renew cmake

2025-05-02 20:49:37 +00:00 · 2019-12-08 20:20:44 +01:00 · 2019-12-08 20:20:44 +01:00 · cfc6806d13
commit cfc6806d13
parent 7346ac238d
12 changed files with 1184 additions and 361 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -23,14 +23,16 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.
-
+set( CMAKE_LEGACY_CYGWIN_WIN32 0 )
 project( openssl )
-cmake_minimum_required( VERSION 2.8.3 )
+cmake_minimum_required( VERSION 2.8.11 )
-set(CMAKE_DISABLE_SOURCE_CHANGES ON)
+set( CMAKE_DISABLE_SOURCE_CHANGES ON )
-set(CMAKE_DISABLE_IN_SOURCE_BUILD ON)
+set( CMAKE_DISABLE_IN_SOURCE_BUILD ON )
-set(CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/cmake")
+
-option(WITH_APPS "Build applications" OFF)
+set( CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/cmake" )
 option( WITH_APPS "Build applications" OFF )
 set( VERSION_MAJOR 1  )
 set( VERSION_MINOR 0  )
@ -47,16 +49,19 @@ include_directories ( BEFORE SYSTEM
    crypto . )
 add_definitions( -DOPENSSL_NO_ASM )
 add_definitions( -DOPENSSL_NO_STATIC_ENGINE )
-if(MSVC)
+if( MSVC )
-  include(MSVCRuntime)
+  include( MSVCRuntime )
  configure_msvc_runtime()
  set( OPENSSLDIR "C:/ssl" )
  set( ENGINESDIR "C:/engines-1.0" )
 else()
  set( OPENSSLDIR "/usr/local/ssl" )
  set( ENGINESDIR "/usr/local/engines-1.0" )
 endif()
-
+add_definitions( "-DOPENSSLDIR=\"${OPENSSLDIR}\"" )
-if(WIN32)
+add_definitions( "-DENGINESDIR=\"${ENGINESDIR}\"" )
  set(CMAKE_SHARED_LIBRARY_PREFIX "lib")
  set(CMAKE_STATIC_LIBRARY_PREFIX "lib")
 endif()
 if ( APPLE )
  set( CMAKE_MACOSX_RPATH ON )
@ -68,7 +73,7 @@ if( WIN32 AND NOT CYGWIN )
  add_definitions( -DWIN32_LEAN_AND_MEAN )
  add_definitions( -D_CRT_SECURE_NO_WARNINGS )
-  if (BUILD_SHARED_LIBS)
+  if(BUILD_SHARED_LIBS)
    # avoid conflict: ocsp.h and wincrypt.h
    add_definitions( -D_WINDLL )
  endif()
@ -78,35 +83,74 @@ if( MINGW )
  set( CMAKE_SHARED_LINKER_FLAGS "-Wl,--export-all" )
 endif()
-if ( ANDROID )
+include( CheckTypeSize )
-  set ( BUILD_SHARED_LIBS ON )
+check_type_size( "long" LONG_INT )
-elseif ( IOS )
+check_type_size( "long long" LONG_LONG_INT )
-  set ( BUILD_SHARED_LIBS OFF )
+check_type_size( "int" INT )
 if( HAVE_LONG_INT AND (${LONG_INT} EQUAL 8) )
  set( SIXTY_FOUR_BIT_LONG ON )
 elseif( HAVE_LONG_LONG_INT AND (${LONG_LONG_INT} EQUAL 8) )
  set( SIXTY_FOUR_BIT ON )
 else()
  set( THIRTY_TWO_BIT ON )
 endif()
 if( MSVC OR ( WIN32 AND MINGW AND NOT CYGWIN ) )
  set( OPENSSL_EXPORT_VAR_AS_FUNCTION 1 )
 endif()
 # Begin configure public headers
 file( READ ${PROJECT_SOURCE_DIR}/opensslconf.h.cmake CONF )
 set( CONF "
 #define OPENSSL_NO_GMP
 #define OPENSSL_NO_JPAKE
 #define OPENSSL_NO_KRB5
 #define OPENSSL_NO_MD2
 #define OPENSSL_NO_RC5
 #define OPENSSL_NO_RFC3779
 #define OPENSSL_NO_STORE
 #define OPENSSL_NO_DYNAMIC_ENGINE
 #define OPENSSL_NO_SCTP
 #define OPENSSL_NO_EC_NISTP_64_GCC_128
 ${CONF}" )
 file( WRITE ${PROJECT_BINARY_DIR}/opensslconf.h.cmake "${CONF}" )
 configure_file( ${PROJECT_BINARY_DIR}/opensslconf.h.cmake
  ${PROJECT_BINARY_DIR}/include/openssl/opensslconf.h )
 # End configure public headers
 add_subdirectory( crypto )
 add_subdirectory( ssl )
-if( WITH_APPS AND NOT ANDROID AND NOT IOS )
+if(WITH_APPS AND NOT ANDROID AND NOT IOS)
-  add_subdirectory( apps )
+  add_subdirectory(apps)
 endif()
 file ( COPY e_os2.h DESTINATION ${PROJECT_BINARY_DIR}/include/openssl )
-install( DIRECTORY ${PROJECT_BINARY_DIR}/include/openssl DESTINATION include )
+file( READ ${PROJECT_SOURCE_DIR}/c_rehash.cmake C_REHASH )
 string( REPLACE "%OPENSSLDIR%" "${OPENSSLDIR}" C_REHASH "${C_REHASH}" )
 string( REPLACE "%CMAKE_INSTALL_PREFIX%" "${CMAKE_INSTALL_PREFIX}" C_REHASH "${C_REHASH}" )
 file( WRITE ${PROJECT_BINARY_DIR}/c_rehash "${C_REHASH}" )
-#install( FILES tools/c_hash tools/c_info tools/c_issuer tools/c_name tools/#c_rehash
+file( GLOB PUBLIC_HEADERS "${PROJECT_BINARY_DIR}/include/openssl/*.h" )
-#    FAQ LICENSE PROBLEMS README README.ASN1 README.ENGINE
+install( FILES ${PUBLIC_HEADERS} DESTINATION include/openssl )
-#    DESTINATION share/openssl )
+
 install( FILES
  ${PROJECT_BINARY_DIR}/c_rehash
  FAQ LICENSE README README.ENGINE
  DESTINATION share/openssl )
 install( DIRECTORY ${PROJECT_BINARY_DIR}/include/openssl DESTINATION include )
 install( DIRECTORY doc DESTINATION share )
 # Generate the package target
 set( CPACK_GENERATOR ZIP TGZ )
-set( CPACK_PACKAGE_NAME "openssl-cmake" )
+set( CPACK_PACKAGE_NAME "${CMAKE_PROJECT_NAME}" )
 set( CPACK_PACKAGE_VERSION_MAJOR ${VERSION_MAJOR} )
 set( CPACK_PACKAGE_VERSION_MINOR ${VERSION_MINOR} )
 set( CPACK_PACKAGE_VERSION_PATCH ${VERSION_PATCH} )
 set( CPACK_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME}-${VERSION_STRING}" )
 include( CPack )
