From 6aaf7e98886869a823e749ea4aa23d06d076e935 Mon Sep 17 00:00:00 2001
From: janbar <jlbarriere68@gmail.com>
Date: Tue, 4 Sep 2018 22:03:58 +0200
Subject: [PATCH] cmake project for openssl-1.1.0
---
CMakeLists.txt | 114 ++++++++++
apps/CA.pl.cmake | 194 ++++++++++++++++
apps/CMakeLists.txt | 57 +++++
apps/progs.h.cmake | 418 ++++++++++++++++++++++++++++++++++
apps/tsget.cmake | 199 ++++++++++++++++
c_rehash.cmake | 228 +++++++++++++++++++
cmake/toolchain-mingw32.cmake | 34 +++
cmake/toolchain-mingw64.cmake | 35 +++
crypto/CMakeLists.txt | 272 ++++++++++++++++++++++
crypto/bn_conf.h.cmake | 26 +++
crypto/buildinf.h.cmake | 4 +
crypto/dso_conf.h.cmake | 14 ++
opensslconf.h.cmake | 178 +++++++++++++++
ssl/CMakeLists.txt | 53 +++++
14 files changed, 1826 insertions(+)
create mode 100644 CMakeLists.txt
create mode 100644 apps/CA.pl.cmake
create mode 100644 apps/CMakeLists.txt
create mode 100644 apps/progs.h.cmake
create mode 100644 apps/tsget.cmake
create mode 100644 c_rehash.cmake
create mode 100644 cmake/toolchain-mingw32.cmake
create mode 100644 cmake/toolchain-mingw64.cmake
create mode 100644 crypto/CMakeLists.txt
create mode 100644 crypto/bn_conf.h.cmake
create mode 100644 crypto/buildinf.h.cmake
create mode 100644 crypto/dso_conf.h.cmake
create mode 100644 opensslconf.h.cmake
create mode 100644 ssl/CMakeLists.txt
diff --git a/CMakeLists.txt b/CMakeLists.txt
new file mode 100644
index 0000000..f3a7ad7
--- /dev/null
+++ b/CMakeLists.txt
@@ -0,0 +1,114 @@
+# Based on original work by David Manura
+# Copyright (C) 2007-2012 LuaDist.
+# Copyright (C) 2013 Brian Sidebotham
+
+# Redistribution and use of this file is allowed according to the terms of the
+# MIT license.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+
+project( openssl )
+cmake_minimum_required( VERSION 3.1.0 )
+
+set( VERSION_MAJOR 1 )
+set( VERSION_MINOR 1 )
+set( VERSION_PATCH 0i )
+
+set( VERSION_STRING ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH} )
+set( LIB_VERSION ${VERSION_MAJOR}.${VERSION_MINOR} )
+set( LIB_SOVERSION ${VERSION_MAJOR}.${VERSION_MINOR} )
+
+include_directories ( BEFORE SYSTEM
+ ${CMAKE_CURRENT_BINARY_DIR}/crypto
+ ${CMAKE_CURRENT_BINARY_DIR}/ssl
+ ${CMAKE_CURRENT_BINARY_DIR}/include
+ crypto . )
+
+add_definitions( -DOPENSSL_NO_ASM )
+add_definitions( -DOPENSSL_NO_STATIC_ENGINE )
+add_definitions( "-DOPENSSLDIR=\"/usr/local/ssl\"" )
+add_definitions( "-DENGINESDIR=\"/usr/local/engines-1.1\"" )
+
+if ( APPLE )
+ set( CMAKE_MACOSX_RPATH ON )
+ add_definitions( -DOPENSSL_SYSNAME_MACOSX )
+endif()
+
+if( WIN32 AND NOT CYGWIN )
+ add_definitions( -DOPENSSL_SYSNAME_WIN32 )
+ add_definitions( -DWIN32_LEAN_AND_MEAN )
+
+ # avoid conflict: ocsp.h and wincrypt.h
+ add_definitions( -D_WINDLL )
+endif()
+
+if( MINGW )
+ set( CMAKE_SHARED_LINKER_FLAGS "-Wl,--export-all" )
+endif()
+
+include(CheckTypeSize)
+check_type_size( "long" LONG_INT )
+check_type_size( "long long" LONG_LONG_INT )
+check_type_size( "int" INT )
+if ( HAVE_LONG_INT AND (${LONG_INT} EQUAL 8) )
+ set ( SIXTY_FOUR_BIT_LONG ON )
+elseif ( HAVE_LONG_LONG_INT AND (${LONG_LONG_INT} EQUAL 8) )
+ set ( SIXTY_FOUR_BIT ON )
+else()
+ set ( THIRTY_TWO_BIT ON )
+endif()
+
+if ( WIN32 AND MINGW AND NOT CYGWIN )
+ set( OPENSSL_EXPORT_VAR_AS_FUNCTION true )
+endif()
+
+add_subdirectory( crypto )
+add_subdirectory( ssl )
+add_subdirectory( apps )
+
+file( COPY ${PROJECT_SOURCE_DIR}/include/internal DESTINATION include )
+file( COPY ${PROJECT_SOURCE_DIR}/include/openssl DESTINATION include )
+
+configure_file( ${PROJECT_SOURCE_DIR}/opensslconf.h.cmake
+ ${PROJECT_BINARY_DIR}/include/openssl/opensslconf.h )
+
+file( READ ${PROJECT_SOURCE_DIR}/c_rehash.cmake C_REHASH )
+string( REPLACE "@OPENSSLDIR@" "${OPENSSLDIR}" C_REHASH "${C_REHASH}" )
+string( REPLACE "@CMAKE_INSTALL_PREFIX@" "${CMAKE_INSTALL_PREFIX}" C_REHASH "${C_REHASH}" )
+file( WRITE ${PROJECT_BINARY_DIR}/c_rehash "${C_REHASH}" )
+
+install( DIRECTORY ${PROJECT_BINARY_DIR}/include/openssl DESTINATION include )
+
+install( FILES
+ ${PROJECT_BINARY_DIR}/c_rehash
+ FAQ LICENSE README README.ENGINE
+ DESTINATION share/openssl )
+
+install( DIRECTORY doc DESTINATION share )
+
+# Generate the package target
+set( CPACK_GENERATOR ZIP TGZ )
+set( CPACK_PACKAGE_NAME "openssl-cmake" )
+set( CPACK_PACKAGE_VERSION_MAJOR ${VERSION_MAJOR} )
+set( CPACK_PACKAGE_VERSION_MINOR ${VERSION_MINOR} )
+set( CPACK_PACKAGE_VERSION_PATCH ${VERSION_PATCH} )
+
+include( CPack )
+
diff --git a/apps/CA.pl.cmake b/apps/CA.pl.cmake
new file mode 100644
index 0000000..6244056
--- /dev/null
+++ b/apps/CA.pl.cmake
@@ -0,0 +1,194 @@
+# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# Wrapper around the ca to make it easier to use
+#
+
+use strict;
+use warnings;
+
+my $openssl = "openssl";
+if(defined $ENV{'OPENSSL'}) {
+ $openssl = $ENV{'OPENSSL'};
+} else {
+ $ENV{'OPENSSL'} = $openssl;
+}
+
+my $verbose = 1;
+
+my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
+my $DAYS = "-days 365";
+my $CADAYS = "-days 1095"; # 3 years
+my $REQ = "$openssl req $OPENSSL_CONFIG";
+my $CA = "$openssl ca $OPENSSL_CONFIG";
+my $VERIFY = "$openssl verify";
+my $X509 = "$openssl x509";
+my $PKCS12 = "$openssl pkcs12";
+
+# default openssl.cnf file has setup as per the following
+my $CATOP = "./demoCA";
+my $CAKEY = "cakey.pem";
+my $CAREQ = "careq.pem";
+my $CACERT = "cacert.pem";
+my $CACRL = "crl.pem";
+my $DIRMODE = 0777;
+
+my $NEWKEY = "newkey.pem";
+my $NEWREQ = "newreq.pem";
+my $NEWCERT = "newcert.pem";
+my $NEWP12 = "newcert.p12";
+my $RET = 0;
+my $WHAT = shift @ARGV || "";
+my $FILE;
+
+# See if reason for a CRL entry is valid; exit if not.
