Bit, export/ANON ciphers, weak DH ciphers, 
-SSLv2 etc.) -- all the dirty features needed for testing. OTOH the binaries also come with extended support for new / advanced cipher suites and/or features which are not (yet?) in the official branch.
-
-The binaries in this directory are all compiled from an OpenSSL 1.0.2 fork
-from Peter Mosmans. He has patched the master git branch
-to support CHACHA20 + POLY1305 and other ciphers like CAMELIA 256 Bit.
-
-The binary ``openssl-1.0.2pm.darwin.64``, based on Peter Mosmans 1.0.2b-dev, was borrowed with permission from Julien Vehent's cipherscan.
-
-
-
-General
-------
-
-Both 64+32 bit Linux binaries were compiled under Ubuntu 12.04 LTS. Likely you
-cannot use them for older distributions, younger worked in my test environments. I provide 
-for each distributions two sets of binaries:
-
-* completely statically linked binaries
-* dynamically linked binaries, additionally with MIT Kerberos support ("krb5" in the name).
-  They provide also KRB5-* and EXP-KRB5-* support (in OpenSSL terminology, see krb5-ciphers.txt). 
-
-For the latter you need a whopping bunch of kerberos runtime libraries which you maybe need to 
-install from your distributor (libgssapi_krb5, libkrb5, libcom_err, libk5crypto, libkrb5support, 
-libkeyutils). The 'static' binaries do not have MIT kerberos support as there are no
-static kerberos libs and I did not bother to compile them from the sources.
-
-
-Compilation instructions
------------------------
-
-If you want to compile OpenSSL yourself, here are the instructions:
-
-1.) get openssl from Peter Mosmans' repo:
-
-     git clone https://github.com/PeterMosmans/openssl
-     cd openssl
-
-2.) configure the damned thing. Options I used (see https://github.com/drwetter/testssl.sh/blob/master/openssl-bins/make-openssl.sh)
-
-**for 64Bit including Kerberos ciphers:**
-
-    ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
-    enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
-    enable-seed enable-camellia enable-idea enable-rfc3779 enable-ec_nistp_64_gcc_128 \
-    --with-krb5-flavor=MIT experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS
-    
-**for 64Bit, static binaries:**    
-
-    ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
-    enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
-    enable-seed enable-camellia enable-idea enable-rfc3779 enable-ec_nistp_64_gcc_128 \
-    -static experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS
-
-**for 32 Bit including Kerberos ciphers:**
-
-    ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
-    enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
-    enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \
-    --with-krb5-flavor=MIT experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS
-    
- **for 32 Bit, static binaries:**
-
-    ./config --prefix=/usr/ --openssldir=/etc/ssl enable-zlib enable-ssl2 enable-rc5 enable-rc2 \
-    enable-GOST enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \
-    enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \
-    -static experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS
-
-Two GOST [1][2] ciphers (``GOST-GOST94``, ``GOST-MD5``) come with ``-DTEMP_GOST_TLS``, four additional come via openssl engine. ``-DTEMP_GOST_TLS`` on earlier versions of openssl broke things.
-
-So the difference you maybe spotted: If you don't have / don't want Kerberos libraries and devel rpms/debs, omit "--with-krb5-flavor=MIT" (see examples). 
-If you have another Kerberos flavor you would need to figure out by yourself.
-
-3.) make depend
-
-4.) make
-
-5.) make report (check whether it runs ok!)
-
-6.) "./apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l" lists now for me 
-* 193(+4 GOST) ciphers -- including kerberos
-* 179(+4 GOST) ciphers without kerberos
-
-as opposed to 111/109 from Ubuntu or Opensuse. 
-
-**Never use these binaries for anything other than testing**
-
-Enjoy, Dirk
-
-[1] https://en.wikipedia.org/wiki/GOST_%29block_cipher%29
-[2] http://fossies.org/linux/openssl/engines/ccgost/README.gost