cmake project for openssl-1.1.0

2025-04-26 09:44:35 +00:00 · 2018-09-04 22:03:58 +02:00 · 2018-09-04 22:03:58 +02:00 · 6aaf7e9888
commit 6aaf7e9888
parent 7ab9b2c3c8
14 changed files with 1826 additions and 0 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -0,0 +1,114 @@
+# Based on original work by David Manura
+# Copyright (C) 2007-2012 LuaDist.
+# Copyright (C) 2013 Brian Sidebotham
+
+# Redistribution and use of this file is allowed according to the terms of the
+# MIT license.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+
+project( openssl )
+cmake_minimum_required( VERSION 3.1.0 )
+
+set( VERSION_MAJOR 1  )
+set( VERSION_MINOR 1  )
+set( VERSION_PATCH 0i )
+
+set( VERSION_STRING ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH} )
+set( LIB_VERSION ${VERSION_MAJOR}.${VERSION_MINOR} )
+set( LIB_SOVERSION ${VERSION_MAJOR}.${VERSION_MINOR} )
+
+include_directories ( BEFORE SYSTEM
+    ${CMAKE_CURRENT_BINARY_DIR}/crypto
+    ${CMAKE_CURRENT_BINARY_DIR}/ssl
+    ${CMAKE_CURRENT_BINARY_DIR}/include
+    crypto . )
+
+add_definitions( -DOPENSSL_NO_ASM )
+add_definitions( -DOPENSSL_NO_STATIC_ENGINE )
+add_definitions( "-DOPENSSLDIR=\"/usr/local/ssl\"" )
+add_definitions( "-DENGINESDIR=\"/usr/local/engines-1.1\"" )
+
+if ( APPLE )
+  set( CMAKE_MACOSX_RPATH ON )
+  add_definitions( -DOPENSSL_SYSNAME_MACOSX )
+endif()
+
+if( WIN32 AND NOT CYGWIN )
+  add_definitions( -DOPENSSL_SYSNAME_WIN32 )
+  add_definitions( -DWIN32_LEAN_AND_MEAN )
+
+  # avoid conflict: ocsp.h and wincrypt.h
+  add_definitions( -D_WINDLL )
+endif()
+
+if( MINGW )
+  set( CMAKE_SHARED_LINKER_FLAGS "-Wl,--export-all" )
+endif()
+
+include(CheckTypeSize)
+check_type_size( "long" LONG_INT )
+check_type_size( "long long" LONG_LONG_INT )
+check_type_size( "int" INT )
+if ( HAVE_LONG_INT AND (${LONG_INT} EQUAL 8) )
+  set ( SIXTY_FOUR_BIT_LONG ON )
+elseif ( HAVE_LONG_LONG_INT AND (${LONG_LONG_INT} EQUAL 8) )
+  set ( SIXTY_FOUR_BIT ON )
+else()
+  set ( THIRTY_TWO_BIT ON )
+endif()
+
+if ( WIN32 AND MINGW AND NOT CYGWIN )
+  set( OPENSSL_EXPORT_VAR_AS_FUNCTION true )
+endif()
+
+add_subdirectory( crypto )
+add_subdirectory( ssl )
+add_subdirectory( apps )
+
+file( COPY ${PROJECT_SOURCE_DIR}/include/internal DESTINATION include )
+file( COPY ${PROJECT_SOURCE_DIR}/include/openssl DESTINATION include )
+
+configure_file( ${PROJECT_SOURCE_DIR}/opensslconf.h.cmake
+  ${PROJECT_BINARY_DIR}/include/openssl/opensslconf.h )
+
+file( READ ${PROJECT_SOURCE_DIR}/c_rehash.cmake C_REHASH )
+string( REPLACE "@OPENSSLDIR@" "${OPENSSLDIR}" C_REHASH "${C_REHASH}" )
+string( REPLACE "@CMAKE_INSTALL_PREFIX@" "${CMAKE_INSTALL_PREFIX}" C_REHASH "${C_REHASH}" )
+file( WRITE ${PROJECT_BINARY_DIR}/c_rehash "${C_REHASH}" )
+
+install( DIRECTORY ${PROJECT_BINARY_DIR}/include/openssl DESTINATION include )
+
+install( FILES
+  ${PROJECT_BINARY_DIR}/c_rehash
+  FAQ LICENSE README README.ENGINE
+  DESTINATION share/openssl )
+
+install( DIRECTORY doc DESTINATION share )
+
+# Generate the package target
+set( CPACK_GENERATOR ZIP TGZ )
+set( CPACK_PACKAGE_NAME "openssl-cmake" )
+set( CPACK_PACKAGE_VERSION_MAJOR ${VERSION_MAJOR} )
+set( CPACK_PACKAGE_VERSION_MINOR ${VERSION_MINOR} )
+set( CPACK_PACKAGE_VERSION_PATCH ${VERSION_PATCH} )
+
+include( CPack )
+
--- a/apps/CA.pl.cmake
+++ b/apps/CA.pl.cmake
@ -0,0 +1,194 @@
+# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# Wrapper around the ca to make it easier to use
+#
+
+use strict;
+use warnings;
+
+my $openssl = "openssl";
+if(defined $ENV{'OPENSSL'}) {
+    $openssl = $ENV{'OPENSSL'};
+} else {
+    $ENV{'OPENSSL'} = $openssl;
+}
+
+my $verbose = 1;
+
+my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
+my $DAYS = "-days 365";
+my $CADAYS = "-days 1095";	# 3 years
+my $REQ = "$openssl req $OPENSSL_CONFIG";
+my $CA = "$openssl ca $OPENSSL_CONFIG";
+my $VERIFY = "$openssl verify";
+my $X509 = "$openssl x509";
+my $PKCS12 = "$openssl pkcs12";
+
+# default openssl.cnf file has setup as per the following
+my $CATOP = "./demoCA";
+my $CAKEY = "cakey.pem";
+my $CAREQ = "careq.pem";
+my $CACERT = "cacert.pem";
+my $CACRL = "crl.pem";
+my $DIRMODE = 0777;
+
+my $NEWKEY = "newkey.pem";
+my $NEWREQ = "newreq.pem";
+my $NEWCERT = "newcert.pem";
+my $NEWP12 = "newcert.p12";
+my $RET = 0;
+my $WHAT = shift @ARGV || "";
+my $FILE;
+
+# See if reason for a CRL entry is valid; exit if not.