--- a/apps/CA.pl.cmake
+++ b/apps/CA.pl.cmake
@ -0,0 +1,188 @@
 #!/usr/bin/perl
 #
 # CA - wrapper around ca to make it easier to use ... basically ca requires
 #      some setup stuff to be done before you can use it and this makes
 #      things easier between now and when Eric is convinced to fix it :-)
 #
 # CA -newca ... will setup the right stuff
 # CA -newreq[-nodes] ... will generate a certificate request 
 # CA -sign ... will sign the generated request and output 
 #
 # At the end of that grab newreq.pem and newcert.pem (one has the key 
 # and the other the certificate) and cat them together and that is what
 # you want/need ... I'll make even this a little cleaner later.
 #
 #
 # 12-Jan-96 tjh    Added more things ... including CA -signcert which
 #                  converts a certificate to a request and then signs it.
 # 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
 #		   environment variable so this can be driven from
 #		   a script.
 # 25-Jul-96 eay    Cleaned up filenames some more.
 # 11-Jun-96 eay    Fixed a few filename missmatches.
 # 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
 # 18-Apr-96 tjh    Original hacking
 #
 # Tim Hudson
 # tjh@cryptsoft.com
 #
 # 27-Apr-98 snh    Translation into perl, fix existing CA bug.
 #
 #
 # Steve Henson
 # shenson@bigfoot.com
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 my $openssl;
 if(defined $ENV{OPENSSL}) {
 	$openssl = $ENV{OPENSSL};
 } else {
 	$openssl = "openssl";
 	$ENV{OPENSSL} = $openssl;
 }
 $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
 $DAYS="-days 365";	# 1 year
 $CADAYS="-days 1095";	# 3 years
 $REQ="$openssl req $SSLEAY_CONFIG";
 $CA="$openssl ca $SSLEAY_CONFIG";
 $VERIFY="$openssl verify";
 $X509="$openssl x509";
 $PKCS12="$openssl pkcs12";
 $CATOP="./demoCA";
 $CAKEY="cakey.pem";
 $CAREQ="careq.pem";
 $CACERT="cacert.pem";
 $DIRMODE = 0777;
 $RET = 0;
 foreach (@ARGV) {
 	if ( /^(-\?|-h|-help)$/ ) {
 	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
 	    exit 0;
 	} elsif (/^-newcert$/) {
 	    # create a certificate
 	    system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
 	    $RET=$?;
 	    print "Certificate is in newcert.pem, private key is in newkey.pem\n"
 	} elsif (/^-newreq$/) {
 	    # create a certificate request
 	    system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
 	    $RET=$?;
 	    print "Request is in newreq.pem, private key is in newkey.pem\n";
 	} elsif (/^-newreq-nodes$/) {
 	    # create a certificate request
 	    system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
 	    $RET=$?;
 	    print "Request is in newreq.pem, private key is in newkey.pem\n";
 	} elsif (/^-newca$/) {
 		# if explicitly asked for or it doesn't exist then setup the
 		# directory structure that Eric likes to manage things 
 	    $NEW="1";
 	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {
 		# create the directory hierarchy
 		mkdir $CATOP, $DIRMODE;
 		mkdir "${CATOP}/certs", $DIRMODE;
 		mkdir "${CATOP}/crl", $DIRMODE ;
 		mkdir "${CATOP}/newcerts", $DIRMODE;
 		mkdir "${CATOP}/private", $DIRMODE;
 		open OUT, ">${CATOP}/index.txt";
 		close OUT;
 		open OUT, ">${CATOP}/crlnumber";
 		print OUT "01\n";
 		close OUT;
 	    }
 	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
 		print "CA certificate filename (or enter to create)\n";
 		$FILE = <STDIN>;
 		chop $FILE;
 		# ask user for existing CA certificate
 		if ($FILE) {
 		    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
 		    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
 		    $RET=$?;
 		} else {
 		    print "Making CA certificate ...\n";
 		    system ("$REQ -new -keyout " .
 			"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
 		    system ("$CA -create_serial " .
 			"-out ${CATOP}/$CACERT $CADAYS -batch " . 
 			"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
 			"-extensions v3_ca " .
 			"-infiles ${CATOP}/$CAREQ ");
 		    $RET=$?;
 		}
 	    }
 	} elsif (/^-pkcs12$/) {
 	    my $cname = $ARGV[1];
 	    $cname = "My Certificate" unless defined $cname;
 	    system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
 			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
 			"-export -name \"$cname\"");
 	    $RET=$?;
 	    print "PKCS #12 file is in newcert.p12\n";
 	    exit $RET;
 	} elsif (/^-xsign$/) {
 	    system ("$CA -policy policy_anything -infiles newreq.pem");
 	    $RET=$?;
 	} elsif (/^(-sign|-signreq)$/) {
 	    system ("$CA -policy policy_anything -out newcert.pem " .
 							"-infiles newreq.pem");
 	    $RET=$?;
 	    print "Signed certificate is in newcert.pem\n";
 	} elsif (/^(-signCA)$/) {
 	    system ("$CA -policy policy_anything -out newcert.pem " .
 					"-extensions v3_ca -infiles newreq.pem");
 	    $RET=$?;
 	    print "Signed CA certificate is in newcert.pem\n";
 	} elsif (/^-signcert$/) {
 	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
 								"-out tmp.pem");
 	    system ("$CA -policy policy_anything -out newcert.pem " .
 							"-infiles tmp.pem");
 	    $RET = $?;
 	    print "Signed certificate is in newcert.pem\n";
 	} elsif (/^-verify$/) {
 	    if (shift) {
 		foreach $j (@ARGV) {
 		    system ("$VERIFY -CAfile $CATOP/$CACERT $j");
 		    $RET=$? if ($? != 0);
 		}
 		exit $RET;
 	    } else {
 		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
 		    $RET=$?;
 	    	    exit 0;
 	    }
 	} else {
 	    print STDERR "Unknown arg $_\n";
 	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
 	    exit 1;
 	}
 }
 exit $RET;
 sub cp_pem {
 my ($infile, $outfile, $bound) = @_;
 open IN, $infile;
 open OUT, ">$outfile";
 my $flag = 0;
 while (<IN>) {
 	$flag = 1 if (/^-----BEGIN.*$bound/) ;
 	print OUT $_ if ($flag);
 	if (/^-----END.*$bound/) {
 		close IN;
 		close OUT;
 		return;
 	}
 }
 }
--- a/apps/CMakeLists.txt
+++ b/apps/CMakeLists.txt
@ -23,8 +23,15 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.
 file( READ ${CMAKE_CURRENT_SOURCE_DIR}/CA.pl.cmake CA_PL )
 file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/CA.pl "${CA_PL}" )
 file( READ ${CMAKE_CURRENT_SOURCE_DIR}/tsget.cmake TSGET )
 file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/tsget "${TSGET}" )
 file( READ ${CMAKE_CURRENT_SOURCE_DIR}/progs.h.cmake PROGS_H )
 file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/progs.h "${PROGS_H}" )
 include_directories ( .. ../include )
 add_definitions ( -DMONOLITH )
 set ( E_SRC openssl.c #
@ -35,6 +42,11 @@ set ( E_SRC openssl.c #
  pkeyparam.c pkeyutl.c spkac.c smime.c cms.c rand.c engine.c ocsp.c prime.c ts.c
  srp.c )
 include_directories( BEFORE SYSTEM
  ${PROJECT_SOURCE_DIR}/ # e_os.h
  ${CMAKE_CURRENT_BINARY_DIR}/ # progs.h
 )
 if ( WIN32 )
  if ( EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/winrand.c" )
    list( APPEND E_SRC winrand.c )