+sub crl_reason_ok
+{
+ my $r = shift;
+
+ if ($r eq 'unspecified' || $r eq 'keyCompromise'
+ || $r eq 'CACompromise' || $r eq 'affiliationChanged'
+ || $r eq 'superseded' || $r eq 'cessationOfOperation'
+ || $r eq 'certificateHold' || $r eq 'removeFromCRL') {
+ return 1;
+ }
+ print STDERR "Invalid CRL reason; must be one of:\n";
+ print STDERR " unspecified, keyCompromise, CACompromise,\n";
+ print STDERR " affiliationChanged, superseded, cessationOfOperation\n";
+ print STDERR " certificateHold, removeFromCRL";
+ exit 1;
+}
+
+# Copy a PEM-format file; return like exit status (zero means ok)
+sub copy_pemfile
+{
+ my ($infile, $outfile, $bound) = @_;
+ my $found = 0;
+
+ open IN, $infile || die "Cannot open $infile, $!";
+ open OUT, ">$outfile" || die "Cannot write to $outfile, $!";
+ while (<IN>) {
+ $found = 1 if /^-----BEGIN.*$bound/;
+ print OUT $_ if $found;
+ $found = 2, last if /^-----END.*$bound/;
+ }
+ close IN;
+ close OUT;
+ return $found == 2 ? 0 : 1;
+}
+
+# Wrapper around system; useful for debugging. Returns just the exit status
+sub run
+{
+ my $cmd = shift;
+ print "====\n$cmd\n" if $verbose;
+ my $status = system($cmd);
+ print "==> $status\n====\n" if $verbose;
+ return $status >> 8;
+}
+
+
+if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
+ print STDERR " CA -pkcs12 [certname]\n";
+ print STDERR " CA -crl|-revoke cert-filename [reason]\n";
+ exit 0;
+}
+if ($WHAT eq '-newcert' ) {
+ # create a certificate
+ $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS");
+ print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-newreq' ) {
+ # create a certificate request
+ $RET = run("$REQ -new -keyout $NEWKEY -out $NEWREQ $DAYS");
+ print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-newreq-nodes' ) {
+ # create a certificate request
+ $RET = run("$REQ -new -nodes -keyout $NEWKEY -out $NEWREQ $DAYS");
+ print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
+} elsif ($WHAT eq '-newca' ) {
+ # create the directory hierarchy
+ mkdir ${CATOP}, $DIRMODE;
+ mkdir "${CATOP}/certs", $DIRMODE;
+ mkdir "${CATOP}/crl", $DIRMODE ;
+ mkdir "${CATOP}/newcerts", $DIRMODE;
+ mkdir "${CATOP}/private", $DIRMODE;
+ open OUT, ">${CATOP}/index.txt";
+ close OUT;
+ open OUT, ">${CATOP}/crlnumber";
+ print OUT "01\n";
+ close OUT;
+ # ask user for existing CA certificate
+ print "CA certificate filename (or enter to create)\n";
+ $FILE = "" unless defined($FILE = <STDIN>);
+ $FILE =~ s{\R$}{};
+ if ($FILE ne "") {
+ copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+ copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+ } else {
+ print "Making CA certificate ...\n";
+ $RET = run("$REQ -new -keyout"
+ . " ${CATOP}/private/$CAKEY"
+ . " -out ${CATOP}/$CAREQ");
+ $RET = run("$CA -create_serial"
+ . " -out ${CATOP}/$CACERT $CADAYS -batch"
+ . " -keyfile ${CATOP}/private/$CAKEY -selfsign"
+ . " -extensions v3_ca"
+ . " -infiles ${CATOP}/$CAREQ") if $RET == 0;
+ print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
+ }
+} elsif ($WHAT eq '-pkcs12' ) {
+ my $cname = $ARGV[0];
+ $cname = "My Certificate" unless defined $cname;
+ $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
+ . " -certfile ${CATOP}/$CACERT"
+ . " -out $NEWP12"
+ . " -export -name \"$cname\"");
+ print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
+} elsif ($WHAT eq '-xsign' ) {
+ $RET = run("$CA -policy policy_anything -infiles $NEWREQ");
+} elsif ($WHAT eq '-sign' ) {
+ $RET = run("$CA -policy policy_anything -out $NEWCERT -infiles $NEWREQ");
+ print "Signed certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-signCA' ) {
+ $RET = run("$CA -policy policy_anything -out $NEWCERT"
+ . " -extensions v3_ca -infiles $NEWREQ");
+ print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-signcert' ) {
+ $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
+ . " -out tmp.pem");
+ $RET = run("$CA -policy policy_anything -out $NEWCERT"
+ . " -infiles tmp.pem") if $RET == 0;
+ print "Signed certificate is in $NEWCERT\n" if $RET == 0;
+} elsif ($WHAT eq '-verify' ) {
+ my @files = @ARGV ? @ARGV : ( $NEWCERT );
+ my $file;
+ foreach $file (@files) {
+ my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file");
+ $RET = $status if $status != 0;
+ }
+} elsif ($WHAT eq '-crl' ) {
+ $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL");
+ print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
+} elsif ($WHAT eq '-revoke' ) {
+ my $cname = $ARGV[0];
+ if (!defined $cname) {
+ print "Certificate filename is required; reason optional.\n";
+ exit 1;
+ }
+ my $reason = $ARGV[1];
+ $reason = " -crl_reason $reason"
+ if defined $reason && crl_reason_ok($reason);
+ $RET = run("$CA -revoke \"$cname\"" . $reason);
+} else {
+ print STDERR "Unknown arg \"$WHAT\"\n";
+ print STDERR "Use -help for help.\n";
+ exit 1;
+}
+
+exit $RET;
diff --git a/apps/CMakeLists.txt b/apps/CMakeLists.txt
new file mode 100644
index 0000000..9de6660
--- /dev/null
+++ b/apps/CMakeLists.txt
@@ -0,0 +1,57 @@
+# Based on original work by David Manura
+# Copyright (C) 2007-2012 LuaDist.
+# Copyright (C) 2013 Brian Sidebotham
+
+# Redistribution and use of this file is allowed according to the terms of the
+# MIT license.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+file( READ ${CMAKE_CURRENT_SOURCE_DIR}/CA.pl.cmake CA_PL )
+file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/CA.pl "${CA_PL}" )
+
+file( READ ${CMAKE_CURRENT_SOURCE_DIR}/tsget.cmake TSGET )
+string( REPLACE "@VERSION_STRING@" "${VERSION_STRING}" TSGET "${TSGET}" )
+file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/tsget "${TSGET}" )
+
+file( READ ${CMAKE_CURRENT_SOURCE_DIR}/progs.h.cmake PROGS_H )
+file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/progs.h "${PROGS_H}" )
+
+include_directories( BEFORE SYSTEM ${CMAKE_CURRENT_BINARY_DIR} )
+
+add_definitions ( -DMONOLITH )
+
+set ( E_SRC
+ app_rand.c apps.c asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
+ dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c genpkey.c
+ genrsa.c nseq.c ocsp.c openssl.c opt.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c
+ pkeyparam.c pkeyutl.c prime.c rand.c rehash.c req.c rsa.c rsautl.c s_cb.c
+ s_client.c s_server.c s_socket.c s_time.c sess_id.c smime.c speed.c spkac.c srp.c
+ ts.c verify.c version.c x509.c )
+
+add_executable ( openssl ${E_SRC} )
+target_link_libraries ( openssl crypto ssl )
+
+install( TARGETS openssl
+ RUNTIME DESTINATION bin )
+
+install( FILES
+ ${CMAKE_CURRENT_BINARY_DIR}/CA.pl
+ ${CMAKE_CURRENT_BINARY_DIR}/tsget
+ DESTINATION share/openssl )
diff --git a/apps/progs.h.cmake b/apps/progs.h.cmake
new file mode 100644
index 0000000..6f7ebc3
--- /dev/null
+++ b/apps/progs.h.cmake
@@ -0,0 +1,418 @@
+/*
+ * WARNING: do not edit!