+sub crl_reason_ok
+{
+    my $r = shift;
+
+    if ($r eq 'unspecified' || $r eq 'keyCompromise'
+        || $r eq 'CACompromise' || $r eq 'affiliationChanged'
+        || $r eq 'superseded' || $r eq 'cessationOfOperation'
+        || $r eq 'certificateHold' || $r eq 'removeFromCRL') {
+        return 1;
+    }
+    print STDERR "Invalid CRL reason; must be one of:\n";
+    print STDERR "    unspecified, keyCompromise, CACompromise,\n";
+    print STDERR "    affiliationChanged, superseded, cessationOfOperation\n";
+    print STDERR "    certificateHold, removeFromCRL";
+    exit 1;
+}
+
+# Copy a PEM-format file; return like exit status (zero means ok)
+sub copy_pemfile
+{
+    my ($infile, $outfile, $bound) = @_;
+    my $found = 0;
+
+    open IN, $infile || die "Cannot open $infile, $!";
+    open OUT, ">$outfile" || die "Cannot write to $outfile, $!";
+    while (<IN>) {
+        $found = 1 if /^-----BEGIN.*$bound/;
+        print OUT $_ if $found;
+        $found = 2, last if /^-----END.*$bound/;
+    }
+    close IN;
+    close OUT;
+    return $found == 2 ? 0 : 1;
+}
+
+# Wrapper around system; useful for debugging.  Returns just the exit status
+sub run
+{
+    my $cmd = shift;
+    print "====\n$cmd\n" if $verbose;
+    my $status = system($cmd);
+    print "==> $status\n====\n" if $verbose;
+    return $status >> 8;
+}
+
+
+if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
+    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
+    print STDERR "       CA -pkcs12 [certname]\n";
+    print STDERR "       CA -crl|-revoke cert-filename [reason]\n";
+    exit 0;
+}
+if ($WHAT eq '-newcert' ) {
+    # create a certificate
+    $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS");
+    print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-newreq' ) {
+    # create a certificate request
+    $RET = run("$REQ -new -keyout $NEWKEY -out $NEWREQ $DAYS");
+    print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-newreq-nodes' ) {
+    # create a certificate request
+    $RET = run("$REQ -new -nodes -keyout $NEWKEY -out $NEWREQ $DAYS");
+    print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-newca' ) {
+    # create the directory hierarchy
+    mkdir ${CATOP}, $DIRMODE;
+    mkdir "${CATOP}/certs", $DIRMODE;
+    mkdir "${CATOP}/crl", $DIRMODE ;
+    mkdir "${CATOP}/newcerts", $DIRMODE;
+    mkdir "${CATOP}/private", $DIRMODE;
+    open OUT, ">${CATOP}/index.txt";
+    close OUT;
+    open OUT, ">${CATOP}/crlnumber";
+    print OUT "01\n";
+    close OUT;
+    # ask user for existing CA certificate
+    print "CA certificate filename (or enter to create)\n";
+    $FILE = "" unless defined($FILE = <STDIN>);
+    $FILE =~ s{\R$}{};
+    if ($FILE ne "") {
+        copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+        copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+    } else {
+        print "Making CA certificate ...\n";
+        $RET = run("$REQ -new -keyout"
+                . " ${CATOP}/private/$CAKEY"
+                . " -out ${CATOP}/$CAREQ");
+        $RET = run("$CA -create_serial"
+                . " -out ${CATOP}/$CACERT $CADAYS -batch"
+                . " -keyfile ${CATOP}/private/$CAKEY -selfsign"
+                . " -extensions v3_ca"
+                . " -infiles ${CATOP}/$CAREQ") if $RET == 0;
+        print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
+    }
+} elsif ($WHAT eq '-pkcs12' ) {
+    my $cname = $ARGV[0];
+    $cname = "My Certificate" unless defined $cname;
+    $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
+            . " -certfile ${CATOP}/$CACERT"
+            . " -out $NEWP12"
+            . " -export -name \"$cname\"");
+    print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
+} elsif ($WHAT eq '-xsign' ) {
+    $RET = run("$CA -policy policy_anything -infiles $NEWREQ");
+} elsif ($WHAT eq '-sign' ) {
+    $RET = run("$CA -policy policy_anything -out $NEWCERT -infiles $NEWREQ");
+    print "Signed certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-signCA' ) {
+    $RET = run("$CA -policy policy_anything -out $NEWCERT"
+            . " -extensions v3_ca -infiles $NEWREQ");
+    print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-signcert' ) {
+    $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
+            . " -out tmp.pem");
+    $RET = run("$CA -policy policy_anything -out $NEWCERT"
+            . " -infiles tmp.pem") if $RET == 0;
+    print "Signed certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-verify' ) {
+    my @files = @ARGV ? @ARGV : ( $NEWCERT );
+    my $file;
+    foreach $file (@files) {
+        my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file");
+        $RET = $status if $status != 0;
+    }
+} elsif ($WHAT eq '-crl' ) {
+    $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL");
+    print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
+} elsif ($WHAT eq '-revoke' ) {
+    my $cname = $ARGV[0];
+    if (!defined $cname) {
+        print "Certificate filename is required; reason optional.\n";
+        exit 1;
+    }
+    my $reason = $ARGV[1];
+    $reason = " -crl_reason $reason"
+        if defined $reason && crl_reason_ok($reason);
+    $RET = run("$CA -revoke \"$cname\"" . $reason);
+} else {
+    print STDERR "Unknown arg \"$WHAT\"\n";
+    print STDERR "Use -help for help.\n";
+    exit 1;
+}
+
+exit $RET;
--- a/apps/CMakeLists.txt
+++ b/apps/CMakeLists.txt
@ -0,0 +1,57 @@
+# Based on original work by David Manura
+# Copyright (C) 2007-2012 LuaDist.
+# Copyright (C) 2013 Brian Sidebotham
+
+# Redistribution and use of this file is allowed according to the terms of the
+# MIT license.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+file( READ ${CMAKE_CURRENT_SOURCE_DIR}/CA.pl.cmake CA_PL )
+file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/CA.pl "${CA_PL}" )
+
+file( READ ${CMAKE_CURRENT_SOURCE_DIR}/tsget.cmake TSGET )
+string( REPLACE "@VERSION_STRING@" "${VERSION_STRING}" TSGET "${TSGET}" )
+file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/tsget "${TSGET}" )
+
+file( READ ${CMAKE_CURRENT_SOURCE_DIR}/progs.h.cmake PROGS_H )
+file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/progs.h "${PROGS_H}" )
+
+include_directories( BEFORE SYSTEM ${CMAKE_CURRENT_BINARY_DIR} )
+
+add_definitions ( -DMONOLITH )
+
+set ( E_SRC
+  app_rand.c apps.c asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
+  dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c genpkey.c
+  genrsa.c nseq.c ocsp.c openssl.c opt.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c
+  pkeyparam.c pkeyutl.c prime.c rand.c rehash.c req.c rsa.c rsautl.c s_cb.c
+  s_client.c s_server.c s_socket.c s_time.c sess_id.c smime.c speed.c spkac.c srp.c
+  ts.c verify.c version.c x509.c )
+
+add_executable ( openssl ${E_SRC} )
+target_link_libraries ( openssl crypto ssl )
+
+install( TARGETS openssl
+    RUNTIME DESTINATION bin )
+
+install( FILES
+  ${CMAKE_CURRENT_BINARY_DIR}/CA.pl
+  ${CMAKE_CURRENT_BINARY_DIR}/tsget
+  DESTINATION share/openssl )
--- a/apps/progs.h.cmake
+++ b/apps/progs.h.cmake
@ -0,0 +1,418 @@
+/*
+ * WARNING: do not edit!