@ -42,9 +54,17 @@ if ( WIN32 )
 endif()
 add_executable ( openssl ${E_SRC} )
 target_link_libraries ( openssl crypto ssl )
 install( TARGETS openssl
    RUNTIME DESTINATION bin )
-install( FILES CA.sh CA.pl tsget DESTINATION share/openssl )
+install( FILES
  ${CMAKE_CURRENT_SOURCE_DIR}/openssl.cnf
  DESTINATION "${OPENSSLDIR}" )
 install( FILES
  ${CMAKE_CURRENT_BINARY_DIR}/CA.pl
  ${CMAKE_CURRENT_BINARY_DIR}/tsget
  DESTINATION share/openssl )
--- a/apps/progs.h.cmake
+++ b/apps/progs.h.cmake
@ -0,0 +1,366 @@
 /* apps/progs.h */
 /* automatically generated by progs.pl for openssl.c */
 extern int verify_main(int argc, char *argv[]);
 extern int asn1parse_main(int argc, char *argv[]);
 extern int req_main(int argc, char *argv[]);
 extern int dgst_main(int argc, char *argv[]);
 extern int dh_main(int argc, char *argv[]);
 extern int dhparam_main(int argc, char *argv[]);
 extern int enc_main(int argc, char *argv[]);
 extern int passwd_main(int argc, char *argv[]);
 extern int gendh_main(int argc, char *argv[]);
 extern int errstr_main(int argc, char *argv[]);
 extern int ca_main(int argc, char *argv[]);
 extern int crl_main(int argc, char *argv[]);
 extern int rsa_main(int argc, char *argv[]);
 extern int rsautl_main(int argc, char *argv[]);
 extern int dsa_main(int argc, char *argv[]);
 extern int dsaparam_main(int argc, char *argv[]);
 extern int ec_main(int argc, char *argv[]);
 extern int ecparam_main(int argc, char *argv[]);
 extern int x509_main(int argc, char *argv[]);
 extern int genrsa_main(int argc, char *argv[]);
 extern int gendsa_main(int argc, char *argv[]);
 extern int genpkey_main(int argc, char *argv[]);
 extern int s_server_main(int argc, char *argv[]);
 extern int s_client_main(int argc, char *argv[]);
 extern int speed_main(int argc, char *argv[]);
 extern int s_time_main(int argc, char *argv[]);
 extern int version_main(int argc, char *argv[]);
 extern int pkcs7_main(int argc, char *argv[]);
 extern int cms_main(int argc, char *argv[]);
 extern int crl2pkcs7_main(int argc, char *argv[]);
 extern int sess_id_main(int argc, char *argv[]);
 extern int ciphers_main(int argc, char *argv[]);
 extern int nseq_main(int argc, char *argv[]);
 extern int pkcs12_main(int argc, char *argv[]);
 extern int pkcs8_main(int argc, char *argv[]);
 extern int pkey_main(int argc, char *argv[]);
 extern int pkeyparam_main(int argc, char *argv[]);
 extern int pkeyutl_main(int argc, char *argv[]);
 extern int spkac_main(int argc, char *argv[]);
 extern int smime_main(int argc, char *argv[]);
 extern int rand_main(int argc, char *argv[]);
 extern int engine_main(int argc, char *argv[]);
 extern int ocsp_main(int argc, char *argv[]);
 extern int prime_main(int argc, char *argv[]);
 extern int ts_main(int argc, char *argv[]);
 extern int srp_main(int argc, char *argv[]);
 #define FUNC_TYPE_GENERAL       1
 #define FUNC_TYPE_MD            2
 #define FUNC_TYPE_CIPHER        3
 #define FUNC_TYPE_PKEY          4
 #define FUNC_TYPE_MD_ALG        5
 #define FUNC_TYPE_CIPHER_ALG    6
 typedef struct {
    int type;
    const char *name;
    int (*func)(int argc, char *argv[]);
 } FUNCTION;
 DECLARE_LHASH_OF(FUNCTION);
 FUNCTION functions[] = {
    {FUNC_TYPE_GENERAL, "verify", verify_main},
    {FUNC_TYPE_GENERAL, "asn1parse", asn1parse_main},
    {FUNC_TYPE_GENERAL, "req", req_main},
    {FUNC_TYPE_GENERAL, "dgst", dgst_main},
 #ifndef OPENSSL_NO_DH
    {FUNC_TYPE_GENERAL, "dh", dh_main},
 #endif
 #ifndef OPENSSL_NO_DH
    {FUNC_TYPE_GENERAL, "dhparam", dhparam_main},
 #endif
    {FUNC_TYPE_GENERAL, "enc", enc_main},
    {FUNC_TYPE_GENERAL, "passwd", passwd_main},
 #ifndef OPENSSL_NO_DH
    {FUNC_TYPE_GENERAL, "gendh", gendh_main},
 #endif
    {FUNC_TYPE_GENERAL, "errstr", errstr_main},
    {FUNC_TYPE_GENERAL, "ca", ca_main},
    {FUNC_TYPE_GENERAL, "crl", crl_main},
 #ifndef OPENSSL_NO_RSA
    {FUNC_TYPE_GENERAL, "rsa", rsa_main},
 #endif
 #ifndef OPENSSL_NO_RSA
    {FUNC_TYPE_GENERAL, "rsautl", rsautl_main},
 #endif
 #ifndef OPENSSL_NO_DSA
    {FUNC_TYPE_GENERAL, "dsa", dsa_main},
 #endif
 #ifndef OPENSSL_NO_DSA
    {FUNC_TYPE_GENERAL, "dsaparam", dsaparam_main},
 #endif
 #ifndef OPENSSL_NO_EC
    {FUNC_TYPE_GENERAL, "ec", ec_main},
 #endif
 #ifndef OPENSSL_NO_EC
    {FUNC_TYPE_GENERAL, "ecparam", ecparam_main},
 #endif
    {FUNC_TYPE_GENERAL, "x509", x509_main},
 #ifndef OPENSSL_NO_RSA
    {FUNC_TYPE_GENERAL, "genrsa", genrsa_main},
 #endif
 #ifndef OPENSSL_NO_DSA
    {FUNC_TYPE_GENERAL, "gendsa", gendsa_main},
 #endif
    {FUNC_TYPE_GENERAL, "genpkey", genpkey_main},
 #if !defined(OPENSSL_NO_SOCK)
    {FUNC_TYPE_GENERAL, "s_server", s_server_main},
 #endif
 #if !defined(OPENSSL_NO_SOCK)
    {FUNC_TYPE_GENERAL, "s_client", s_client_main},
 #endif
 #ifndef OPENSSL_NO_SPEED
    {FUNC_TYPE_GENERAL, "speed", speed_main},
 #endif
 #if !defined(OPENSSL_NO_SOCK)
    {FUNC_TYPE_GENERAL, "s_time", s_time_main},
 #endif
    {FUNC_TYPE_GENERAL, "version", version_main},
    {FUNC_TYPE_GENERAL, "pkcs7", pkcs7_main},
 #ifndef OPENSSL_NO_CMS
    {FUNC_TYPE_GENERAL, "cms", cms_main},
 #endif
    {FUNC_TYPE_GENERAL, "crl2pkcs7", crl2pkcs7_main},
    {FUNC_TYPE_GENERAL, "sess_id", sess_id_main},
 #if !defined(OPENSSL_NO_SOCK)
    {FUNC_TYPE_GENERAL, "ciphers", ciphers_main},
 #endif
    {FUNC_TYPE_GENERAL, "nseq", nseq_main},
 #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
    {FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main},
 #endif
    {FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main},
    {FUNC_TYPE_GENERAL, "pkey", pkey_main},
    {FUNC_TYPE_GENERAL, "pkeyparam", pkeyparam_main},
    {FUNC_TYPE_GENERAL, "pkeyutl", pkeyutl_main},
    {FUNC_TYPE_GENERAL, "spkac", spkac_main},
    {FUNC_TYPE_GENERAL, "smime", smime_main},
    {FUNC_TYPE_GENERAL, "rand", rand_main},
 #ifndef OPENSSL_NO_ENGINE
    {FUNC_TYPE_GENERAL, "engine", engine_main},
 #endif
 #ifndef OPENSSL_NO_OCSP
    {FUNC_TYPE_GENERAL, "ocsp", ocsp_main},
 #endif
    {FUNC_TYPE_GENERAL, "prime", prime_main},
    {FUNC_TYPE_GENERAL, "ts", ts_main},
 #ifndef OPENSSL_NO_SRP
    {FUNC_TYPE_GENERAL, "srp", srp_main},
 #endif
 #ifndef OPENSSL_NO_MD2
    {FUNC_TYPE_MD, "md2", dgst_main},
 #endif
 #ifndef OPENSSL_NO_MD4
    {FUNC_TYPE_MD, "md4", dgst_main},
 #endif
 #ifndef OPENSSL_NO_MD5
    {FUNC_TYPE_MD, "md5", dgst_main},
 #endif
 #ifndef OPENSSL_NO_SHA
    {FUNC_TYPE_MD, "sha", dgst_main},
 #endif
 #ifndef OPENSSL_NO_SHA1
    {FUNC_TYPE_MD, "sha1", dgst_main},
 #endif
 #ifndef OPENSSL_NO_MDC2
    {FUNC_TYPE_MD, "mdc2", dgst_main},
 #endif
 #ifndef OPENSSL_NO_RMD160
    {FUNC_TYPE_MD, "rmd160", dgst_main},
 #endif
 #ifndef OPENSSL_NO_AES
    {FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_AES
    {FUNC_TYPE_CIPHER, "aes-128-ecb", enc_main},
 #endif
 #ifndef OPENSSL_NO_AES