+ * Generated by apps/progs.pl
+ *
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef enum FUNC_TYPE {
+ FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
+ FT_md_alg, FT_cipher_alg
+} FUNC_TYPE;
+
+typedef struct function_st {
+ FUNC_TYPE type;
+ const char *name;
+ int (*func)(int argc, char *argv[]);
+ const OPTIONS *help;
+} FUNCTION;
+
+DEFINE_LHASH_OF(FUNCTION);
+
+extern int asn1parse_main(int argc, char *argv[]);
+extern int ca_main(int argc, char *argv[]);
+extern int ciphers_main(int argc, char *argv[]);
+extern int cms_main(int argc, char *argv[]);
+extern int crl_main(int argc, char *argv[]);
+extern int crl2pkcs7_main(int argc, char *argv[]);
+extern int dgst_main(int argc, char *argv[]);
+extern int dhparam_main(int argc, char *argv[]);
+extern int dsa_main(int argc, char *argv[]);
+extern int dsaparam_main(int argc, char *argv[]);
+extern int ec_main(int argc, char *argv[]);
+extern int ecparam_main(int argc, char *argv[]);
+extern int enc_main(int argc, char *argv[]);
+extern int engine_main(int argc, char *argv[]);
+extern int errstr_main(int argc, char *argv[]);
+extern int exit_main(int argc, char *argv[]);
+extern int gendsa_main(int argc, char *argv[]);
+extern int genpkey_main(int argc, char *argv[]);
+extern int genrsa_main(int argc, char *argv[]);
+extern int help_main(int argc, char *argv[]);
+extern int list_main(int argc, char *argv[]);
+extern int nseq_main(int argc, char *argv[]);
+extern int ocsp_main(int argc, char *argv[]);
+extern int passwd_main(int argc, char *argv[]);
+extern int pkcs12_main(int argc, char *argv[]);
+extern int pkcs7_main(int argc, char *argv[]);
+extern int pkcs8_main(int argc, char *argv[]);
+extern int pkey_main(int argc, char *argv[]);
+extern int pkeyparam_main(int argc, char *argv[]);
+extern int pkeyutl_main(int argc, char *argv[]);
+extern int prime_main(int argc, char *argv[]);
+extern int rand_main(int argc, char *argv[]);
+extern int rehash_main(int argc, char *argv[]);
+extern int req_main(int argc, char *argv[]);
+extern int rsa_main(int argc, char *argv[]);
+extern int rsautl_main(int argc, char *argv[]);
+extern int s_client_main(int argc, char *argv[]);
+extern int s_server_main(int argc, char *argv[]);
+extern int s_time_main(int argc, char *argv[]);
+extern int sess_id_main(int argc, char *argv[]);
+extern int smime_main(int argc, char *argv[]);
+extern int speed_main(int argc, char *argv[]);
+extern int spkac_main(int argc, char *argv[]);
+extern int srp_main(int argc, char *argv[]);
+extern int ts_main(int argc, char *argv[]);
+extern int verify_main(int argc, char *argv[]);
+extern int version_main(int argc, char *argv[]);
+extern int x509_main(int argc, char *argv[]);
+
+extern OPTIONS asn1parse_options[];
+extern OPTIONS ca_options[];
+extern OPTIONS ciphers_options[];
+extern OPTIONS cms_options[];
+extern OPTIONS crl_options[];
+extern OPTIONS crl2pkcs7_options[];
+extern OPTIONS dgst_options[];
+extern OPTIONS dhparam_options[];
+extern OPTIONS dsa_options[];
+extern OPTIONS dsaparam_options[];
+extern OPTIONS ec_options[];
+extern OPTIONS ecparam_options[];
+extern OPTIONS enc_options[];
+extern OPTIONS engine_options[];
+extern OPTIONS errstr_options[];
+extern OPTIONS exit_options[];
+extern OPTIONS gendsa_options[];
+extern OPTIONS genpkey_options[];
+extern OPTIONS genrsa_options[];
+extern OPTIONS help_options[];
+extern OPTIONS list_options[];
+extern OPTIONS nseq_options[];
+extern OPTIONS ocsp_options[];
+extern OPTIONS passwd_options[];
+extern OPTIONS pkcs12_options[];
+extern OPTIONS pkcs7_options[];
+extern OPTIONS pkcs8_options[];
+extern OPTIONS pkey_options[];
+extern OPTIONS pkeyparam_options[];
+extern OPTIONS pkeyutl_options[];
+extern OPTIONS prime_options[];
+extern OPTIONS rand_options[];
+extern OPTIONS rehash_options[];
+extern OPTIONS req_options[];
+extern OPTIONS rsa_options[];
+extern OPTIONS rsautl_options[];
+extern OPTIONS s_client_options[];
+extern OPTIONS s_server_options[];
+extern OPTIONS s_time_options[];
+extern OPTIONS sess_id_options[];
+extern OPTIONS smime_options[];
+extern OPTIONS speed_options[];
+extern OPTIONS spkac_options[];
+extern OPTIONS srp_options[];
+extern OPTIONS ts_options[];
+extern OPTIONS verify_options[];
+extern OPTIONS version_options[];
+extern OPTIONS x509_options[];
+
+#ifdef INCLUDE_FUNCTION_TABLE
+static FUNCTION functions[] = {
+ { FT_general, "asn1parse", asn1parse_main, asn1parse_options },
+ { FT_general, "ca", ca_main, ca_options },
+#ifndef OPENSSL_NO_SOCK
+ { FT_general, "ciphers", ciphers_main, ciphers_options },
+#endif
+#ifndef OPENSSL_NO_CMS
+ { FT_general, "cms", cms_main, cms_options },
+#endif
+ { FT_general, "crl", crl_main, crl_options },
+ { FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options },
+ { FT_general, "dgst", dgst_main, dgst_options },
+#ifndef OPENSSL_NO_DH
+ { FT_general, "dhparam", dhparam_main, dhparam_options },
+#endif
+#ifndef OPENSSL_NO_DSA
+ { FT_general, "dsa", dsa_main, dsa_options },
+#endif
+#ifndef OPENSSL_NO_DSA
+ { FT_general, "dsaparam", dsaparam_main, dsaparam_options },
+#endif
+#ifndef OPENSSL_NO_EC
+ { FT_general, "ec", ec_main, ec_options },
+#endif
+#ifndef OPENSSL_NO_EC
+ { FT_general, "ecparam", ecparam_main, ecparam_options },
+#endif
+ { FT_general, "enc", enc_main, enc_options },
+#ifndef OPENSSL_NO_ENGINE
+ { FT_general, "engine", engine_main, engine_options },
+#endif
+ { FT_general, "errstr", errstr_main, errstr_options },
+ { FT_general, "exit", exit_main, exit_options },
+#ifndef OPENSSL_NO_DSA
+ { FT_general, "gendsa", gendsa_main, gendsa_options },
+#endif
+ { FT_general, "genpkey", genpkey_main, genpkey_options },
+#ifndef OPENSSL_NO_RSA
+ { FT_general, "genrsa", genrsa_main, genrsa_options },
+#endif
+ { FT_general, "help", help_main, help_options },
+ { FT_general, "list", list_main, list_options },
+ { FT_general, "nseq", nseq_main, nseq_options },
+#ifndef OPENSSL_NO_OCSP
+ { FT_general, "ocsp", ocsp_main, ocsp_options },
+#endif
+ { FT_general, "passwd", passwd_main, passwd_options },
+#ifndef OPENSSL_NO_DES
+ { FT_general, "pkcs12", pkcs12_main, pkcs12_options },
+#endif
+ { FT_general, "pkcs7", pkcs7_main, pkcs7_options },
+ { FT_general, "pkcs8", pkcs8_main, pkcs8_options },
+ { FT_general, "pkey", pkey_main, pkey_options },
+ { FT_general, "pkeyparam", pkeyparam_main, pkeyparam_options },
+ { FT_general, "pkeyutl", pkeyutl_main, pkeyutl_options },
+ { FT_general, "prime", prime_main, prime_options },
+ { FT_general, "rand", rand_main, rand_options },
+ { FT_general, "rehash", rehash_main, rehash_options },
+ { FT_general, "req", req_main, req_options },
+ { FT_general, "rsa", rsa_main, rsa_options },
+#ifndef OPENSSL_NO_RSA
+ { FT_general, "rsautl", rsautl_main, rsautl_options },
+#endif
+#ifndef OPENSSL_NO_SOCK
+ { FT_general, "s_client", s_client_main, s_client_options },
+#endif
+#ifndef OPENSSL_NO_SOCK
+ { FT_general, "s_server", s_server_main, s_server_options },
+#endif
+#ifndef OPENSSL_NO_SOCK
+ { FT_general, "s_time", s_time_main, s_time_options },
+#endif
+ { FT_general, "sess_id", sess_id_main, sess_id_options },
+ { FT_general, "smime", smime_main, smime_options },
+ { FT_general, "speed", speed_main, speed_options },
+ { FT_general, "spkac", spkac_main, spkac_options },
+#ifndef OPENSSL_NO_SRP
+ { FT_general, "srp", srp_main, srp_options },
+#endif
+#ifndef OPENSSL_NO_TS
+ { FT_general, "ts", ts_main, ts_options },
+#endif
+ { FT_general, "verify", verify_main, verify_options },
+ { FT_general, "version", version_main, version_options },
+ { FT_general, "x509", x509_main, x509_options },
+#ifndef OPENSSL_NO_MD2
+ { FT_md, "md2", dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD4
+ { FT_md, "md4", dgst_main},
+#endif
+ { FT_md, "md5", dgst_main},
+#ifndef OPENSSL_NO_GOST
+ { FT_md, "gost", dgst_main},
+#endif
+ { FT_md, "sha1", dgst_main},
+ { FT_md, "sha224", dgst_main},
+ { FT_md, "sha256", dgst_main},
+ { FT_md, "sha384", dgst_main},
+ { FT_md, "sha512", dgst_main},
+#ifndef OPENSSL_NO_MDC2
+ { FT_md, "mdc2", dgst_main},
+#endif
+#ifndef OPENSSL_NO_RMD160
+ { FT_md, "rmd160", dgst_main},
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+ { FT_md, "blake2b512", dgst_main},