+ * Generated by apps/progs.pl
+ *
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef enum FUNC_TYPE {
+    FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
+    FT_md_alg, FT_cipher_alg
+} FUNC_TYPE;
+
+typedef struct function_st {
+    FUNC_TYPE type;
+    const char *name;
+    int (*func)(int argc, char *argv[]);
+    const OPTIONS *help;
+} FUNCTION;
+
+DEFINE_LHASH_OF(FUNCTION);
+
+extern int asn1parse_main(int argc, char *argv[]);
+extern int ca_main(int argc, char *argv[]);
+extern int ciphers_main(int argc, char *argv[]);
+extern int cms_main(int argc, char *argv[]);
+extern int crl_main(int argc, char *argv[]);
+extern int crl2pkcs7_main(int argc, char *argv[]);
+extern int dgst_main(int argc, char *argv[]);
+extern int dhparam_main(int argc, char *argv[]);
+extern int dsa_main(int argc, char *argv[]);
+extern int dsaparam_main(int argc, char *argv[]);
+extern int ec_main(int argc, char *argv[]);
+extern int ecparam_main(int argc, char *argv[]);
+extern int enc_main(int argc, char *argv[]);
+extern int engine_main(int argc, char *argv[]);
+extern int errstr_main(int argc, char *argv[]);
+extern int exit_main(int argc, char *argv[]);
+extern int gendsa_main(int argc, char *argv[]);
+extern int genpkey_main(int argc, char *argv[]);
+extern int genrsa_main(int argc, char *argv[]);
+extern int help_main(int argc, char *argv[]);
+extern int list_main(int argc, char *argv[]);
+extern int nseq_main(int argc, char *argv[]);
+extern int ocsp_main(int argc, char *argv[]);
+extern int passwd_main(int argc, char *argv[]);
+extern int pkcs12_main(int argc, char *argv[]);
+extern int pkcs7_main(int argc, char *argv[]);
+extern int pkcs8_main(int argc, char *argv[]);
+extern int pkey_main(int argc, char *argv[]);
+extern int pkeyparam_main(int argc, char *argv[]);
+extern int pkeyutl_main(int argc, char *argv[]);
+extern int prime_main(int argc, char *argv[]);
+extern int rand_main(int argc, char *argv[]);
+extern int rehash_main(int argc, char *argv[]);
+extern int req_main(int argc, char *argv[]);
+extern int rsa_main(int argc, char *argv[]);
+extern int rsautl_main(int argc, char *argv[]);
+extern int s_client_main(int argc, char *argv[]);
+extern int s_server_main(int argc, char *argv[]);
+extern int s_time_main(int argc, char *argv[]);
+extern int sess_id_main(int argc, char *argv[]);
+extern int smime_main(int argc, char *argv[]);
+extern int speed_main(int argc, char *argv[]);
+extern int spkac_main(int argc, char *argv[]);
+extern int srp_main(int argc, char *argv[]);
+extern int ts_main(int argc, char *argv[]);
+extern int verify_main(int argc, char *argv[]);
+extern int version_main(int argc, char *argv[]);
+extern int x509_main(int argc, char *argv[]);
+
+extern OPTIONS asn1parse_options[];
+extern OPTIONS ca_options[];
+extern OPTIONS ciphers_options[];
+extern OPTIONS cms_options[];
+extern OPTIONS crl_options[];
+extern OPTIONS crl2pkcs7_options[];
+extern OPTIONS dgst_options[];
+extern OPTIONS dhparam_options[];
+extern OPTIONS dsa_options[];
+extern OPTIONS dsaparam_options[];
+extern OPTIONS ec_options[];
+extern OPTIONS ecparam_options[];
+extern OPTIONS enc_options[];
+extern OPTIONS engine_options[];
+extern OPTIONS errstr_options[];
+extern OPTIONS exit_options[];
+extern OPTIONS gendsa_options[];
+extern OPTIONS genpkey_options[];
+extern OPTIONS genrsa_options[];
+extern OPTIONS help_options[];
+extern OPTIONS list_options[];
+extern OPTIONS nseq_options[];
+extern OPTIONS ocsp_options[];
+extern OPTIONS passwd_options[];
+extern OPTIONS pkcs12_options[];
+extern OPTIONS pkcs7_options[];
+extern OPTIONS pkcs8_options[];
+extern OPTIONS pkey_options[];
+extern OPTIONS pkeyparam_options[];
+extern OPTIONS pkeyutl_options[];
+extern OPTIONS prime_options[];
+extern OPTIONS rand_options[];
+extern OPTIONS rehash_options[];
+extern OPTIONS req_options[];
+extern OPTIONS rsa_options[];
+extern OPTIONS rsautl_options[];
+extern OPTIONS s_client_options[];
+extern OPTIONS s_server_options[];
+extern OPTIONS s_time_options[];
+extern OPTIONS sess_id_options[];
+extern OPTIONS smime_options[];
+extern OPTIONS speed_options[];
+extern OPTIONS spkac_options[];
+extern OPTIONS srp_options[];
+extern OPTIONS ts_options[];
+extern OPTIONS verify_options[];
+extern OPTIONS version_options[];
+extern OPTIONS x509_options[];
+
+#ifdef INCLUDE_FUNCTION_TABLE
+static FUNCTION functions[] = {
+    { FT_general, "asn1parse", asn1parse_main, asn1parse_options },
+    { FT_general, "ca", ca_main, ca_options },
+#ifndef OPENSSL_NO_SOCK
+    { FT_general, "ciphers", ciphers_main, ciphers_options },
+#endif
+#ifndef OPENSSL_NO_CMS
+    { FT_general, "cms", cms_main, cms_options },
+#endif
+    { FT_general, "crl", crl_main, crl_options },
+    { FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options },
+    { FT_general, "dgst", dgst_main, dgst_options },
+#ifndef OPENSSL_NO_DH
+    { FT_general, "dhparam", dhparam_main, dhparam_options },
+#endif
+#ifndef OPENSSL_NO_DSA
+    { FT_general, "dsa", dsa_main, dsa_options },
+#endif
+#ifndef OPENSSL_NO_DSA
+    { FT_general, "dsaparam", dsaparam_main, dsaparam_options },
+#endif
+#ifndef OPENSSL_NO_EC
+    { FT_general, "ec", ec_main, ec_options },
+#endif
+#ifndef OPENSSL_NO_EC
+    { FT_general, "ecparam", ecparam_main, ecparam_options },
+#endif
+    { FT_general, "enc", enc_main, enc_options },
+#ifndef OPENSSL_NO_ENGINE
+    { FT_general, "engine", engine_main, engine_options },
+#endif
+    { FT_general, "errstr", errstr_main, errstr_options },
+    { FT_general, "exit", exit_main, exit_options },
+#ifndef OPENSSL_NO_DSA
+    { FT_general, "gendsa", gendsa_main, gendsa_options },
+#endif
+    { FT_general, "genpkey", genpkey_main, genpkey_options },
+#ifndef OPENSSL_NO_RSA
+    { FT_general, "genrsa", genrsa_main, genrsa_options },
+#endif
+    { FT_general, "help", help_main, help_options },
+    { FT_general, "list", list_main, list_options },
+    { FT_general, "nseq", nseq_main, nseq_options },
+#ifndef OPENSSL_NO_OCSP
+    { FT_general, "ocsp", ocsp_main, ocsp_options },
+#endif
+    { FT_general, "passwd", passwd_main, passwd_options },
+#ifndef OPENSSL_NO_DES
+    { FT_general, "pkcs12", pkcs12_main, pkcs12_options },
+#endif
+    { FT_general, "pkcs7", pkcs7_main, pkcs7_options },
+    { FT_general, "pkcs8", pkcs8_main, pkcs8_options },
+    { FT_general, "pkey", pkey_main, pkey_options },
+    { FT_general, "pkeyparam", pkeyparam_main, pkeyparam_options },
+    { FT_general, "pkeyutl", pkeyutl_main, pkeyutl_options },
+    { FT_general, "prime", prime_main, prime_options },
+    { FT_general, "rand", rand_main, rand_options },
+    { FT_general, "rehash", rehash_main, rehash_options },
+    { FT_general, "req", req_main, req_options },
+    { FT_general, "rsa", rsa_main, rsa_options },
+#ifndef OPENSSL_NO_RSA
+    { FT_general, "rsautl", rsautl_main, rsautl_options },
+#endif
+#ifndef OPENSSL_NO_SOCK
+    { FT_general, "s_client", s_client_main, s_client_options },
+#endif
+#ifndef OPENSSL_NO_SOCK
+    { FT_general, "s_server", s_server_main, s_server_options },
+#endif
+#ifndef OPENSSL_NO_SOCK
+    { FT_general, "s_time", s_time_main, s_time_options },
+#endif
+    { FT_general, "sess_id", sess_id_main, sess_id_options },
+    { FT_general, "smime", smime_main, smime_options },
+    { FT_general, "speed", speed_main, speed_options },
+    { FT_general, "spkac", spkac_main, spkac_options },
+#ifndef OPENSSL_NO_SRP
+    { FT_general, "srp", srp_main, srp_options },
+#endif
+#ifndef OPENSSL_NO_TS
+    { FT_general, "ts", ts_main, ts_options },
+#endif
+    { FT_general, "verify", verify_main, verify_options },
+    { FT_general, "version", version_main, version_options },
+    { FT_general, "x509", x509_main, x509_options },
+#ifndef OPENSSL_NO_MD2
+    { FT_md, "md2", dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD4
+    { FT_md, "md4", dgst_main},
+#endif
+    { FT_md, "md5", dgst_main},
+#ifndef OPENSSL_NO_GOST
+    { FT_md, "gost", dgst_main},
+#endif
+    { FT_md, "sha1", dgst_main},
+    { FT_md, "sha224", dgst_main},
+    { FT_md, "sha256", dgst_main},
+    { FT_md, "sha384", dgst_main},
+    { FT_md, "sha512", dgst_main},
+#ifndef OPENSSL_NO_MDC2
+    { FT_md, "mdc2", dgst_main},
+#endif
+#ifndef OPENSSL_NO_RMD160
+    { FT_md, "rmd160", dgst_main},
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+    { FT_md, "blake2b512", dgst_main},
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+    { FT_md, "blake2s256", dgst_main},
+#endif
+    { FT_cipher, "aes-128-cbc", enc_main, enc_options },
+    { FT_cipher, "aes-128-ecb", enc_main, enc_options },
+    { FT_cipher, "aes-192-cbc", enc_main, enc_options },
+    { FT_cipher, "aes-192-ecb", enc_main, enc_options },