    {FUNC_TYPE_CIPHER, "aes-192-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_AES
    {FUNC_TYPE_CIPHER, "aes-192-ecb", enc_main},
 #endif
 #ifndef OPENSSL_NO_AES
    {FUNC_TYPE_CIPHER, "aes-256-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_AES
    {FUNC_TYPE_CIPHER, "aes-256-ecb", enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
    {FUNC_TYPE_CIPHER, "camellia-128-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
    {FUNC_TYPE_CIPHER, "camellia-128-ecb", enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
    {FUNC_TYPE_CIPHER, "camellia-192-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
    {FUNC_TYPE_CIPHER, "camellia-192-ecb", enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
    {FUNC_TYPE_CIPHER, "camellia-256-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
    {FUNC_TYPE_CIPHER, "camellia-256-ecb", enc_main},
 #endif
    {FUNC_TYPE_CIPHER, "base64", enc_main},
 #ifdef ZLIB
    {FUNC_TYPE_CIPHER, "zlib", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des3", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "desx", enc_main},
 #endif
 #ifndef OPENSSL_NO_IDEA
    {FUNC_TYPE_CIPHER, "idea", enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
    {FUNC_TYPE_CIPHER, "seed", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC4
    {FUNC_TYPE_CIPHER, "rc4", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC4
    {FUNC_TYPE_CIPHER, "rc4-40", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC2
    {FUNC_TYPE_CIPHER, "rc2", enc_main},
 #endif
 #ifndef OPENSSL_NO_BF
    {FUNC_TYPE_CIPHER, "bf", enc_main},
 #endif
 #ifndef OPENSSL_NO_CAST
    {FUNC_TYPE_CIPHER, "cast", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC5
    {FUNC_TYPE_CIPHER, "rc5", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des-ecb", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des-ede", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des-ede3", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des-ede-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des-ede3-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des-cfb", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des-ede-cfb", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des-ede3-cfb", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des-ofb", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des-ede-ofb", enc_main},
 #endif
 #ifndef OPENSSL_NO_DES
    {FUNC_TYPE_CIPHER, "des-ede3-ofb", enc_main},
 #endif
 #ifndef OPENSSL_NO_IDEA
    {FUNC_TYPE_CIPHER, "idea-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_IDEA
    {FUNC_TYPE_CIPHER, "idea-ecb", enc_main},
 #endif
 #ifndef OPENSSL_NO_IDEA
    {FUNC_TYPE_CIPHER, "idea-cfb", enc_main},
 #endif
 #ifndef OPENSSL_NO_IDEA
    {FUNC_TYPE_CIPHER, "idea-ofb", enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
    {FUNC_TYPE_CIPHER, "seed-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
    {FUNC_TYPE_CIPHER, "seed-ecb", enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
    {FUNC_TYPE_CIPHER, "seed-cfb", enc_main},
 #endif
 #ifndef OPENSSL_NO_SEED
    {FUNC_TYPE_CIPHER, "seed-ofb", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC2
    {FUNC_TYPE_CIPHER, "rc2-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC2
    {FUNC_TYPE_CIPHER, "rc2-ecb", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC2
    {FUNC_TYPE_CIPHER, "rc2-cfb", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC2
    {FUNC_TYPE_CIPHER, "rc2-ofb", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC2
    {FUNC_TYPE_CIPHER, "rc2-64-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC2
    {FUNC_TYPE_CIPHER, "rc2-40-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_BF
    {FUNC_TYPE_CIPHER, "bf-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_BF
    {FUNC_TYPE_CIPHER, "bf-ecb", enc_main},
 #endif
 #ifndef OPENSSL_NO_BF
    {FUNC_TYPE_CIPHER, "bf-cfb", enc_main},
 #endif
 #ifndef OPENSSL_NO_BF
    {FUNC_TYPE_CIPHER, "bf-ofb", enc_main},
 #endif
 #ifndef OPENSSL_NO_CAST
    {FUNC_TYPE_CIPHER, "cast5-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_CAST
    {FUNC_TYPE_CIPHER, "cast5-ecb", enc_main},
 #endif
 #ifndef OPENSSL_NO_CAST
    {FUNC_TYPE_CIPHER, "cast5-cfb", enc_main},
 #endif
 #ifndef OPENSSL_NO_CAST
    {FUNC_TYPE_CIPHER, "cast5-ofb", enc_main},
 #endif
 #ifndef OPENSSL_NO_CAST
    {FUNC_TYPE_CIPHER, "cast-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC5
    {FUNC_TYPE_CIPHER, "rc5-cbc", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC5
    {FUNC_TYPE_CIPHER, "rc5-ecb", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC5
    {FUNC_TYPE_CIPHER, "rc5-cfb", enc_main},
 #endif
 #ifndef OPENSSL_NO_RC5
    {FUNC_TYPE_CIPHER, "rc5-ofb", enc_main},
 #endif
    {0, NULL, NULL}
 };
--- a/apps/tsget.cmake
+++ b/apps/tsget.cmake
@ -0,0 +1,195 @@
 #!/usr/bin/perl -w
 # Written by Zoltan Glozik <zglozik@stones.com>.
 # Copyright (c) 2002 The OpenTSA Project.  All rights reserved.
 $::version = '$Id: tsget,v 1.1.2.2 2009/09/07 17:57:02 steve Exp $';
 use strict;
 use IO::Handle;
 use Getopt::Std;
 use File::Basename;
 use WWW::Curl::Easy;
 use vars qw(%options);
 # Callback for reading the body.
 sub read_body {
    my ($maxlength, $state) = @_;
    my $return_data = "";
    my $data_len = length ${$state->{data}};
    if ($state->{bytes} < $data_len) {
 	$data_len = $data_len - $state->{bytes};
 	$data_len = $maxlength if $data_len > $maxlength;
 	$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
 	$state->{bytes} += $data_len;
    }
    return $return_data;
 }
 # Callback for writing the body into a variable.
 sub write_body {
    my ($data, $pointer) = @_;
    ${$pointer} .= $data;
    return length($data);
 }
 # Initialise a new Curl object.
 sub create_curl {
    my $url = shift;
    # Create Curl object.
    my $curl = WWW::Curl::Easy::new();
    # Error-handling related options.
    $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
    $curl->setopt(CURLOPT_FAILONERROR, 1);
    $curl->setopt(CURLOPT_USERAGENT, "OpenTSA tsget.pl/" . (split / /, $::version)[2]);
    # Options for POST method.
    $curl->setopt(CURLOPT_UPLOAD, 1);
    $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
    $curl->setopt(CURLOPT_HTTPHEADER,
 		["Content-Type: application/timestamp-query",
 		"Accept: application/timestamp-reply,application/timestamp-response"]);
    $curl->setopt(CURLOPT_READFUNCTION, \&read_body);
    $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
    # Options for getting the result.
    $curl->setopt(CURLOPT_WRITEFUNCTION, \&write_body);
    # SSL related options.
    $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM");
    $curl->setopt(CURLOPT_SSL_VERIFYPEER, 1);	# Verify server's certificate.
    $curl->setopt(CURLOPT_SSL_VERIFYHOST, 2);	# Check server's CN.