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+ { FT_md, "blake2s256", dgst_main},
+#endif
+ { FT_cipher, "aes-128-cbc", enc_main, enc_options },
+ { FT_cipher, "aes-128-ecb", enc_main, enc_options },
+ { FT_cipher, "aes-192-cbc", enc_main, enc_options },
+ { FT_cipher, "aes-192-ecb", enc_main, enc_options },
+ { FT_cipher, "aes-256-cbc", enc_main, enc_options },
+ { FT_cipher, "aes-256-ecb", enc_main, enc_options },
+#ifndef OPENSSL_NO_CAMELLIA
+ { FT_cipher, "camellia-128-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ { FT_cipher, "camellia-128-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ { FT_cipher, "camellia-192-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ { FT_cipher, "camellia-192-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ { FT_cipher, "camellia-256-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ { FT_cipher, "camellia-256-ecb", enc_main, enc_options },
+#endif
+ { FT_cipher, "base64", enc_main, enc_options },
+#ifdef ZLIB
+ { FT_cipher, "zlib", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des3", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "desx", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_IDEA
+ { FT_cipher, "idea", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_SEED
+ { FT_cipher, "seed", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC4
+ { FT_cipher, "rc4", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC4
+ { FT_cipher, "rc4-40", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+ { FT_cipher, "rc2", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_BF
+ { FT_cipher, "bf", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAST
+ { FT_cipher, "cast", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC5
+ { FT_cipher, "rc5", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des-ede", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des-ede3", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des-ede-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des-ede3-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des-ede-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des-ede3-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des-ede-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_DES
+ { FT_cipher, "des-ede3-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_IDEA
+ { FT_cipher, "idea-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_IDEA
+ { FT_cipher, "idea-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_IDEA
+ { FT_cipher, "idea-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_IDEA
+ { FT_cipher, "idea-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_SEED
+ { FT_cipher, "seed-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_SEED
+ { FT_cipher, "seed-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_SEED
+ { FT_cipher, "seed-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_SEED
+ { FT_cipher, "seed-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+ { FT_cipher, "rc2-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+ { FT_cipher, "rc2-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+ { FT_cipher, "rc2-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+ { FT_cipher, "rc2-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+ { FT_cipher, "rc2-64-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC2
+ { FT_cipher, "rc2-40-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_BF
+ { FT_cipher, "bf-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_BF
+ { FT_cipher, "bf-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_BF
+ { FT_cipher, "bf-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_BF
+ { FT_cipher, "bf-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAST
+ { FT_cipher, "cast5-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAST
+ { FT_cipher, "cast5-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAST
+ { FT_cipher, "cast5-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAST
+ { FT_cipher, "cast5-ofb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_CAST
+ { FT_cipher, "cast-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC5
+ { FT_cipher, "rc5-cbc", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC5
+ { FT_cipher, "rc5-ecb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC5
+ { FT_cipher, "rc5-cfb", enc_main, enc_options },
+#endif
+#ifndef OPENSSL_NO_RC5
+ { FT_cipher, "rc5-ofb", enc_main, enc_options },
+#endif
+ { 0, NULL, NULL}
+};
+#endif
diff --git a/apps/tsget.cmake b/apps/tsget.cmake
new file mode 100644
index 0000000..9fb7866
--- /dev/null
+++ b/apps/tsget.cmake
@@ -0,0 +1,199 @@
+# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
+# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use IO::Handle;
+use Getopt::Std;
+use File::Basename;
+use WWW::Curl::Easy;
+
+use vars qw(%options);
+
+# Callback for reading the body.
+sub read_body {
+ my ($maxlength, $state) = @_;
+ my $return_data = "";
+ my $data_len = length ${$state->{data}};
+ if ($state->{bytes} < $data_len) {
+ $data_len = $data_len - $state->{bytes};
+ $data_len = $maxlength if $data_len > $maxlength;
+ $return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
+ $state->{bytes} += $data_len;
+ }
+ return $return_data;
+}
+
+# Callback for writing the body into a variable.
+sub write_body {
+ my ($data, $pointer) = @_;
+ ${$pointer} .= $data;
+ return length($data);
+}
+
+# Initialise a new Curl object.
+sub create_curl {
+ my $url = shift;
+
+ # Create Curl object.
+ my $curl = WWW::Curl::Easy::new();
+
+ # Error-handling related options.
+ $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
+ $curl->setopt(CURLOPT_FAILONERROR, 1);
+ $curl->setopt(CURLOPT_USERAGENT,
+ "OpenTSA tsget.pl/openssl-@VERSION_STRING@");
+
+ # Options for POST method.
+ $curl->setopt(CURLOPT_UPLOAD, 1);
+ $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
+ $curl->setopt(CURLOPT_HTTPHEADER,
+ ["Content-Type: application/timestamp-query",
+ "Accept: application/timestamp-reply,application/timestamp-response"]);
+ $curl->setopt(CURLOPT_READFUNCTION, \&read_body);
+ $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
+
+ # Options for getting the result.
+ $curl->setopt(CURLOPT_WRITEFUNCTION, \&write_body);
+
+ # SSL related options.
+ $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM");
+ $curl->setopt(CURLOPT_SSL_VERIFYPEER, 1); # Verify server's certificate.
+ $curl->setopt(CURLOPT_SSL_VERIFYHOST, 2); # Check server's CN.
+ $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k});
+ $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p});
+ $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c});
+ $curl->setopt(CURLOPT_CAINFO, $options{C}) if defined($options{C});
+ $curl->setopt(CURLOPT_CAPATH, $options{P}) if defined($options{P});
+ $curl->setopt(CURLOPT_RANDOM_FILE, $options{r}) if defined($options{r});
+ $curl->setopt(CURLOPT_EGDSOCKET, $options{g}) if defined($options{g});
+
+ # Setting destination.
+ $curl->setopt(CURLOPT_URL, $url);
+
+ return $curl;
+}
+
+# Send a request and returns the body back.
+sub get_timestamp {
+ my $curl = shift;
+ my $body = shift;
+ my $ts_body;
+ local $::error_buf;
+
+ # Error-handling related options.
+ $curl->setopt(CURLOPT_ERRORBUFFER, "::error_buf");
+
+ # Options for POST method.
+ $curl->setopt(CURLOPT_INFILE, {data => $body, bytes => 0});
+ $curl->setopt(CURLOPT_INFILESIZE, length(${$body}));
+
+ # Options for getting the result.
+ $curl->setopt(CURLOPT_FILE, \$ts_body);
+
+ # Send the request...
+ my $error_code = $curl->perform();
+ my $error_string;
+ if ($error_code != 0) {
+ my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE);
+ $error_string = "could not get timestamp";
+ $error_string .= ", http code: $http_code" unless $http_code == 0;
+ $error_string .= ", curl code: $error_code";
+ $error_string .= " ($::error_buf)" if defined($::error_buf);
+ } else {
+ my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
+ if (lc($ct) ne "application/timestamp-reply"
+ && lc($ct) ne "application/timestamp-response") {
+ $error_string = "unexpected content type returned: $ct";
+ }
+ }
+ return ($ts_body, $error_string);
+
+}
+
+# Print usage information and exists.