+    { FT_cipher, "aes-256-cbc", enc_main, enc_options },
+    { FT_cipher, "aes-256-ecb", enc_main, enc_options },
+#ifndef OPENSSL_NO_CAMELLIA
+    { FT_cipher, "camellia-128-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    { FT_cipher, "camellia-128-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    { FT_cipher, "camellia-192-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    { FT_cipher, "camellia-192-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    { FT_cipher, "camellia-256-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    { FT_cipher, "camellia-256-ecb", enc_main, enc_options },
+#endif
+    { FT_cipher, "base64", enc_main, enc_options },
+#ifdef ZLIB
+    { FT_cipher, "zlib", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des3", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "desx", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_IDEA
+    { FT_cipher, "idea", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_SEED
+    { FT_cipher, "seed", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC4
+    { FT_cipher, "rc4", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC4
+    { FT_cipher, "rc4-40", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+    { FT_cipher, "rc2", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_BF
+    { FT_cipher, "bf", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAST
+    { FT_cipher, "cast", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC5
+    { FT_cipher, "rc5", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des-ede", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des-ede3", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des-ede-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des-ede3-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des-ede-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des-ede3-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des-ede-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+    { FT_cipher, "des-ede3-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_IDEA
+    { FT_cipher, "idea-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_IDEA
+    { FT_cipher, "idea-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_IDEA
+    { FT_cipher, "idea-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_IDEA
+    { FT_cipher, "idea-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_SEED
+    { FT_cipher, "seed-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_SEED
+    { FT_cipher, "seed-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_SEED
+    { FT_cipher, "seed-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_SEED
+    { FT_cipher, "seed-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+    { FT_cipher, "rc2-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+    { FT_cipher, "rc2-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+    { FT_cipher, "rc2-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+    { FT_cipher, "rc2-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+    { FT_cipher, "rc2-64-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+    { FT_cipher, "rc2-40-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_BF
+    { FT_cipher, "bf-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_BF
+    { FT_cipher, "bf-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_BF
+    { FT_cipher, "bf-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_BF
+    { FT_cipher, "bf-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAST
+    { FT_cipher, "cast5-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAST
+    { FT_cipher, "cast5-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAST
+    { FT_cipher, "cast5-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAST
+    { FT_cipher, "cast5-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAST
+    { FT_cipher, "cast-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC5
+    { FT_cipher, "rc5-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC5
+    { FT_cipher, "rc5-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC5
+    { FT_cipher, "rc5-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC5
+    { FT_cipher, "rc5-ofb", enc_main, enc_options },
+#endif
+    { 0, NULL, NULL}
+};
+#endif
--- a/apps/tsget.cmake
+++ b/apps/tsget.cmake
@ -0,0 +1,199 @@
+# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
+# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use IO::Handle;
+use Getopt::Std;
+use File::Basename;
+use WWW::Curl::Easy;
+
+use vars qw(%options);
+
+# Callback for reading the body.
+sub read_body {
+    my ($maxlength, $state) = @_;
+    my $return_data = "";
+    my $data_len = length ${$state->{data}};
+    if ($state->{bytes} < $data_len) {
+	$data_len = $data_len - $state->{bytes};
+	$data_len = $maxlength if $data_len > $maxlength;
+	$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
+	$state->{bytes} += $data_len;
+    }
+    return $return_data;
+}
+
+# Callback for writing the body into a variable.
+sub write_body {
+    my ($data, $pointer) = @_;
+    ${$pointer} .= $data;
+    return length($data);
+}
+
+# Initialise a new Curl object.
+sub create_curl {
+    my $url = shift;
+
+    # Create Curl object.
+    my $curl = WWW::Curl::Easy::new();
+
+    # Error-handling related options.
+    $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
+    $curl->setopt(CURLOPT_FAILONERROR, 1);
+    $curl->setopt(CURLOPT_USERAGENT,
+    "OpenTSA tsget.pl/openssl-@VERSION_STRING@");
+
+    # Options for POST method.
+    $curl->setopt(CURLOPT_UPLOAD, 1);
+    $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
+    $curl->setopt(CURLOPT_HTTPHEADER,
+		["Content-Type: application/timestamp-query",
+		"Accept: application/timestamp-reply,application/timestamp-response"]);
+    $curl->setopt(CURLOPT_READFUNCTION, \&read_body);
+    $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
+
+    # Options for getting the result.
+    $curl->setopt(CURLOPT_WRITEFUNCTION, \&write_body);
+
+    # SSL related options.
+    $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM");
+    $curl->setopt(CURLOPT_SSL_VERIFYPEER, 1);	# Verify server's certificate.
+    $curl->setopt(CURLOPT_SSL_VERIFYHOST, 2);	# Check server's CN.
+    $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k});
+    $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p});
+    $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c});
+    $curl->setopt(CURLOPT_CAINFO, $options{C}) if defined($options{C});
+    $curl->setopt(CURLOPT_CAPATH, $options{P}) if defined($options{P});
+    $curl->setopt(CURLOPT_RANDOM_FILE, $options{r}) if defined($options{r});
+    $curl->setopt(CURLOPT_EGDSOCKET, $options{g}) if defined($options{g});
+
+    # Setting destination.
+    $curl->setopt(CURLOPT_URL, $url);
+
+    return $curl;
+}
+
+# Send a request and returns the body back.
+sub get_timestamp {
+    my $curl = shift;
+    my $body = shift;
+    my $ts_body;
+    local $::error_buf;
+
+    # Error-handling related options.
+    $curl->setopt(CURLOPT_ERRORBUFFER, "::error_buf");
+
+    # Options for POST method.
+    $curl->setopt(CURLOPT_INFILE, {data => $body, bytes => 0});
+    $curl->setopt(CURLOPT_INFILESIZE, length(${$body}));
+
+    # Options for getting the result.
+    $curl->setopt(CURLOPT_FILE, \$ts_body);
+
+    # Send the request...
+    my $error_code = $curl->perform();
+    my $error_string;
+    if ($error_code != 0) {
+        my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE);
+	$error_string = "could not get timestamp";
+	$error_string .= ", http code: $http_code" unless $http_code == 0;
+	$error_string .= ", curl code: $error_code";
+	$error_string .= " ($::error_buf)" if defined($::error_buf);
+    } else {
+        my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
+	if (lc($ct) ne "application/timestamp-reply"
+	    && lc($ct) ne "application/timestamp-response") {
+	    $error_string = "unexpected content type returned: $ct";
+        }
+    }
+    return ($ts_body, $error_string);
+
+}
+
+# Print usage information and exists.
+sub usage {
+
+    print STDERR "usage: $0 -h <server_url> [-e <extension>] [-o <output>] ";
+    print STDERR "[-v] [-d] [-k <private_key.pem>] [-p <key_password>] ";
+    print STDERR "[-c <client_cert.pem>] [-C <CA_certs.pem>] [-P <CA_path>] ";
+    print STDERR "[-r <file:file...>] [-g <EGD_socket>] [<request>]...\n";
+    exit 1;
+}
+
+# ----------------------------------------------------------------------
+#   Main program
+# ----------------------------------------------------------------------
+
+# Getting command-line options (default comes from TSGET environment variable).