    $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k});
    $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p});
    $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c});
    $curl->setopt(CURLOPT_CAINFO, $options{C}) if defined($options{C});
    $curl->setopt(CURLOPT_CAPATH, $options{P}) if defined($options{P});
    $curl->setopt(CURLOPT_RANDOM_FILE, $options{r}) if defined($options{r});
    $curl->setopt(CURLOPT_EGDSOCKET, $options{g}) if defined($options{g});
    # Setting destination.
    $curl->setopt(CURLOPT_URL, $url);
    return $curl;
 }
 # Send a request and returns the body back.
 sub get_timestamp {
    my $curl = shift;
    my $body = shift;
    my $ts_body;
    local $::error_buf;
    # Error-handling related options.
    $curl->setopt(CURLOPT_ERRORBUFFER, "::error_buf");
    # Options for POST method.
    $curl->setopt(CURLOPT_INFILE, {data => $body, bytes => 0});
    $curl->setopt(CURLOPT_INFILESIZE, length(${$body}));
    # Options for getting the result.
    $curl->setopt(CURLOPT_FILE, \$ts_body);
    # Send the request...
    my $error_code = $curl->perform();
    my $error_string;
    if ($error_code != 0) {
        my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE);
 	$error_string = "could not get timestamp";
 	$error_string .= ", http code: $http_code" unless $http_code == 0;
 	$error_string .= ", curl code: $error_code";
 	$error_string .= " ($::error_buf)" if defined($::error_buf);
    } else {
        my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
 	if (lc($ct) ne "application/timestamp-reply"
 	    && lc($ct) ne "application/timestamp-response") {
 	    $error_string = "unexpected content type returned: $ct";
        }
    }
    return ($ts_body, $error_string);
 }
 # Print usage information and exists.
 sub usage {
    print STDERR "usage: $0 -h <server_url> [-e <extension>] [-o <output>] ";
    print STDERR "[-v] [-d] [-k <private_key.pem>] [-p <key_password>] ";
    print STDERR "[-c <client_cert.pem>] [-C <CA_certs.pem>] [-P <CA_path>] ";
    print STDERR "[-r <file:file...>] [-g <EGD_socket>] [<request>]...\n";
    exit 1;
 }
 # ----------------------------------------------------------------------
 #   Main program
 # ----------------------------------------------------------------------
 # Getting command-line options (default comes from TSGET environment variable).
 my $getopt_arg =  "h:e:o:vdk:p:c:C:P:r:g:";
 if (exists $ENV{TSGET}) {
    my @old_argv = @ARGV;
    @ARGV = split /\s+/, $ENV{TSGET};
    getopts($getopt_arg, \%options) or usage;
    @ARGV = @old_argv;
 }
 getopts($getopt_arg, \%options) or usage;
 # Checking argument consistency.
 if (!exists($options{h}) || (@ARGV == 0 && !exists($options{o}))
    || (@ARGV > 1 && exists($options{o}))) {
    print STDERR "Inconsistent command line options.\n";
    usage;
 }
 # Setting defaults.
@ARGV = ("-") unless @ARGV != 0;
 $options{e} = ".tsr" unless defined($options{e});
 # Processing requests.
 my $curl = create_curl $options{h};
 undef $/;   # For reading whole files.
 REQUEST: foreach (@ARGV) {
    my $input = $_;
    my ($base, $path) = fileparse($input, '\.[^.]*');
    my $output_base = $base . $options{e};
    my $output = defined($options{o}) ? $options{o} : $path . $output_base;
    STDERR->printflush("$input: ") if $options{v};
    # Read request.
    my $body;
    if ($input eq "-") {
 	# Read the request from STDIN;
 	$body = <STDIN>;
    } else {
 	# Read the request from file.
        open INPUT, "<" . $input
 	    or warn("$input: could not open input file: $!\n"), next REQUEST;
        $body = <INPUT>;
        close INPUT
 	    or warn("$input: could not close input file: $!\n"), next REQUEST;
    }
    # Send request.
    STDERR->printflush("sending request") if $options{v};
    my ($ts_body, $error) = get_timestamp $curl, \$body;
    if (defined($error)) {
 	die "$input: fatal error: $error\n";
    }
    STDERR->printflush(", reply received") if $options{v};
    # Write response.
    if ($output eq "-") {
 	# Write to STDOUT.
        print $ts_body;
    } else {
 	# Write to file.
        open OUTPUT, ">", $output
 	    or warn("$output: could not open output file: $!\n"), next REQUEST;
        print OUTPUT $ts_body;
        close OUTPUT
 	    or warn("$output: could not close output file: $!\n"), next REQUEST;
    }
    STDERR->printflush(", $output written.\n") if $options{v};
 }
 $curl->cleanup();
--- a/c_rehash.cmake
+++ b/c_rehash.cmake
@ -0,0 +1,210 @@
 #!/usr/bin/perl
 # Perl c_rehash script, scan all files in a directory
 # and add symbolic links to their hash values.
 my $dir = "%OPENSSLDIR%";
 my $prefix = "%CMAKE_INSTALL_PREFIX%";
 my $openssl = $ENV{OPENSSL} || "openssl";
 my $pwd;
 my $x509hash = "-subject_hash";
 my $crlhash = "-hash";
 my $verbose = 0;
 my $symlink_exists=eval {symlink("",""); 1};
 my $removelinks = 1;
 ##  Parse flags.
 while ( $ARGV[0] =~ /^-/ ) {
    my $flag = shift @ARGV;
    last if ( $flag eq '--');
    if ( $flag eq '-old') {
 	    $x509hash = "-subject_hash_old";
 	    $crlhash = "-hash_old";
    } elsif ( $flag eq '-h') {
 	    help();
    } elsif ( $flag eq '-n' ) {
 	    $removelinks = 0;
    } elsif ( $flag eq '-v' ) {
 	    $verbose++;
    }
    else {
 	    print STDERR "Usage error; try -help.\n";
 	    exit 1;
    }
 }
 sub help {
 	print "Usage: c_rehash [-old] [-h] [-v] [dirs...]\n";
 	print "   -old use old-style digest\n";
 	print "   -h print this help text\n";
 	print "   -v print files removed and linked\n";
 	exit 0;
 }
 eval "require Cwd";
 if (defined(&Cwd::getcwd)) {
 	$pwd=Cwd::getcwd();
 } else {
 	$pwd=`pwd`;
 	chomp($pwd);
 }
 # DOS/Win32 or Unix delimiter?  Prefix our installdir, then search.
 my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
 $ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
 if(! -x $openssl) {
 	my $found = 0;
 	foreach (split /$path_delim/, $ENV{PATH}) {
 		if(-x "$_/$openssl") {
 			$found = 1;
 			$openssl = "$_/$openssl";
 			last;
 		}	
 	}
 	if($found == 0) {
 		print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
 		exit 0;
 	}
 }
 if(@ARGV) {
 	@dirlist = @ARGV;
 } elsif($ENV{SSL_CERT_DIR}) {
 	@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
 } else {
 	$dirlist[0] = "$dir/certs";
 }
 if (-d $dirlist[0]) {
 	chdir $dirlist[0];
 	$openssl="$pwd/$openssl" if (!-x $openssl);
 	chdir $pwd;
 }
 foreach (@dirlist) {
 	if(-d $_ and -w $_) {
 		hash_dir($_);
 	}
 }
 sub hash_dir {
 	my %hashlist;
 	print "Doing $_[0]\n";
 	chdir $_[0];
 	opendir(DIR, ".");
 	my @flist = readdir(DIR);
 	closedir DIR;
 	if ( $removelinks ) {
 		# Delete any existing symbolic links
 		foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
 			if(-l $_) {
 				unlink $_;
 				print "unlink $_" if $verbose;