+sub usage {
+
+ print STDERR "usage: $0 -h <server_url> [-e <extension>] [-o <output>] ";
+ print STDERR "[-v] [-d] [-k <private_key.pem>] [-p <key_password>] ";
+ print STDERR "[-c <client_cert.pem>] [-C <CA_certs.pem>] [-P <CA_path>] ";
+ print STDERR "[-r <file:file...>] [-g <EGD_socket>] [<request>]...\n";
+ exit 1;
+}
+
+# ----------------------------------------------------------------------
+# Main program
+# ----------------------------------------------------------------------
+
+# Getting command-line options (default comes from TSGET environment variable).
+my $getopt_arg = "h:e:o:vdk:p:c:C:P:r:g:";
+if (exists $ENV{TSGET}) {
+ my @old_argv = @ARGV;
+ @ARGV = split /\s+/, $ENV{TSGET};
+ getopts($getopt_arg, \%options) or usage;
+ @ARGV = @old_argv;
+}
+getopts($getopt_arg, \%options) or usage;
+
+# Checking argument consistency.
+if (!exists($options{h}) || (@ARGV == 0 && !exists($options{o}))
+ || (@ARGV > 1 && exists($options{o}))) {
+ print STDERR "Inconsistent command line options.\n";
+ usage;
+}
+# Setting defaults.
+@ARGV = ("-") unless @ARGV != 0;
+$options{e} = ".tsr" unless defined($options{e});
+
+# Processing requests.
+my $curl = create_curl $options{h};
+undef $/; # For reading whole files.
+REQUEST: foreach (@ARGV) {
+ my $input = $_;
+ my ($base, $path) = fileparse($input, '\.[^.]*');
+ my $output_base = $base . $options{e};
+ my $output = defined($options{o}) ? $options{o} : $path . $output_base;
+
+ STDERR->printflush("$input: ") if $options{v};
+ # Read request.
+ my $body;
+ if ($input eq "-") {
+ # Read the request from STDIN;
+ $body = <STDIN>;
+ } else {
+ # Read the request from file.
+ open INPUT, "<" . $input
+ or warn("$input: could not open input file: $!\n"), next REQUEST;
+ $body = <INPUT>;
+ close INPUT
+ or warn("$input: could not close input file: $!\n"), next REQUEST;
+ }
+
+ # Send request.
+ STDERR->printflush("sending request") if $options{v};
+
+ my ($ts_body, $error) = get_timestamp $curl, \$body;
+ if (defined($error)) {
+ die "$input: fatal error: $error\n";
+ }
+ STDERR->printflush(", reply received") if $options{v};
+
+ # Write response.
+ if ($output eq "-") {
+ # Write to STDOUT.
+ print $ts_body;
+ } else {
+ # Write to file.
+ open OUTPUT, ">", $output
+ or warn("$output: could not open output file: $!\n"), next REQUEST;
+ print OUTPUT $ts_body;
+ close OUTPUT
+ or warn("$output: could not close output file: $!\n"), next REQUEST;
+ }
+ STDERR->printflush(", $output written.\n") if $options{v};
+}
+$curl->cleanup();
diff --git a/c_rehash.cmake b/c_rehash.cmake
new file mode 100644
index 0000000..06110c8
--- /dev/null
+++ b/c_rehash.cmake
@@ -0,0 +1,228 @@
+# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Perl c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+
+my $dir = "@OPENSSLDIR@";
+my $prefix = "@CMAKE_INSTALL_PREFIX@";
+
+my $errorcount = 0;
+my $openssl = $ENV{OPENSSL} || "openssl";
+my $pwd;
+my $x509hash = "-subject_hash";
+my $crlhash = "-hash";
+my $verbose = 0;
+my $symlink_exists=eval {symlink("",""); 1};
+my $removelinks = 1;
+
+## Parse flags.
+while ( $ARGV[0] =~ /^-/ ) {
+ my $flag = shift @ARGV;
+ last if ( $flag eq '--');
+ if ( $flag eq '-old') {
+ $x509hash = "-subject_hash_old";
+ $crlhash = "-hash_old";
+ } elsif ( $flag eq '-h' || $flag eq '-help' ) {
+ help();
+ } elsif ( $flag eq '-n' ) {
+ $removelinks = 0;
+ } elsif ( $flag eq '-v' ) {
+ $verbose++;
+ }
+ else {
+ print STDERR "Usage error; try -h.\n";
+ exit 1;
+ }
+}
+
+sub help {
+ print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n";
+ print " -old use old-style digest\n";
+ print " -h or -help print this help text\n";
+ print " -v print files removed and linked\n";
+ exit 0;
+}
+
+eval "require Cwd";
+if (defined(&Cwd::getcwd)) {
+ $pwd=Cwd::getcwd();
+} else {
+ $pwd=`pwd`;
+ chomp($pwd);
+}
+
+# DOS/Win32 or Unix delimiter? Prefix our installdir, then search.
+my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
+$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
+
+if (! -x $openssl) {
+ my $found = 0;
+ foreach (split /$path_delim/, $ENV{PATH}) {
+ if (-x "$_/$openssl") {
+ $found = 1;
+ $openssl = "$_/$openssl";
+ last;
+ }
+ }
+ if ($found == 0) {
+ print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
+ exit 0;
+ }
+}
+
+if (@ARGV) {
+ @dirlist = @ARGV;
+} elsif ($ENV{SSL_CERT_DIR}) {
+ @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
+} else {
+ $dirlist[0] = "$dir/certs";
+}
+
+if (-d $dirlist[0]) {
+ chdir $dirlist[0];
+ $openssl="$pwd/$openssl" if (!-x $openssl);
+ chdir $pwd;
+}
+
+foreach (@dirlist) {
+ if (-d $_ ) {
+ if ( -w $_) {
+ hash_dir($_);
+ } else {
+ print "Skipping $_, can't write\n";
+ $errorcount++;
+ }
+ }
+}
+exit($errorcount);
+
+sub hash_dir {
+ my %hashlist;
+ print "Doing $_[0]\n";
+ chdir $_[0];
+ opendir(DIR, ".");
+ my @flist = sort readdir(DIR);
+ closedir DIR;
+ if ( $removelinks ) {
+ # Delete any existing symbolic links
+ foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
+ if (-l $_) {
+ print "unlink $_" if $verbose;
+ unlink $_ || warn "Can't unlink $_, $!\n";
+ }
+ }
+ }
+ FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
+ # Check to see if certificates and/or CRLs present.
+ my ($cert, $crl) = check_file($fname);
+ if (!$cert && !$crl) {
+ print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
+ next;
+ }
+ link_hash_cert($fname) if ($cert);
+ link_hash_crl($fname) if ($crl);
+ }
+}
+
+sub check_file {
+ my ($is_cert, $is_crl) = (0,0);
+ my $fname = $_[0];
+ open IN, $fname;
+ while(<IN>) {
+ if (/^-----BEGIN (.*)-----/) {
+ my $hdr = $1;
+ if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
+ $is_cert = 1;
+ last if ($is_crl);
+ } elsif ($hdr eq "X509 CRL") {
+ $is_crl = 1;
+ last if ($is_cert);
+ }
+ }
+ }
+ close IN;
+ return ($is_cert, $is_crl);
+}
+
+
+# Link a certificate to its subject name hash value, each hash is of
+# the form <hash>.<n> where n is an integer. If the hash value already exists
+# then we need to up the value of n, unless its a duplicate in which
+# case we skip the link. We check for duplicates by comparing the
+# certificate fingerprints
+
+sub link_hash_cert {
+ my $fname = $_[0];
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
+ chomp $hash;
+ chomp $fprint;
+ $fprint =~ s/^.*=//;
+ $fprint =~ tr/://d;
+ my $suffix = 0;
+ # Search for an unused hash filename
+ while(exists $hashlist{"$hash.$suffix"}) {
+ # Hash matches: if fingerprint matches its a duplicate cert
+ if ($hashlist{"$hash.$suffix"} eq $fprint) {
+ print STDERR "WARNING: Skipping duplicate certificate $fname\n";
+ return;
+ }
+ $suffix++;
+ }
+ $hash .= ".$suffix";
+ if ($symlink_exists) {
+ print "link $fname -> $hash\n" if $verbose;
+ symlink $fname, $hash || warn "Can't symlink, $!";
+ } else {
+ print "copy $fname -> $hash\n" if $verbose;
+ if (open($in, "<", $fname)) {
+ if (open($out,">", $hash)) {
+ print $out $_ while (<$in>);
+ close $out;
+ } else {
+ warn "can't open $hash for write, $!";
+ }
+ close $in;
+ } else {
+ warn "can't open $fname for read, $!";
+ }
+ }
+ $hashlist{$hash} = $fprint;
+}
+
+# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+
+sub link_hash_crl {
+ my $fname = $_[0];
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+ chomp $hash;
+ chomp $fprint;
+ $fprint =~ s/^.*=//;
+ $fprint =~ tr/://d;
+ my $suffix = 0;
+ # Search for an unused hash filename
+ while(exists $hashlist{"$hash.r$suffix"}) {
+ # Hash matches: if fingerprint matches its a duplicate cert
+ if ($hashlist{"$hash.r$suffix"} eq $fprint) {
+ print STDERR "WARNING: Skipping duplicate CRL $fname\n";
+ return;
+ }
+ $suffix++;
+ }
+ $hash .= ".r$suffix";
+ if ($symlink_exists) {
+ print "link $fname -> $hash\n" if $verbose;
+ symlink $fname, $hash || warn "Can't symlink, $!";
+ } else {
+ print "cp $fname -> $hash\n" if $verbose;
+ system ("cp", $fname, $hash);
+ warn "Can't copy, $!" if ($? >> 8) != 0;
+ }
+ $hashlist{$hash} = $fprint;
+}
diff --git a/cmake/toolchain-mingw32.cmake b/cmake/toolchain-mingw32.cmake
new file mode 100644
index 0000000..cbfb7af
--- /dev/null
+++ b/cmake/toolchain-mingw32.cmake
@@ -0,0 +1,34 @@
+
+# This is a CMake toolchain file so we can using Mingw to build Windows32 binaries.