+my $getopt_arg =  "h:e:o:vdk:p:c:C:P:r:g:";
+if (exists $ENV{TSGET}) {
+    my @old_argv = @ARGV;
+    @ARGV = split /\s+/, $ENV{TSGET};
+    getopts($getopt_arg, \%options) or usage;
+    @ARGV = @old_argv;
+}
+getopts($getopt_arg, \%options) or usage;
+
+# Checking argument consistency.
+if (!exists($options{h}) || (@ARGV == 0 && !exists($options{o}))
+    || (@ARGV > 1 && exists($options{o}))) {
+    print STDERR "Inconsistent command line options.\n";
+    usage;
+}
+# Setting defaults.
+@ARGV = ("-") unless @ARGV != 0;
+$options{e} = ".tsr" unless defined($options{e});
+
+# Processing requests.
+my $curl = create_curl $options{h};
+undef $/;   # For reading whole files.
+REQUEST: foreach (@ARGV) {
+    my $input = $_;
+    my ($base, $path) = fileparse($input, '\.[^.]*');
+    my $output_base = $base . $options{e};
+    my $output = defined($options{o}) ? $options{o} : $path . $output_base;
+
+    STDERR->printflush("$input: ") if $options{v};
+    # Read request.
+    my $body;
+    if ($input eq "-") {
+	# Read the request from STDIN;
+	$body = <STDIN>;
+    } else {
+	# Read the request from file.
+        open INPUT, "<" . $input
+	    or warn("$input: could not open input file: $!\n"), next REQUEST;
+        $body = <INPUT>;
+        close INPUT
+	    or warn("$input: could not close input file: $!\n"), next REQUEST;
+    }
+
+    # Send request.
+    STDERR->printflush("sending request") if $options{v};
+
+    my ($ts_body, $error) = get_timestamp $curl, \$body;
+    if (defined($error)) {
+	die "$input: fatal error: $error\n";
+    }
+    STDERR->printflush(", reply received") if $options{v};
+
+    # Write response.
+    if ($output eq "-") {
+	# Write to STDOUT.
+        print $ts_body;
+    } else {
+	# Write to file.
+        open OUTPUT, ">", $output
+	    or warn("$output: could not open output file: $!\n"), next REQUEST;
+        print OUTPUT $ts_body;
+        close OUTPUT
+	    or warn("$output: could not close output file: $!\n"), next REQUEST;
+    }
+    STDERR->printflush(", $output written.\n") if $options{v};
+}
+$curl->cleanup();
--- a/c_rehash.cmake
+++ b/c_rehash.cmake
@ -0,0 +1,228 @@
+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Perl c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+
+my $dir = "@OPENSSLDIR@";
+my $prefix = "@CMAKE_INSTALL_PREFIX@";
+
+my $errorcount = 0;
+my $openssl = $ENV{OPENSSL} || "openssl";
+my $pwd;
+my $x509hash = "-subject_hash";
+my $crlhash = "-hash";
+my $verbose = 0;
+my $symlink_exists=eval {symlink("",""); 1};
+my $removelinks = 1;
+
+##  Parse flags.
+while ( $ARGV[0] =~ /^-/ ) {
+    my $flag = shift @ARGV;
+    last if ( $flag eq '--');
+    if ( $flag eq '-old') {
+	    $x509hash = "-subject_hash_old";
+	    $crlhash = "-hash_old";
+    } elsif ( $flag eq '-h' || $flag eq '-help' ) {
+	    help();
+    } elsif ( $flag eq '-n' ) {
+	    $removelinks = 0;
+    } elsif ( $flag eq '-v' ) {
+	    $verbose++;
+    }
+    else {
+	    print STDERR "Usage error; try -h.\n";
+	    exit 1;
+    }
+}
+
+sub help {
+	print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n";
+	print "   -old use old-style digest\n";
+	print "   -h or -help print this help text\n";
+	print "   -v print files removed and linked\n";
+	exit 0;
+}
+
+eval "require Cwd";
+if (defined(&Cwd::getcwd)) {
+	$pwd=Cwd::getcwd();
+} else {
+	$pwd=`pwd`;
+	chomp($pwd);
+}
+
+# DOS/Win32 or Unix delimiter?  Prefix our installdir, then search.
+my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
+$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
+
+if (! -x $openssl) {
+	my $found = 0;
+	foreach (split /$path_delim/, $ENV{PATH}) {
+		if (-x "$_/$openssl") {
+			$found = 1;
+			$openssl = "$_/$openssl";
+			last;
+		}	
+	}
+	if ($found == 0) {
+		print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
+		exit 0;
+	}
+}
+
+if (@ARGV) {
+	@dirlist = @ARGV;
+} elsif ($ENV{SSL_CERT_DIR}) {
+	@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
+} else {
+	$dirlist[0] = "$dir/certs";
+}
+
+if (-d $dirlist[0]) {
+	chdir $dirlist[0];
+	$openssl="$pwd/$openssl" if (!-x $openssl);
+	chdir $pwd;
+}
+
+foreach (@dirlist) {
+	if (-d $_ ) {
+            if ( -w $_) {
+		hash_dir($_);
+            } else {
+                print "Skipping $_, can't write\n";
+                $errorcount++;
+            }
+	}
+}
+exit($errorcount);
+
+sub hash_dir {
+	my %hashlist;
+	print "Doing $_[0]\n";
+	chdir $_[0];
+	opendir(DIR, ".");
+	my @flist = sort readdir(DIR);
+	closedir DIR;
+	if ( $removelinks ) {
+		# Delete any existing symbolic links
+		foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
+			if (-l $_) {
+				print "unlink $_" if $verbose;
+				unlink $_ || warn "Can't unlink $_, $!\n";
+			}
+		}
+	}
+	FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
+		# Check to see if certificates and/or CRLs present.
+		my ($cert, $crl) = check_file($fname);
+		if (!$cert && !$crl) {
+			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
+			next;
+		}
+		link_hash_cert($fname) if ($cert);
+		link_hash_crl($fname) if ($crl);
+	}
+}
+
+sub check_file {
+	my ($is_cert, $is_crl) = (0,0);
+	my $fname = $_[0];
+	open IN, $fname;
+	while(<IN>) {
+		if (/^-----BEGIN (.*)-----/) {
+			my $hdr = $1;
+			if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
+				$is_cert = 1;
+				last if ($is_crl);
+			} elsif ($hdr eq "X509 CRL") {
+				$is_crl = 1;
+				last if ($is_cert);
+			}
+		}
+	}
+	close IN;
+	return ($is_cert, $is_crl);
+}
+
+
+# Link a certificate to its subject name hash value, each hash is of
+# the form <hash>.<n> where n is an integer. If the hash value already exists
+# then we need to up the value of n, unless its a duplicate in which
+# case we skip the link. We check for duplicates by comparing the
+# certificate fingerprints
+
+sub link_hash_cert {
+		my $fname = $_[0];
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
+		chomp $hash;
+		chomp $fprint;
+		$fprint =~ s/^.*=//;
+		$fprint =~ tr/://d;
+		my $suffix = 0;
+		# Search for an unused hash filename
+		while(exists $hashlist{"$hash.$suffix"}) {
+			# Hash matches: if fingerprint matches its a duplicate cert
+			if ($hashlist{"$hash.$suffix"} eq $fprint) {
+				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
+				return;
+			}
+			$suffix++;
+		}
+		$hash .= ".$suffix";
+		if ($symlink_exists) {
+			print "link $fname -> $hash\n" if $verbose;
+			symlink $fname, $hash || warn "Can't symlink, $!";
+		} else {
+			print "copy $fname -> $hash\n" if $verbose;
+                        if (open($in, "<", $fname)) {
+                            if (open($out,">", $hash)) {
+                                print $out $_ while (<$in>);
+                                close $out;
+                            } else {
+                                warn "can't open $hash for write, $!";
+                            }
+                            close $in;
+                        } else {
+                            warn "can't open $fname for read, $!";
+                        }
+		}
+		$hashlist{$hash} = $fprint;
+}
+
+# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+
+sub link_hash_crl {
+		my $fname = $_[0];
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+		chomp $hash;
+		chomp $fprint;
+		$fprint =~ s/^.*=//;
+		$fprint =~ tr/://d;
+		my $suffix = 0;
+		# Search for an unused hash filename
+		while(exists $hashlist{"$hash.r$suffix"}) {
+			# Hash matches: if fingerprint matches its a duplicate cert
+			if ($hashlist{"$hash.r$suffix"} eq $fprint) {
+				print STDERR "WARNING: Skipping duplicate CRL $fname\n";
+				return;
+			}
+			$suffix++;
+		}
+		$hash .= ".r$suffix";
+		if ($symlink_exists) {
+			print "link $fname -> $hash\n" if $verbose;
+			symlink $fname, $hash || warn "Can't symlink, $!";
+		} else {
+			print "cp $fname -> $hash\n" if $verbose;
+			system ("cp", $fname, $hash);
+                        warn "Can't copy, $!" if ($? >> 8) != 0;
+		}
+		$hashlist{$hash} = $fprint;
+}
--- a/cmake/toolchain-mingw32.cmake
+++ b/cmake/toolchain-mingw32.cmake
@ -0,0 +1,34 @@
+
+# This is a CMake toolchain file so we can using Mingw to build Windows32 binaries.