 			}
 		}
 	}
 	FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
 		# Check to see if certificates and/or CRLs present.
 		my ($cert, $crl) = check_file($fname);
 		if(!$cert && !$crl) {
 			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
 			next;
 		}
 		link_hash_cert($fname) if($cert);
 		link_hash_crl($fname) if($crl);
 	}
 }
 sub check_file {
 	my ($is_cert, $is_crl) = (0,0);
 	my $fname = $_[0];
 	open IN, $fname;
 	while(<IN>) {
 		if(/^-----BEGIN (.*)-----/) {
 			my $hdr = $1;
 			if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
 				$is_cert = 1;
 				last if($is_crl);
 			} elsif($hdr eq "X509 CRL") {
 				$is_crl = 1;
 				last if($is_cert);
 			}
 		}
 	}
 	close IN;
 	return ($is_cert, $is_crl);
 }
 # Link a certificate to its subject name hash value, each hash is of
 # the form <hash>.<n> where n is an integer. If the hash value already exists
 # then we need to up the value of n, unless its a duplicate in which
 # case we skip the link. We check for duplicates by comparing the
 # certificate fingerprints
 sub link_hash_cert {
 		my $fname = $_[0];
 		$fname =~ s/'/'\\''/g;
 		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
 		chomp $hash;
 		chomp $fprint;
 		$fprint =~ s/^.*=//;
 		$fprint =~ tr/://d;
 		my $suffix = 0;
 		# Search for an unused hash filename
 		while(exists $hashlist{"$hash.$suffix"}) {
 			# Hash matches: if fingerprint matches its a duplicate cert
 			if($hashlist{"$hash.$suffix"} eq $fprint) {
 				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
 				return;
 			}
 			$suffix++;
 		}
 		$hash .= ".$suffix";
 		if ($symlink_exists) {
 			symlink $fname, $hash;
 			print "link $fname -> $hash\n" if $verbose;
 		} else {
 			open IN,"<$fname" or die "can't open $fname for read";
 			open OUT,">$hash" or die "can't open $hash for write";
 			print OUT <IN>;	# does the job for small text files
 			close OUT;
 			close IN;
 			print "copy $fname -> $hash\n" if $verbose;
 		}
 		$hashlist{$hash} = $fprint;
 }
 # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
 sub link_hash_crl {
 		my $fname = $_[0];
 		$fname =~ s/'/'\\''/g;
 		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
 		chomp $hash;
 		chomp $fprint;
 		$fprint =~ s/^.*=//;
 		$fprint =~ tr/://d;
 		my $suffix = 0;
 		# Search for an unused hash filename
 		while(exists $hashlist{"$hash.r$suffix"}) {
 			# Hash matches: if fingerprint matches its a duplicate cert
 			if($hashlist{"$hash.r$suffix"} eq $fprint) {
 				print STDERR "WARNING: Skipping duplicate CRL $fname\n";
 				return;
 			}
 			$suffix++;
 		}
 		$hash .= ".r$suffix";
 		if ($symlink_exists) {
 			symlink $fname, $hash;
 			print "link $fname -> $hash\n" if $verbose;
 		} else {
 			system ("cp", $fname, $hash);
 			print "cp $fname -> $hash\n" if $verbose;
 		}
 		$hashlist{$hash} = $fprint;
 }
--- a/cmake/MSVCRuntime.cmake
+++ b/cmake/MSVCRuntime.cmake
@ -1,11 +1,5 @@
 macro(configure_msvc_runtime)
 	if(MSVC)
 		# Default to statically-linked runtime.
 		if("${MSVC_RUNTIME}" STREQUAL "")
 			set(MSVC_RUNTIME "static")
 		endif()
 		# Set compiler options.
 		set(variables
 			CMAKE_C_FLAGS
@ -19,20 +13,17 @@ macro(configure_msvc_runtime)
 			CMAKE_CXX_FLAGS_RELEASE
 			CMAKE_CXX_FLAGS_RELWITHDEBINFO)
-		if(${MSVC_RUNTIME} STREQUAL "static")
+		if(BUILD_SHARED_LIBS)
-			message(STATUS "MSVC: using statically-linked runtime (/MT and /MTd).")
+			set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS ON)
 			foreach(variable ${variables})
 				if(${variable} MATCHES "/MD")
 					string(REGEX REPLACE "/MD" "/MT" ${variable} "${${variable}}")
 				endif()
 			endforeach()
 		else()
-			message(STATUS "MSVC: using dynamically-linked runtime (/MD and /MDd).")
+			if(NOT MSVC_DYNAMIC_RUNTIME)
-			foreach(variable ${variables})
+				message(STATUS "MSVC: using statically-linked runtime (/MT and /MTd).")
-				if(${variable} MATCHES "/MT")
+				foreach(variable ${variables})
-					string(REGEX REPLACE "/MT" "/MD" ${variable} "${${variable}}")
+					if(${variable} MATCHES "/MD")
-				endif()
+						string(REGEX REPLACE "/MD" "/MT" ${variable} "${${variable}}")
-			endforeach()
+					endif()
 				endforeach()
 			endif()
 		endif()
 		foreach(variable ${variables})
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@ -26,49 +26,38 @@
 include( CMakeParseArguments )
-file( READ opensslconf.h.cmake CONF )
+string(TIMESTAMP BUILDINF_DATE "%Y-%m-%d %H:%M:%S UTC" UTC)
 configure_file( buildinf.h.cmake buildinf.h )
-set( CONF "
+include( CheckIncludeFile )
-#define OPENSSL_NO_GMP
+CHECK_INCLUDE_FILE( fcntl.h CHK_DLFCN )
-#define OPENSSL_NO_JPAKE
+if( CHK_DLFCN )
-#define OPENSSL_NO_KRB5
+  set( HAVE_DLFCN_H ON )
-#define OPENSSL_NO_MD2
+  add_definitions( -DHAVE_DLFCN_H )
 #define OPENSSL_NO_RC5
 #define OPENSSL_NO_RFC3779
 #define OPENSSL_NO_STORE
 #define OPENSSL_NO_DYNAMIC_ENGINE
 #define OPENSSL_NO_SCTP
 #define OPENSSL_NO_EC_NISTP_64_GCC_128
 ${CONF}" )
 file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/opensslconf.h.cmake "${CONF}" )
 #~2DO: set BUILDINF_DATE to `date LC_ALL=C LC_TIME=C`
 configure_file ( buildinf.h.cmake buildinf.h )
 include(CheckTypeSize)
 check_type_size( "long" LONG_INT )
 check_type_size( "long long" LONG_LONG_INT )
 check_type_size( "int" INT )
 if ( HAVE_LONG_INT AND (${LONG_INT} EQUAL 8) )
  set ( SIXTY_FOUR_BIT_LONG ON )
 elseif ( HAVE_LONG_LONG_INT AND (${LONG_LONG_INT} EQUAL 8) )
  set ( SIXTY_FOUR_BIT ON )
 else()
  set ( THIRTY_TWO_BIT ON )
 endif()
-if ( WIN32 AND MINGW AND NOT CYGWIN )
+if( APPLE )
-  set( OPENSSL_EXPORT_VAR_AS_FUNCTION true )
+  add_definitions( -DDSO_DLFCN )
 elseif( WIN32 AND NOT CYGWIN )
  add_definitions( -DDSO_WIN32 )
 elseif( CYGWIN )
  add_definitions( -DDSO_DLFCN )
 elseif( CHK_DLFCN )
  add_definitions( -DDSO_DLFCN )
 endif()
 configure_file( ${CMAKE_CURRENT_BINARY_DIR}/opensslconf.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/openssl/opensslconf.h )
 set( LIBSRC
  cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c
  ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
  )
-include_directories( BEFORE SYSTEM ${CMAKE_CURRENT_BINARY_DIR} asn1 evp modes )
+include_directories( BEFORE SYSTEM
  asn1 evp modes
  ${CMAKE_CURRENT_SOURCE_DIR}/ # IMPORTANT: opensslconf.h must be removed from sources
  ${CMAKE_CURRENT_BINARY_DIR}/ # buildconf.h
  ${PROJECT_SOURCE_DIR}/ # e_os.h
  ${PROJECT_BINARY_DIR}/include # public
 )
 if( BUILD_SHARED_LIBS )
  add_definitions( -DOPENSSL_BUILD_SHLIBCRYPTO )
@ -95,7 +84,7 @@ endmacro( add_submodule )
 add_submodule ( ../engines e_4758cca.c e_aep.c e_atalla.c e_cswift.c e_gmp.c e_chil.c
  e_nuron.c e_sureware.c e_ubsec.c e_padlock.c e_capi.c )
-#~2DO: ok?