+# http://vtk.org/Wiki/CMake_Cross_Compiling
+
+# usage
+# cmake -DCMAKE_TOOLCHAIN_FILE=./toolchain-mingw32.cmake ../
+
+set( CMAKE_SYSTEM_NAME Windows )
+set( CMAKE_SYSTEM_PROCESSOR i686 )
+
+#-----<configuration>-----------------------------------------------
+
+# configure only the lines within this <configure> block, typically
+
+set( TC_PATH /usr/bin )
+set( CROSS_COMPILE i686-w64-mingw32- )
+
+# specify the cross compiler
+set( CMAKE_C_COMPILER ${TC_PATH}/${CROSS_COMPILE}gcc )
+set( CMAKE_CXX_COMPILER ${TC_PATH}/${CROSS_COMPILE}g++ )
+set( CMAKE_RC_COMPILER ${TC_PATH}/${CROSS_COMPILE}windres )
+
+# where is the target environment
+set( CMAKE_FIND_ROOT_PATH /usr/i686-w64-mingw32 )
+
+#-----</configuration>-----------------------------------------------
+
+# search for programs in the build host directories
+set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER )
+
+# for libraries and headers in the target directories
+set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY )
+set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY )
+
diff --git a/cmake/toolchain-mingw64.cmake b/cmake/toolchain-mingw64.cmake
new file mode 100644
index 0000000..bf4a366
--- /dev/null
+++ b/cmake/toolchain-mingw64.cmake
@@ -0,0 +1,35 @@
+
+# This is a CMake toolchain file so we can run Mingw64 to build a Windows64 binaries.
+# http://vtk.org/Wiki/CMake_Cross_Compiling
+
+# usage
+# cmake -DCMAKE_TOOLCHAIN_FILE=./toolchain-mingw64.cmake ../
+
+
+set( CMAKE_SYSTEM_NAME Windows )
+set( CMAKE_SYSTEM_PROCESSOR x86_64 )
+
+#-----<configuration>-----------------------------------------------
+
+# configure only the lines within this <configure> block, typically
+
+set( TC_PATH /usr/bin )
+set( CROSS_COMPILE x86_64-w64-mingw32- )
+
+# specify the cross compiler
+set( CMAKE_C_COMPILER ${TC_PATH}/${CROSS_COMPILE}gcc )
+set( CMAKE_CXX_COMPILER ${TC_PATH}/${CROSS_COMPILE}g++ )
+set( CMAKE_RC_COMPILER ${TC_PATH}/${CROSS_COMPILE}windres )
+
+# where is the target environment
+set( CMAKE_FIND_ROOT_PATH /usr/x86_64-w64-mingw32 )
+
+#-----</configuration>-----------------------------------------------
+
+# search for programs in the build host directories
+set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER )
+
+# for libraries and headers in the target directories
+set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY )
+set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY )
+
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
new file mode 100644
index 0000000..4e64932
--- /dev/null
+++ b/crypto/CMakeLists.txt
@@ -0,0 +1,272 @@
+# Based on original work by David Manura
+# Copyright (C) 2007-2012 LuaDist.
+# Copyright (C) 2013 Brian Sidebotham
+
+# Redistribution and use of this file is allowed according to the terms of the
+# MIT license.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+
+include( CMakeParseArguments )
+
+file( READ ${PROJECT_SOURCE_DIR}/opensslconf.h.cmake CONF )
+
+set( CONF "
+#define OPENSSL_NO_MD2
+#define OPENSSL_NO_RC5
+#define OPENSSL_NO_RFC3779
+#define OPENSSL_NO_EC_NISTP_64_GCC_128
+${CONF}" )
+file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/opensslconf.h.cmake "${CONF}" )
+
+#~2DO: set BUILDINF_DATE to `date LC_ALL=C LC_TIME=C`
+configure_file ( buildinf.h.cmake buildinf.h )
+
+if ( APPLE )
+ set( DSO_EXTENSION ".dylib" )
+elseif ( WIN32 )
+ set( DSO_EXTENSION ".dll" )
+else()
+ set( DSO_EXTENSION ".so" )
+endif()
+
+configure_file( ${CMAKE_CURRENT_BINARY_DIR}/opensslconf.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/openssl/opensslconf.h )
+configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/bn_conf.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/internal/bn_conf.h )
+configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/dso_conf.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/internal/dso_conf.h )
+
+set( LIBSRC
+ cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c init.c mem.c mem_clr.c mem_dbg.c mem_sec.c o_dir.c o_fips.c
+ o_fopen.c o_init.c o_str.c o_time.c uid.c )
+
+include_directories( BEFORE SYSTEM include modes )
+
+if( BUILD_SHARED_LIBS )
+ add_definitions( -DOPENSSL_BUILD_SHLIBCRYPTO )
+endif()
+
+macro( add_submodule dir )
+ set( options )
+ set( oneValueArgs )
+ set( multiValueArgs EXHEADERS )
+ cmake_parse_arguments( add_submodule "" "" "${multiValueArgs}" ${ARGN} )
+
+ #message( STATUS "{dir} ${dir}" )
+ #message( STATUS "{add_submodule_UNPARSED_ARGUMENTS} ${add_submodule_UNPARSED_ARGUMENTS}" )
+ foreach( name ${add_submodule_UNPARSED_ARGUMENTS} )
+ set( LIBSRC ${LIBSRC} ${dir}/${name} )
+ endforeach( name )
+
+ #message( STATUS "{add_submodule_EXHEADERS} ${add_submodule_EXHEADERS}" )
+ foreach( name ${add_submodule_EXHEADERS} )
+ set( EXHEADERS ${EXHEADERS} ${name} )
+ endforeach( name )
+
+endmacro( add_submodule )
+
+add_submodule ( aes aes_cbc.c aes_cfb.c aes_core.c aes_ecb.c aes_ige.c aes_misc.c aes_ofb.c
+ aes_wrap.c EXHEADERS aes.h )
+
+add_submodule ( asn1 a_bitstr.c a_d2i_fp.c a_digest.c a_dup.c a_gentm.c a_i2d_fp.c a_int.c
+ a_mbstr.c a_object.c a_octet.c a_print.c a_sign.c a_strex.c a_strnid.c a_time.c a_type.c
+ a_utctm.c a_utf8.c a_verify.c ameth_lib.c asn1_err.c asn1_gen.c asn1_lib.c asn1_par.c
+ asn_mime.c asn_moid.c asn_mstbl.c asn_pack.c bio_asn1.c bio_ndef.c d2i_pr.c d2i_pu.c
+ evp_asn1.c f_int.c f_string.c i2d_pr.c i2d_pu.c n_pkey.c nsseq.c p5_pbe.c p5_pbev2.c
+ p5_scrypt.c p8_pkey.c t_bitst.c t_pkey.c t_spki.c tasn_dec.c tasn_enc.c tasn_fre.c
+ tasn_new.c tasn_prn.c tasn_scn.c tasn_typ.c tasn_utl.c x_algor.c x_bignum.c x_info.c
+ x_int64.c x_long.c x_pkey.c x_sig.c x_spki.c x_val.c )
+