+# http://vtk.org/Wiki/CMake_Cross_Compiling
+
+# usage
+# cmake -DCMAKE_TOOLCHAIN_FILE=./toolchain-mingw32.cmake ../
+
+set( CMAKE_SYSTEM_NAME Windows )
+set( CMAKE_SYSTEM_PROCESSOR i686 )
+
+#-----<configuration>-----------------------------------------------
+
+# configure only the lines within this <configure> block, typically
+
+set( TC_PATH /usr/bin )
+set( CROSS_COMPILE i686-w64-mingw32- )
+
+# specify the cross compiler
+set( CMAKE_C_COMPILER   ${TC_PATH}/${CROSS_COMPILE}gcc )
+set( CMAKE_CXX_COMPILER ${TC_PATH}/${CROSS_COMPILE}g++ )
+set( CMAKE_RC_COMPILER  ${TC_PATH}/${CROSS_COMPILE}windres )
+
+# where is the target environment
+set( CMAKE_FIND_ROOT_PATH /usr/i686-w64-mingw32 )
+
+#-----</configuration>-----------------------------------------------
+
+# search for programs in the build host directories
+set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER )
+
+# for libraries and headers in the target directories
+set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY )
+set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY )
+
--- a/cmake/toolchain-mingw64.cmake
+++ b/cmake/toolchain-mingw64.cmake
@ -0,0 +1,35 @@
+
+# This is a CMake toolchain file so we can run Mingw64 to build a Windows64 binaries.
+# http://vtk.org/Wiki/CMake_Cross_Compiling
+
+# usage
+# cmake -DCMAKE_TOOLCHAIN_FILE=./toolchain-mingw64.cmake ../
+
+
+set( CMAKE_SYSTEM_NAME Windows )
+set( CMAKE_SYSTEM_PROCESSOR x86_64 )
+
+#-----<configuration>-----------------------------------------------
+
+# configure only the lines within this <configure> block, typically
+
+set( TC_PATH /usr/bin )
+set( CROSS_COMPILE x86_64-w64-mingw32- )
+
+# specify the cross compiler
+set( CMAKE_C_COMPILER   ${TC_PATH}/${CROSS_COMPILE}gcc )
+set( CMAKE_CXX_COMPILER ${TC_PATH}/${CROSS_COMPILE}g++ )
+set( CMAKE_RC_COMPILER  ${TC_PATH}/${CROSS_COMPILE}windres )
+
+# where is the target environment
+set( CMAKE_FIND_ROOT_PATH /usr/x86_64-w64-mingw32 )
+
+#-----</configuration>-----------------------------------------------
+
+# search for programs in the build host directories
+set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER )
+
+# for libraries and headers in the target directories
+set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY )
+set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY )
+
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@ -0,0 +1,272 @@
+# Based on original work by David Manura
+# Copyright (C) 2007-2012 LuaDist.
+# Copyright (C) 2013 Brian Sidebotham
+
+# Redistribution and use of this file is allowed according to the terms of the
+# MIT license.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+
+include( CMakeParseArguments )
+
+file( READ ${PROJECT_SOURCE_DIR}/opensslconf.h.cmake CONF )
+
+set( CONF "
+#define OPENSSL_NO_MD2
+#define OPENSSL_NO_RC5
+#define OPENSSL_NO_RFC3779
+#define OPENSSL_NO_EC_NISTP_64_GCC_128
+${CONF}" )
+file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/opensslconf.h.cmake "${CONF}" )
+
+#~2DO: set BUILDINF_DATE to `date LC_ALL=C LC_TIME=C`
+configure_file ( buildinf.h.cmake buildinf.h )
+
+if ( APPLE )
+  set( DSO_EXTENSION ".dylib" )
+elseif ( WIN32 )
+  set( DSO_EXTENSION ".dll" )
+else()
+  set( DSO_EXTENSION ".so" )
+endif()
+
+configure_file( ${CMAKE_CURRENT_BINARY_DIR}/opensslconf.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/openssl/opensslconf.h )
+configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/bn_conf.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/internal/bn_conf.h )
+configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/dso_conf.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/internal/dso_conf.h )
+
+set( LIBSRC
+  cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c init.c mem.c mem_clr.c mem_dbg.c mem_sec.c o_dir.c o_fips.c
+  o_fopen.c o_init.c o_str.c o_time.c uid.c )
+
+include_directories( BEFORE SYSTEM include modes )
+
+if( BUILD_SHARED_LIBS )
+  add_definitions( -DOPENSSL_BUILD_SHLIBCRYPTO )
+endif()
+
+macro( add_submodule dir )
+    set( options )
+    set( oneValueArgs )
+    set( multiValueArgs EXHEADERS )
+    cmake_parse_arguments( add_submodule "" "" "${multiValueArgs}" ${ARGN} )
+
+    #message( STATUS "{dir} ${dir}" )
+    #message( STATUS "{add_submodule_UNPARSED_ARGUMENTS} ${add_submodule_UNPARSED_ARGUMENTS}" )
+    foreach( name ${add_submodule_UNPARSED_ARGUMENTS} )
+        set( LIBSRC ${LIBSRC} ${dir}/${name} )
+    endforeach( name )
+
+    #message( STATUS "{add_submodule_EXHEADERS} ${add_submodule_EXHEADERS}" )
+    foreach( name ${add_submodule_EXHEADERS} )
+        set( EXHEADERS ${EXHEADERS} ${name} )
+    endforeach( name )
+
+endmacro( add_submodule )
+
+add_submodule ( aes aes_cbc.c aes_cfb.c aes_core.c aes_ecb.c aes_ige.c aes_misc.c aes_ofb.c
+  aes_wrap.c EXHEADERS aes.h )
+
+add_submodule ( asn1 a_bitstr.c a_d2i_fp.c a_digest.c a_dup.c a_gentm.c a_i2d_fp.c a_int.c
+  a_mbstr.c a_object.c a_octet.c a_print.c a_sign.c a_strex.c a_strnid.c a_time.c a_type.c
+  a_utctm.c a_utf8.c a_verify.c ameth_lib.c asn1_err.c asn1_gen.c asn1_lib.c asn1_par.c
+  asn_mime.c asn_moid.c asn_mstbl.c asn_pack.c bio_asn1.c bio_ndef.c d2i_pr.c d2i_pu.c
+  evp_asn1.c f_int.c f_string.c i2d_pr.c i2d_pu.c n_pkey.c nsseq.c p5_pbe.c p5_pbev2.c
+  p5_scrypt.c p8_pkey.c t_bitst.c t_pkey.c t_spki.c tasn_dec.c tasn_enc.c tasn_fre.c
+  tasn_new.c tasn_prn.c tasn_scn.c tasn_typ.c tasn_utl.c x_algor.c x_bignum.c x_info.c