+
 add_submodule ( ../engines/ccgost e_gost_err.c gost2001.c gost2001_keyx.c gost89.c
  gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c
  gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c )
@ -109,6 +98,7 @@ endif( WIN32 AND NOT CYGWIN )
 add_submodule ( aes aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c
  aes_ctr.c aes_ige.c aes_wrap.c EXHEADERS aes.h )
 add_submodule ( asn1 a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c
  a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_enum.c a_utf8.c a_sign.c
  a_digest.c a_verify.c a_mbstr.c a_strex.c x_algor.c x_val.c x_pubkey.c x_sig.c
@ -119,47 +109,67 @@ add_submodule ( asn1 a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c
  f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c asn1_gen.c
  asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c evp_asn1.c asn_pack.c p5_pbe.c
  p5_pbev2.c p8_pkey.c asn_moid.c EXHEADERS asn1.h asn1_mac.h asn1t.h )
 add_submodule ( bf bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c EXHEADERS blowfish.h )
 add_submodule ( bio bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c
  bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c
  bf_nbio.c bss_log.c bss_bio.c bss_dgram.c # bf_lbuf.c
  EXHEADERS bio.h )
 add_submodule ( bn bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c
  bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c bn_kron.c bn_sqrt.c bn_gcd.c
  bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c
  bn_nist.c bn_depr.c bn_const.c EXHEADERS bn.h )
 add_submodule ( buffer buffer.c buf_err.c buf_str.c EXHEADERS buffer.h )
 add_submodule ( camellia camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c
  cmll_cfb.c cmll_ctr.c cmll_utl.c EXHEADERS camellia.h )
 add_submodule ( cast c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c EXHEADERS cast.h )
 add_submodule ( cmac cm_ameth.c cm_pmeth.c cmac.c EXHEADERS cmac.h )
 add_submodule ( cms cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c
  cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c cms_pwri.c cms_kari.c
  EXHEADERS cms.h )
 add_submodule ( comp comp_lib.c comp_err.c c_rle.c c_zlib.c EXHEADERS comp.h )
 add_submodule ( conf conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c conf_mall.c
  conf_sap.c EXHEADERS conf.h conf_api.h )
 add_submodule ( des cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c
  enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c
  rpc_enc.c set_key.c des_enc.c fcrypt_b.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c
  ede_cbcm_enc.c des_old.c des_old2.c read2pwd.c EXHEADERS des.h des_old.h )
 add_submodule ( dh dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c
  dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_kdf.c EXHEADERS dh.h )
 add_submodule ( dsa dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c
  dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c EXHEADERS dsa.h )
 add_submodule ( dso dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c dso_openssl.c
  dso_win32.c dso_vms.c dso_beos.c EXHEADERS dso.h )
 add_submodule ( ec ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c ec_err.c
  ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c ec2_smpl.c ec2_mult.c ec_ameth.c
  ec_oct.c ec_pmeth.c eck_prn.c ecp_oct.c ec2_oct.c EXHEADERS ec.h )
 add_submodule ( ecdh ech_lib.c ech_ossl.c ech_key.c ech_err.c ech_kdf.c EXHEADERS ecdh.h )
 add_submodule ( ecdsa ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c ecs_err.c
  EXHEADERS ecdsa.h )
 add_submodule ( engine eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c eng_table.c
  eng_pkey.c eng_fat.c eng_all.c tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c
  tb_store.c tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c eng_openssl.c eng_cnf.c
  eng_dyn.c eng_cryptodev.c eng_rdrand.c EXHEADERS engine.h )
 add_submodule ( err err.c err_all.c err_prn.c EXHEADERS err.h )
 add_submodule ( evp encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c e_des.c
  e_bf.c e_idea.c e_des3.c e_camellia.c e_rc4.c e_aes.c names.c e_seed.c e_xcbc_d.c e_rc2.c
  e_cast.c e_rc5.c m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c m_dss.c
@ -168,59 +178,92 @@ add_submodule ( evp encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c e
  c_alld.c evp_lib.c bio_ok.c evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c e_old.c pmeth_lib.c
  pmeth_fn.c pmeth_gn.c m_sigver.c e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c
  e_rc4_hmac_md5.c EXHEADERS evp.h )
 add_submodule ( hmac hmac.c hm_ameth.c hm_pmeth.c EXHEADERS hmac.h )
 add_submodule ( idea i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c EXHEADERS idea.h )
 # add_submodule(jpake jpake.c jpake_err.c EXHEADERS jpake.h)
 add_submodule ( krb5 krb5_asn.c EXHEADERS krb5_asn.h )
 add_submodule ( lhash lhash.c lh_stats.c EXHEADERS lhash.h )
 # add_submodule(md2 md2_dgst.c md2_one.c EXHEADERS md2.h )
 add_submodule ( md4 md4_dgst.c md4_one.c EXHEADERS md4.h )
 add_submodule ( md5 md5_dgst.c md5_one.c EXHEADERS md5.h )
 add_submodule ( mdc2 mdc2dgst.c mdc2_one.c EXHEADERS mdc2.h )
 add_submodule ( modes cbc128.c ccm128.c ctr128.c cts128.c cfb128.c gcm128.c ofb128.c
  xts128.c wrap128.c EXHEADERS modes.h )
 add_submodule ( objects o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c EXHEADERS
  objects.h obj_mac.h )
 add_submodule ( ocsp ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c ocsp_srv.c
  ocsp_prn.c ocsp_vfy.c ocsp_err.c EXHEADERS ocsp.h )
 add_submodule ( pem pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
  pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c EXHEADERS pem.h pem2.h )
 add_submodule ( pkcs12 p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c
  p12_init.c p12_key.c p12_kiss.c p12_mutl.c p12_utl.c p12_npas.c pk12err.c p12_p8d.c
  p12_p8e.c EXHEADERS pkcs12.h )
 add_submodule ( pkcs7 pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c
  pk7_mime.c bio_pk7.c EXHEADERS pkcs7.h )
 add_submodule ( pqueue pqueue.c EXHEADERS pqueue.h )
 add_submodule ( rand md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c rand_win.c
  rand_unix.c rand_os2.c rand_nw.c EXHEADERS rand.h )
 add_submodule ( rc2 rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c EXHEADERS
  rc2.h )
 add_submodule ( rc4 rc4_skey.c rc4_enc.c rc4_utl.c EXHEADERS rc4.h )
 #add_submodule(rc5 rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c
 #   EXHEADERS rc5.h )
 add_submodule ( ripemd rmd_dgst.c rmd_one.c EXHEADERS ripemd.h )
 add_submodule ( rsa rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
  rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c rsa_pss.c rsa_x931.c
  rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c rsa_pmeth.c rsa_crpt.c EXHEADERS rsa.h )
 add_submodule ( seed seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c EXHEADERS
  seed.h )
 add_submodule ( sha sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c
  EXHEADERS sha.h )
 add_submodule ( srp srp_lib.c srp_vfy.c EXHEADERS srp.h srp_grps.h srp_lcl.h )
 add_submodule ( stack stack.c EXHEADERS stack.h safestack.h )
 #add_submodule(store str_err.c str_lib.c str_meth.c str_mem.c
 #   EXHEADERS store.h )
 add_submodule ( ts ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c ts_rsp_print.c
  ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_lib.c ts_conf.c ts_asn1.c EXHEADERS
  ts.h )
 add_submodule ( txt_db txt_db.c EXHEADERS txt_db.h )
 add_submodule ( ui ui_err.c ui_lib.c ui_openssl.c ui_util.c ui_compat.c EXHEADERS
  ui.h ui_compat.h )
 add_submodule ( whrlpool wp_dgst.c wp_block.c EXHEADERS whrlpool.h )
 add_submodule ( x509 x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c
  x509spki.c x509_vfy.c x509_set.c x509cset.c x509rset.c x509_err.c x509name.c x509_v3.c