+add_submodule ( async async.c async_err.c async_wait.c
+ arch/async_null.c arch/async_posix.c arch/async_win.c )
+
+add_submodule ( bf bf_cfb64.c bf_ecb.c bf_enc.c bf_ofb64.c bf_skey.c )
+
+add_submodule ( bio b_addr.c b_dump.c b_print.c b_sock.c b_sock2.c bf_buff.c #bf_lbuf.c
+ bf_nbio.c bf_null.c bio_cb.c bio_err.c bio_lib.c bio_meth.c bss_acpt.c bss_bio.c
+ bss_conn.c bss_dgram.c bss_fd.c bss_file.c bss_log.c bss_mem.c bss_null.c bss_sock.c )
+
+add_submodule ( blake2 blake2b.c blake2s.c m_blake2b.c m_blake2s.c )
+
+add_submodule ( bn bn_add.c bn_asm.c bn_blind.c bn_const.c bn_ctx.c bn_depr.c bn_dh.c
+ bn_div.c bn_err.c bn_exp.c bn_exp2.c bn_gcd.c bn_gf2m.c bn_intern.c bn_kron.c bn_lib.c
+ bn_mod.c bn_mont.c bn_mpi.c bn_mul.c bn_nist.c bn_prime.c bn_print.c bn_rand.c bn_recp.c
+ bn_shift.c bn_sqr.c bn_sqrt.c bn_srp.c bn_word.c bn_x931p.c )
+
+add_submodule ( buffer buf_err.c buffer.c )
+
+add_submodule ( camellia camellia.c cmll_cbc.c cmll_cfb.c cmll_ctr.c cmll_ecb.c
+ cmll_misc.c cmll_ofb.c )
+
+add_submodule ( cast c_cfb64.c c_ecb.c c_enc.c c_ofb64.c c_skey.c )
+
+add_submodule ( chacha chacha_enc.c )
+
+add_submodule ( cmac cm_ameth.c cm_pmeth.c cmac.c )
+
+add_submodule ( cms cms_asn1.c cms_att.c cms_cd.c cms_dd.c cms_enc.c cms_env.c cms_err.c
+ cms_ess.c cms_io.c cms_kari.c cms_lib.c cms_pwri.c cms_sd.c cms_smime.c )
+
+add_submodule ( comp c_zlib.c comp_err.c comp_lib.c )
+
+add_submodule ( conf conf_api.c conf_def.c conf_err.c conf_lib.c conf_mall.c conf_mod.c
+ conf_sap.c conf_ssl.c )
+
+add_submodule ( ct ct_b64.c ct_err.c ct_log.c ct_oct.c ct_policy.c ct_prn.c ct_sct.c
+ ct_sct_ctx.c ct_vfy.c ct_x509v3.c )
+
+add_submodule ( des cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c des_enc.c
+ ecb3_enc.c ecb_enc.c fcrypt.c fcrypt_b.c ofb64ede.c ofb64enc.c ofb_enc.c pcbc_enc.c
+ qud_cksm.c rand_key.c rpc_enc.c set_key.c str2key.c xcbc_enc.c )
+
+add_submodule ( dh dh_ameth.c dh_asn1.c dh_check.c dh_depr.c dh_err.c dh_gen.c dh_kdf.c
+ dh_key.c dh_lib.c dh_meth.c dh_pmeth.c dh_prn.c dh_rfc5114.c )
+
+add_submodule ( dsa dsa_ameth.c dsa_asn1.c dsa_depr.c dsa_err.c dsa_gen.c dsa_key.c
+ dsa_lib.c dsa_meth.c dsa_ossl.c dsa_pmeth.c dsa_prn.c dsa_sign.c dsa_vrf.c )
+
+add_submodule ( dso dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_openssl.c dso_vms.c
+ dso_win32.c )
+
+add_submodule ( ec curve25519.c ec2_mult.c ec2_oct.c ec2_smpl.c ec_ameth.c ec_asn1.c
+ ec_check.c ec_curve.c ec_cvt.c ec_err.c ec_key.c ec_kmeth.c ec_lib.c ec_mult.c
+ ec_oct.c ec_pmeth.c ec_print.c ecdh_kdf.c ecdh_ossl.c ecdsa_ossl.c ecdsa_sign.c
+ ecdsa_vrf.c eck_prn.c ecp_mont.c ecp_nist.c ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c
+ ecp_nistputil.c ecp_oct.c ecp_smpl.c ecx_meth.c )
+
+add_submodule ( engine eng_all.c eng_cnf.c eng_cryptodev.c eng_ctrl.c eng_dyn.c eng_err.c
+ eng_fat.c eng_init.c eng_lib.c eng_list.c eng_openssl.c eng_pkey.c eng_rdrand.c
+ eng_table.c tb_asnmth.c tb_cipher.c tb_dh.c tb_digest.c tb_dsa.c tb_eckey.c tb_pkmeth.c
+ tb_rand.c tb_rsa.c )
+
+add_submodule ( err err.c err_all.c err_prn.c )
+
+add_submodule ( evp bio_b64.c bio_enc.c bio_md.c bio_ok.c c_allc.c c_alld.c cmeth_lib.c
+ digest.c e_aes.c e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_bf.c e_camellia.c
+ e_cast.c e_chacha20_poly1305.c e_des.c e_des3.c e_idea.c e_null.c e_old.c e_rc2.c
+ e_rc4.c e_rc4_hmac_md5.c e_rc5.c e_seed.c e_xcbc_d.c encode.c evp_cnf.c evp_enc.c
+ evp_err.c evp_key.c evp_lib.c evp_pbe.c evp_pkey.c m_md2.c m_md4.c m_md5.c m_md5_sha1.c
+ m_mdc2.c m_null.c m_ripemd.c m_sha1.c m_sigver.c m_wp.c names.c p5_crpt.c p5_crpt2.c
+ p_dec.c p_enc.c p_lib.c p_open.c p_seal.c p_sign.c p_verify.c pmeth_fn.c pmeth_gn.c
+ pmeth_lib.c scrypt.c )
+
+add_submodule ( hmac hm_ameth.c hm_pmeth.c hmac.c )
+
+add_submodule ( idea i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c )
+
+add_submodule ( kdf hkdf.c kdf_err.c tls1_prf.c )
+
+add_submodule ( lhash lh_stats.c lhash.c )
+
+add_submodule ( md4 md4_dgst.c md4_one.c )
+
+add_submodule ( md5 md5_dgst.c md5_one.c )
+
+add_submodule ( mdc2 mdc2_one.c mdc2dgst.c )
+
+add_submodule ( modes cbc128.c ccm128.c cfb128.c ctr128.c cts128.c gcm128.c ocb128.c
+ ofb128.c wrap128.c xts128.c )
+
+add_submodule ( objects o_names.c obj_dat.c obj_err.c obj_lib.c obj_xref.c )
+
+add_submodule ( ocsp ocsp_asn.c ocsp_cl.c ocsp_err.c ocsp_ext.c ocsp_ht.c ocsp_lib.c
+ ocsp_prn.c ocsp_srv.c ocsp_vfy.c v3_ocsp.c )
+
+add_submodule ( pem pem_all.c pem_err.c pem_info.c pem_lib.c pem_oth.c pem_pk8.c pem_pkey.c
+ pem_sign.c pem_x509.c pem_xaux.c pvkfmt.c )
+
+add_submodule ( pkcs12 p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c
+ p12_init.c p12_key.c p12_kiss.c p12_mutl.c p12_npas.c p12_p8d.c p12_p8e.c p12_sbag.c
+ p12_utl.c pk12err.c )
+
+add_submodule ( pkcs7 bio_pk7.c pk7_asn1.c pk7_attr.c pk7_doit.c pk7_lib.c pk7_mime.c
+ pk7_smime.c pkcs7err.c )
+
+add_submodule ( poly1305 poly1305.c )
+
+add_submodule ( rand md_rand.c rand_egd.c rand_err.c rand_lib.c rand_unix.c rand_vms.c
+ rand_win.c randfile.c )
+
+add_submodule ( rc2 rc2_cbc.c rc2_ecb.c rc2_skey.c rc2cfb64.c rc2ofb64.c )
+
+add_submodule ( rc4 rc4_enc.c rc4_skey.c )
+
+add_submodule ( ripemd rmd_dgst.c rmd_one.c )
+
+add_submodule ( rsa rsa_ameth.c rsa_asn1.c rsa_chk.c rsa_crpt.c rsa_depr.c rsa_err.c
+ rsa_gen.c rsa_lib.c rsa_meth.c rsa_none.c rsa_null.c rsa_oaep.c rsa_ossl.c rsa_pk1.c
+ rsa_pmeth.c rsa_prn.c rsa_pss.c rsa_saos.c rsa_sign.c rsa_ssl.c rsa_x931.c rsa_x931g.c )
+
+add_submodule ( seed seed.c seed_cbc.c seed_cfb.c seed_ecb.c seed_ofb.c )
+
+add_submodule ( sha sha1_one.c sha1dgst.c sha256.c sha512.c )
+