+  x_int64.c x_long.c x_pkey.c x_sig.c x_spki.c x_val.c )
+
+add_submodule ( async async.c async_err.c async_wait.c
+  arch/async_null.c arch/async_posix.c arch/async_win.c )
+
+add_submodule ( bf bf_cfb64.c bf_ecb.c bf_enc.c bf_ofb64.c bf_skey.c )
+
+add_submodule ( bio b_addr.c b_dump.c b_print.c b_sock.c b_sock2.c bf_buff.c #bf_lbuf.c
+  bf_nbio.c bf_null.c bio_cb.c bio_err.c bio_lib.c bio_meth.c bss_acpt.c bss_bio.c
+  bss_conn.c bss_dgram.c bss_fd.c bss_file.c bss_log.c bss_mem.c bss_null.c bss_sock.c )
+
+add_submodule ( blake2 blake2b.c blake2s.c m_blake2b.c m_blake2s.c )
+
+add_submodule ( bn bn_add.c bn_asm.c bn_blind.c bn_const.c bn_ctx.c bn_depr.c bn_dh.c
+  bn_div.c bn_err.c bn_exp.c bn_exp2.c bn_gcd.c bn_gf2m.c bn_intern.c bn_kron.c bn_lib.c
+  bn_mod.c bn_mont.c bn_mpi.c bn_mul.c bn_nist.c bn_prime.c bn_print.c bn_rand.c bn_recp.c
+  bn_shift.c bn_sqr.c bn_sqrt.c bn_srp.c bn_word.c bn_x931p.c )
+
+add_submodule ( buffer buf_err.c buffer.c )
+
+add_submodule ( camellia camellia.c cmll_cbc.c cmll_cfb.c cmll_ctr.c cmll_ecb.c
+  cmll_misc.c cmll_ofb.c )
+
+add_submodule ( cast c_cfb64.c c_ecb.c c_enc.c c_ofb64.c c_skey.c )
+
+add_submodule ( chacha chacha_enc.c )
+
+add_submodule ( cmac cm_ameth.c cm_pmeth.c cmac.c )
+
+add_submodule ( cms cms_asn1.c cms_att.c cms_cd.c cms_dd.c cms_enc.c cms_env.c cms_err.c
+  cms_ess.c cms_io.c cms_kari.c cms_lib.c cms_pwri.c cms_sd.c cms_smime.c )
+
+add_submodule ( comp c_zlib.c comp_err.c comp_lib.c )
+
+add_submodule ( conf conf_api.c conf_def.c conf_err.c conf_lib.c conf_mall.c conf_mod.c
+  conf_sap.c conf_ssl.c )
+
+add_submodule ( ct ct_b64.c ct_err.c ct_log.c ct_oct.c ct_policy.c ct_prn.c ct_sct.c
+  ct_sct_ctx.c ct_vfy.c ct_x509v3.c )
+
+add_submodule ( des cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c des_enc.c
+  ecb3_enc.c ecb_enc.c fcrypt.c fcrypt_b.c ofb64ede.c ofb64enc.c ofb_enc.c pcbc_enc.c
+  qud_cksm.c rand_key.c rpc_enc.c set_key.c str2key.c xcbc_enc.c )
+
+add_submodule ( dh dh_ameth.c dh_asn1.c dh_check.c dh_depr.c dh_err.c dh_gen.c dh_kdf.c
+  dh_key.c dh_lib.c dh_meth.c dh_pmeth.c dh_prn.c dh_rfc5114.c )
+
+add_submodule ( dsa dsa_ameth.c dsa_asn1.c dsa_depr.c dsa_err.c dsa_gen.c dsa_key.c
+  dsa_lib.c dsa_meth.c dsa_ossl.c dsa_pmeth.c dsa_prn.c dsa_sign.c dsa_vrf.c )
+
+add_submodule ( dso dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_openssl.c dso_vms.c
+  dso_win32.c )
+
+add_submodule ( ec curve25519.c ec2_mult.c ec2_oct.c ec2_smpl.c ec_ameth.c ec_asn1.c
+  ec_check.c ec_curve.c ec_cvt.c ec_err.c ec_key.c ec_kmeth.c ec_lib.c ec_mult.c
+  ec_oct.c ec_pmeth.c ec_print.c ecdh_kdf.c ecdh_ossl.c ecdsa_ossl.c ecdsa_sign.c
+  ecdsa_vrf.c eck_prn.c ecp_mont.c ecp_nist.c ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c
+  ecp_nistputil.c ecp_oct.c ecp_smpl.c ecx_meth.c )
+
+add_submodule ( engine eng_all.c eng_cnf.c eng_cryptodev.c eng_ctrl.c eng_dyn.c eng_err.c
+  eng_fat.c eng_init.c eng_lib.c eng_list.c eng_openssl.c eng_pkey.c eng_rdrand.c
+  eng_table.c tb_asnmth.c tb_cipher.c tb_dh.c tb_digest.c tb_dsa.c tb_eckey.c tb_pkmeth.c
+  tb_rand.c tb_rsa.c )
+
+add_submodule ( err err.c err_all.c err_prn.c )
+
+add_submodule ( evp bio_b64.c bio_enc.c bio_md.c bio_ok.c c_allc.c c_alld.c cmeth_lib.c
+  digest.c e_aes.c e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_bf.c e_camellia.c
+  e_cast.c e_chacha20_poly1305.c e_des.c e_des3.c e_idea.c e_null.c e_old.c e_rc2.c
+  e_rc4.c e_rc4_hmac_md5.c e_rc5.c e_seed.c e_xcbc_d.c encode.c evp_cnf.c evp_enc.c
+  evp_err.c evp_key.c evp_lib.c evp_pbe.c evp_pkey.c m_md2.c m_md4.c m_md5.c m_md5_sha1.c
+  m_mdc2.c m_null.c m_ripemd.c m_sha1.c m_sigver.c m_wp.c names.c p5_crpt.c p5_crpt2.c
+  p_dec.c p_enc.c p_lib.c p_open.c p_seal.c p_sign.c p_verify.c pmeth_fn.c pmeth_gn.c
+  pmeth_lib.c scrypt.c )
+
+add_submodule ( hmac hm_ameth.c hm_pmeth.c hmac.c )
+
+add_submodule ( idea i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c )
+
+add_submodule ( kdf hkdf.c kdf_err.c tls1_prf.c )
+
+add_submodule ( lhash lh_stats.c lhash.c )
+
+add_submodule ( md4 md4_dgst.c md4_one.c )
+
+add_submodule ( md5 md5_dgst.c md5_one.c )
+
+add_submodule ( mdc2 mdc2_one.c mdc2dgst.c )
+
+add_submodule ( modes cbc128.c ccm128.c cfb128.c ctr128.c cts128.c gcm128.c ocb128.c
+  ofb128.c wrap128.c xts128.c )
+
+add_submodule ( objects o_names.c obj_dat.c obj_err.c obj_lib.c obj_xref.c )
+
+add_submodule ( ocsp ocsp_asn.c ocsp_cl.c ocsp_err.c ocsp_ext.c ocsp_ht.c ocsp_lib.c
+  ocsp_prn.c ocsp_srv.c ocsp_vfy.c v3_ocsp.c )
+
+add_submodule ( pem pem_all.c pem_err.c pem_info.c pem_lib.c pem_oth.c pem_pk8.c pem_pkey.c
+  pem_sign.c pem_x509.c pem_xaux.c pvkfmt.c )
+
+add_submodule ( pkcs12 p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c
+  p12_init.c p12_key.c p12_kiss.c p12_mutl.c p12_npas.c p12_p8d.c p12_p8e.c p12_sbag.c
+  p12_utl.c pk12err.c )
+
+add_submodule ( pkcs7 bio_pk7.c pk7_asn1.c pk7_attr.c pk7_doit.c pk7_lib.c pk7_mime.c
+  pk7_smime.c pkcs7err.c )
+
+add_submodule ( poly1305 poly1305.c )
+
+add_submodule ( rand md_rand.c rand_egd.c rand_err.c rand_lib.c rand_unix.c rand_vms.c
+ rand_win.c randfile.c )
+
+add_submodule ( rc2 rc2_cbc.c rc2_ecb.c rc2_skey.c rc2cfb64.c rc2ofb64.c )
+
+add_submodule ( rc4 rc4_enc.c rc4_skey.c )
+
+add_submodule ( ripemd rmd_dgst.c rmd_one.c )
+
+add_submodule ( rsa rsa_ameth.c rsa_asn1.c rsa_chk.c rsa_crpt.c rsa_depr.c rsa_err.c
+  rsa_gen.c rsa_lib.c rsa_meth.c rsa_none.c rsa_null.c rsa_oaep.c rsa_ossl.c rsa_pk1.c
+  rsa_pmeth.c rsa_prn.c rsa_pss.c rsa_saos.c rsa_sign.c rsa_ssl.c rsa_x931.c rsa_x931g.c )
+
+add_submodule ( seed seed.c seed_cbc.c seed_cfb.c seed_ecb.c seed_ofb.c )
+
+add_submodule ( sha sha1_one.c sha1dgst.c sha256.c sha512.c )
+
+add_submodule ( srp srp_lib.c srp_vfy.c )
+
+add_submodule ( stack stack.c )
+
+add_submodule ( ts ts_asn1.c ts_conf.c ts_err.c ts_lib.c ts_req_print.c ts_req_utils.c
+  ts_rsp_print.c ts_rsp_sign.c ts_rsp_utils.c ts_rsp_verify.c ts_verify_ctx.c )
+
+add_submodule ( txt_db txt_db.c )
+
+add_submodule ( ui ui_err.c ui_lib.c ui_openssl.c ui_util.c )
+
+add_submodule ( whrlpool wp_block.c wp_dgst.c )
+
+add_submodule ( x509 by_dir.c by_file.c t_crl.c t_req.c t_x509.c x509_att.c x509_cmp.c
+  x509_d2.c x509_def.c x509_err.c x509_ext.c x509_lu.c x509_meth.c x509_obj.c x509_r2x.c
+  x509_req.c x509_set.c x509_trs.c x509_txt.c x509_v3.c x509_vfy.c x509_vpm.c x509cset.c
+  x509name.c x509rset.c x509spki.c x509type.c x_all.c x_attrib.c x_crl.c x_exten.c x_name.c
+  x_pubkey.c x_req.c x_x509.c x_x509a.c )
+
+add_submodule ( x509v3 pcy_cache.c pcy_data.c pcy_lib.c pcy_map.c pcy_node.c pcy_tree.c
+  v3_addr.c v3_akey.c v3_akeya.c v3_alt.c v3_asid.c v3_bcons.c v3_bitst.c v3_conf.c v3_cpols.c
+  v3_crld.c v3_enum.c v3_extku.c v3_genn.c v3_ia5.c v3_info.c v3_int.c v3_lib.c v3_ncons.c
+  v3_pci.c v3_pcia.c v3_pcons.c v3_pku.c v3_pmaps.c v3_prn.c v3_purp.c v3_skey.c v3_sxnet.c
+  v3_tlsf.c v3_utl.c v3err.c )
+
+set( CMAKE_THREAD_PREFER_PTHREAD TRUE )
+find_package ( Threads )
+if( NOT Threads_FOUND )
+  add_submodule ( . threads_none.c )
+elseif( WIN32 )
+  add_submodule ( . threads_win.c )
+else()
+  add_submodule ( . threads_pthread.c )
+endif()
+
+if( ANDROID )
+  add_library( crypto SHARED ${LIBSRC} ${OBJECTS_SRC} )
+else()
+  add_library( crypto ${LIBSRC} ${OBJECTS_SRC} )
+endif()
+
+if( WIN32 AND NOT CYGWIN )
+  target_link_libraries( crypto ws2_32 crypt32 )
+elseif( Threads_FOUND )
+  target_link_libraries( crypto ${CMAKE_THREAD_LIBS_INIT} )
+endif()
+
+set_target_properties( crypto PROPERTIES
+  VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}" )
+
+install( TARGETS crypto
+    RUNTIME DESTINATION bin
+    LIBRARY DESTINATION lib
+    ARCHIVE DESTINATION lib )
--- a/crypto/bn_conf.h.cmake
+++ b/crypto/bn_conf.h.cmake
@ -0,0 +1,26 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_CONF_H
+# define HEADER_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#cmakedefine SIXTY_FOUR_BIT_LONG
+#cmakedefine SIXTY_FOUR_BIT
+#cmakedefine THIRTY_TWO_BIT
+
+#endif
--- a/crypto/buildinf.h.cmake
+++ b/crypto/buildinf.h.cmake
@ -0,0 +1,4 @@
+/* auto-generated for crypto/cversion.c */
+#define CFLAGS "@CMAKE_C_COMPILER@ @CMAKE_C_FLAGS@"
+#define PLATFORM "@CMAKE_SYSTEM_NAME@"
+#define DATE "@BUILDINF_DATE@"
--- a/crypto/dso_conf.h.cmake
+++ b/crypto/dso_conf.h.cmake
@ -0,0 +1,14 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSO_CONF_H
+# define HEADER_DSO_CONF_H
+
+# define DSO_EXTENSION "@DSO_EXTENSION@"
+#endif
--- a/opensslconf.h.cmake
+++ b/opensslconf.h.cmake
@ -0,0 +1,178 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+* OpenSSL was configured with the following options:
+*/
+
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_ASM
+# define OPENSSL_NO_ASM
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# if defined(OPENSSL_NO_DEPRECATED)
+#  define DECLARE_DEPRECATED(f)
+# else
+#  define DECLARE_DEPRECATED(f)   f;
+#  ifdef __GNUC__
+#   if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#    undef DECLARE_DEPRECATED
+#    define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#   endif
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#cmakedefine OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+#undef BN_LLONG
+/* Only one for the following should be defined */
+#undef SIXTY_FOUR_BIT_LONG
+#cmakedefine SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#cmakedefine SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#cmakedefine THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
+
+#ifdef  __cplusplus
+}
+#endif
--- a/ssl/CMakeLists.txt
+++ b/ssl/CMakeLists.txt
@ -0,0 +1,53 @@
+# Based on original work by David Manura
+# Copyright (C) 2007-2012 LuaDist.
+# Copyright (C) 2013 Brian Sidebotham
+
+# Redistribution and use of this file is allowed according to the terms of the
+# MIT license.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+if( BUILD_SHARED_LIBS )
+    add_definitions ( -DOPENSSL_BUILD_SHLIBSSL )
+endif()
+
+set ( LIBSRC
+  bio_ssl.c d1_lib.c d1_msg.c d1_srtp.c methods.c pqueue.c s3_cbc.c s3_enc.c s3_lib.c
+  s3_msg.c ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_conf.c ssl_err.c ssl_init.c ssl_lib.c
+  ssl_mcnf.c ssl_rsa.c ssl_sess.c ssl_stat.c ssl_txt.c ssl_utst.c t1_enc.c t1_ext.c
+  t1_lib.c t1_reneg.c t1_trce.c tls_srp.c
+  record/dtls1_bitmap.c record/rec_layer_d1.c record/rec_layer_s3.c record/ssl3_buffer.c
+  record/ssl3_record.c statem/statem.c statem/statem_clnt.c statem/statem_dtls.c
+  statem/statem_lib.c statem/statem_srvr.c
+  )
+
+if( ANDROID )
+  add_library ( ssl SHARED ${LIBSRC} )
+else()
+  add_library ( ssl ${LIBSRC} )
+endif()
+target_link_libraries ( ssl crypto )
+
+set_target_properties( ssl PROPERTIES
+  VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}" )
+
+install( TARGETS ssl
+    RUNTIME DESTINATION bin
+    LIBRARY DESTINATION lib
+    ARCHIVE DESTINATION lib )