+add_submodule ( srp srp_lib.c srp_vfy.c )
+
+add_submodule ( stack stack.c )
+
+add_submodule ( ts ts_asn1.c ts_conf.c ts_err.c ts_lib.c ts_req_print.c ts_req_utils.c
+ ts_rsp_print.c ts_rsp_sign.c ts_rsp_utils.c ts_rsp_verify.c ts_verify_ctx.c )
+
+add_submodule ( txt_db txt_db.c )
+
+add_submodule ( ui ui_err.c ui_lib.c ui_openssl.c ui_util.c )
+
+add_submodule ( whrlpool wp_block.c wp_dgst.c )
+
+add_submodule ( x509 by_dir.c by_file.c t_crl.c t_req.c t_x509.c x509_att.c x509_cmp.c
+ x509_d2.c x509_def.c x509_err.c x509_ext.c x509_lu.c x509_meth.c x509_obj.c x509_r2x.c
+ x509_req.c x509_set.c x509_trs.c x509_txt.c x509_v3.c x509_vfy.c x509_vpm.c x509cset.c
+ x509name.c x509rset.c x509spki.c x509type.c x_all.c x_attrib.c x_crl.c x_exten.c x_name.c
+ x_pubkey.c x_req.c x_x509.c x_x509a.c )
+
+add_submodule ( x509v3 pcy_cache.c pcy_data.c pcy_lib.c pcy_map.c pcy_node.c pcy_tree.c
+ v3_addr.c v3_akey.c v3_akeya.c v3_alt.c v3_asid.c v3_bcons.c v3_bitst.c v3_conf.c v3_cpols.c
+ v3_crld.c v3_enum.c v3_extku.c v3_genn.c v3_ia5.c v3_info.c v3_int.c v3_lib.c v3_ncons.c
+ v3_pci.c v3_pcia.c v3_pcons.c v3_pku.c v3_pmaps.c v3_prn.c v3_purp.c v3_skey.c v3_sxnet.c
+ v3_tlsf.c v3_utl.c v3err.c )
+
+set( CMAKE_THREAD_PREFER_PTHREAD TRUE )
+find_package ( Threads )
+if( NOT Threads_FOUND )
+ add_submodule ( . threads_none.c )
+elseif( WIN32 )
+ add_submodule ( . threads_win.c )
+else()
+ add_submodule ( . threads_pthread.c )
+endif()
+
+if( ANDROID )
+ add_library( crypto SHARED ${LIBSRC} ${OBJECTS_SRC} )
+else()
+ add_library( crypto ${LIBSRC} ${OBJECTS_SRC} )
+endif()
+
+if( WIN32 AND NOT CYGWIN )
+ target_link_libraries( crypto ws2_32 crypt32 )
+elseif( Threads_FOUND )
+ target_link_libraries( crypto ${CMAKE_THREAD_LIBS_INIT} )
+endif()
+
+set_target_properties( crypto PROPERTIES
+ VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}" )
+
+install( TARGETS crypto
+ RUNTIME DESTINATION bin
+ LIBRARY DESTINATION lib
+ ARCHIVE DESTINATION lib )
diff --git a/crypto/bn_conf.h.cmake b/crypto/bn_conf.h.cmake
new file mode 100644
index 0000000..ff72889
--- /dev/null
+++ b/crypto/bn_conf.h.cmake
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_CONF_H
+# define HEADER_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#cmakedefine SIXTY_FOUR_BIT_LONG
+#cmakedefine SIXTY_FOUR_BIT
+#cmakedefine THIRTY_TWO_BIT
+
+#endif
diff --git a/crypto/buildinf.h.cmake b/crypto/buildinf.h.cmake
new file mode 100644
index 0000000..985eb73
--- /dev/null
+++ b/crypto/buildinf.h.cmake
@@ -0,0 +1,4 @@
+/* auto-generated for crypto/cversion.c */
+#define CFLAGS "@CMAKE_C_COMPILER@ @CMAKE_C_FLAGS@"
+#define PLATFORM "@CMAKE_SYSTEM_NAME@"
+#define DATE "@BUILDINF_DATE@"
diff --git a/crypto/dso_conf.h.cmake b/crypto/dso_conf.h.cmake
new file mode 100644
index 0000000..0aa7c9b
--- /dev/null
+++ b/crypto/dso_conf.h.cmake
@@ -0,0 +1,14 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSO_CONF_H
+# define HEADER_DSO_CONF_H
+
+# define DSO_EXTENSION "@DSO_EXTENSION@"
+#endif
diff --git a/opensslconf.h.cmake b/opensslconf.h.cmake
new file mode 100644
index 0000000..0947c23
--- /dev/null
+++ b/opensslconf.h.cmake
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+* OpenSSL was configured with the following options:
+*/
+
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_ASM
+# define OPENSSL_NO_ASM
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that. This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# if defined(OPENSSL_NO_DEPRECATED)
+# define DECLARE_DEPRECATED(f)
+# else
+# define DECLARE_DEPRECATED(f) f;
+# ifdef __GNUC__
+# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+# undef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
+# endif
+# endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+# define OPENSSL_FILE ""
+# define OPENSSL_LINE 0
+# else
+# define OPENSSL_FILE __FILE__
+# define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#cmakedefine OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+#undef BN_LLONG
+/* Only one for the following should be defined */
+#undef SIXTY_FOUR_BIT_LONG
+#cmakedefine SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#cmakedefine SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#cmakedefine THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt
new file mode 100644
index 0000000..148fecb
--- /dev/null
+++ b/ssl/CMakeLists.txt
@@ -0,0 +1,53 @@
+# Based on original work by David Manura
+# Copyright (C) 2007-2012 LuaDist.
+# Copyright (C) 2013 Brian Sidebotham
+
+# Redistribution and use of this file is allowed according to the terms of the
+# MIT license.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+if( BUILD_SHARED_LIBS )
+ add_definitions ( -DOPENSSL_BUILD_SHLIBSSL )
+endif()
+
+set ( LIBSRC
+ bio_ssl.c d1_lib.c d1_msg.c d1_srtp.c methods.c pqueue.c s3_cbc.c s3_enc.c s3_lib.c
+ s3_msg.c ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_conf.c ssl_err.c ssl_init.c ssl_lib.c
+ ssl_mcnf.c ssl_rsa.c ssl_sess.c ssl_stat.c ssl_txt.c ssl_utst.c t1_enc.c t1_ext.c
+ t1_lib.c t1_reneg.c t1_trce.c tls_srp.c
+ record/dtls1_bitmap.c record/rec_layer_d1.c record/rec_layer_s3.c record/ssl3_buffer.c
+ record/ssl3_record.c statem/statem.c statem/statem_clnt.c statem/statem_dtls.c
+ statem/statem_lib.c statem/statem_srvr.c
+ )
+
+if( ANDROID )
+ add_library ( ssl SHARED ${LIBSRC} )
+else()
+ add_library ( ssl ${LIBSRC} )
+endif()
+target_link_libraries ( ssl crypto )
+
+set_target_properties( ssl PROPERTIES
+ VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}" )
+
+install( TARGETS ssl
+ RUNTIME DESTINATION bin
+ LIBRARY DESTINATION lib
+ ARCHIVE DESTINATION lib )