  x509_ext.c x509_att.c x509type.c x509_lu.c x_all.c x509_txt.c x509_trs.c by_file.c
  by_dir.c x509_vpm.c EXHEADERS x509.h x509_vfy.h )
 add_submodule ( x509v3 v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c
  v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c v3_int.c
  v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c v3_ocsp.c v3_akeya.c
@ -231,20 +274,36 @@ add_submodule ( x509v3 v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_li
 add_submodule ( . EXHEADERS crypto.h opensslv.h ebcdic.h symhacks.h
  ossl_typ.h )
 foreach( header ${EXHEADERS} )
    file ( COPY ${header} DESTINATION ${PROJECT_BINARY_DIR}/include/openssl )
 endforeach( header )
 add_library( crypto ${LIBSRC} ${OBJECTS_SRC} )
 target_include_directories( crypto PUBLIC ${PROJECT_BINARY_DIR}/include )
 if( WIN32 AND NOT CYGWIN )
  target_link_libraries( crypto ws2_32 crypt32 )
 else()
  if( CHK_DLFCN AND HAVE_DLFCN_H )
    target_link_libraries( crypto dl )
  endif()
 endif()
 set_target_properties( crypto PROPERTIES
  VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}" )
-foreach( header ${EXHEADERS} )
+if( ANDROID )
-    file ( COPY ${header} DESTINATION ${PROJECT_BINARY_DIR}/include/openssl )
+  set_target_properties( crypto PROPERTIES OUTPUT_NAME "crypto" )
-endforeach( header )
+endif()
-configure_file( opensslconf.h.cmake ${PROJECT_BINARY_DIR}/include/openssl/opensslconf.h )
+if( MSVC )
  if( CMAKE_SIZEOF_VOID_P EQUAL 8 )
    set_target_properties( crypto PROPERTIES OUTPUT_NAME "libeay32" )
  elseif( CMAKE_SIZEOF_VOID_P EQUAL 4 )
    set_target_properties( crypto PROPERTIES OUTPUT_NAME "libeay32" )
  endif()
 endif()
 install( TARGETS crypto
    RUNTIME DESTINATION bin
--- a/crypto/buildinf.h.cmake
+++ b/crypto/buildinf.h.cmake
@ -1,10 +1,7 @@
 #ifndef MK1MF_BUILD
  /* auto-generated by crypto/Makefile for crypto/cversion.c */
-  #define CFLAGS "@CMAKE_C_COMPILER@ @CMAKE_C_FLAGS@"
+  #define CFLAGS "compiler: @CMAKE_C_COMPILER@ @CMAKE_C_FLAGS@"
-  #define PLATFORM "@CMAKE_SYSTEM_NAME@"
+  #define PLATFORM "platform: @CMAKE_SYSTEM_NAME@"
-  #define DATE "@BUILDINF_DATE@"
+  #define DATE "built on: @BUILDINF_DATE@"
 #endif
 /* ~2DO: is the above ok? */
--- a/crypto/opensslconf.h
+++ b/crypto/opensslconf.h
@ -1,265 +0,0 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 #ifdef  __cplusplus
 extern "C" {
 #endif
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
 # define OPENSSL_NO_EC_NISTP_64_GCC_128
 #endif
 #ifndef OPENSSL_NO_GMP
 # define OPENSSL_NO_GMP
 #endif
 #ifndef OPENSSL_NO_JPAKE
 # define OPENSSL_NO_JPAKE
 #endif
 #ifndef OPENSSL_NO_KRB5
 # define OPENSSL_NO_KRB5
 #endif
 #ifndef OPENSSL_NO_LIBUNBOUND
 # define OPENSSL_NO_LIBUNBOUND
 #endif
 #ifndef OPENSSL_NO_MD2
 # define OPENSSL_NO_MD2
 #endif
 #ifndef OPENSSL_NO_RC5
 # define OPENSSL_NO_RC5
 #endif
 #ifndef OPENSSL_NO_RFC3779
 # define OPENSSL_NO_RFC3779
 #endif
 #ifndef OPENSSL_NO_SCTP
 # define OPENSSL_NO_SCTP
 #endif
 #ifndef OPENSSL_NO_SSL_TRACE
 # define OPENSSL_NO_SSL_TRACE
 #endif
 #ifndef OPENSSL_NO_SSL2
 # define OPENSSL_NO_SSL2
 #endif
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
 #ifndef OPENSSL_NO_UNIT_TEST
 # define OPENSSL_NO_UNIT_TEST
 #endif
 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
 # define OPENSSL_NO_WEAK_SSL_CIPHERS
 #endif
 #endif /* OPENSSL_DOING_MAKEDEPEND */
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 # define OPENSSL_NO_DYNAMIC_ENGINE
 #endif
 /* The OPENSSL_NO_* macros are also defined as NO_* if the application
   asks for it.  This is a transient feature that is provided for those
   who haven't had the time to do the appropriate changes in their
   applications.  */
 #ifdef OPENSSL_ALGORITHM_DEFINES
 # if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
 #  define NO_EC_NISTP_64_GCC_128
 # endif
 # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
 #  define NO_GMP
 # endif
 # if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
 #  define NO_JPAKE
 # endif
 # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
 #  define NO_KRB5
 # endif
 # if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND)
 #  define NO_LIBUNBOUND
 # endif
 # if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
 #  define NO_MD2
 # endif
 # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
 #  define NO_RC5
 # endif
 # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
 #  define NO_RFC3779
 # endif
 # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
 #  define NO_SCTP
 # endif
 # if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)
 #  define NO_SSL_TRACE
 # endif
 # if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
 #  define NO_SSL2
 # endif
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif
 # if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
 #  define NO_UNIT_TEST
 # endif
 # if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS)
 #  define NO_WEAK_SSL_CIPHERS
 # endif
 #endif
 /* crypto/opensslconf.h.in */
 /* Generate 80386 code? */
 #undef I386_ONLY
 #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
 #define ENGINESDIR "/usr/local/ssl/lib/engines"
 #define OPENSSLDIR "/usr/local/ssl"
 #endif
 #endif
 #undef OPENSSL_UNISTD
 #define OPENSSL_UNISTD <unistd.h>
 #undef OPENSSL_EXPORT_VAR_AS_FUNCTION
 #if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
 #define IDEA_INT unsigned int
 #endif
 #if defined(HEADER_MD2_H) && !defined(MD2_INT)
 #define MD2_INT unsigned int
 #endif
 #if defined(HEADER_RC2_H) && !defined(RC2_INT)
 /* I need to put in a mod for the alpha - eay */
 #define RC2_INT unsigned int
 #endif
 #if defined(HEADER_RC4_H)
 #if !defined(RC4_INT)
 /* using int types make the structure larger but make the code faster
 * on most boxes I have tested - up to %20 faster. */
 /*
 * I don't know what does "most" mean, but declaring "int" is a must on:
 * - Intel P6 because partial register stalls are very expensive;
 * - elder Alpha because it lacks byte load/store instructions;
 */
 #define RC4_INT unsigned int
 #endif
 #if !defined(RC4_CHUNK)
 /*
 * This enables code handling data aligned at natural CPU word
 * boundary. See crypto/rc4/rc4_enc.c for further details.
 */
 #undef RC4_CHUNK
 #endif
 #endif
 #if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
 /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
 * %20 speed up (longs are 8 bytes, int's are 4). */
 #ifndef DES_LONG
 #define DES_LONG unsigned long
 #endif
 #endif
 #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
 #define CONFIG_HEADER_BN_H
 #undef BN_LLONG
 /* Should we define BN_DIV2W here? */
 /* Only one for the following should be defined */
 #undef SIXTY_FOUR_BIT_LONG
 #undef SIXTY_FOUR_BIT
 #define THIRTY_TWO_BIT
 #endif
 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
 #define CONFIG_HEADER_RC4_LOCL_H
 /* if this is defined data[i] is used instead of *data, this is a %20
 * speedup on x86 */
 #undef RC4_INDEX
 #endif
 #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
 #define CONFIG_HEADER_BF_LOCL_H
 #undef BF_PTR
 #endif /* HEADER_BF_LOCL_H */
 #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
 #define CONFIG_HEADER_DES_LOCL_H
 #ifndef DES_DEFAULT_OPTIONS
 /* the following is tweaked from a config script, that is why it is a
 * protected undef/define */
 #ifndef DES_PTR
 #undef DES_PTR
 #endif
 /* This helps C compiler generate the correct code for multiple functional
 * units.  It reduces register dependancies at the expense of 2 more
 * registers */
 #ifndef DES_RISC1
 #undef DES_RISC1
 #endif
 #ifndef DES_RISC2
 #undef DES_RISC2
 #endif
 #if defined(DES_RISC1) && defined(DES_RISC2)
 #error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif
 /* Unroll the inner loop, this sometimes helps, sometimes hinders.
 * Very mucy CPU dependant */
 #ifndef DES_UNROLL
 #undef DES_UNROLL
 #endif
 /* These default values were supplied by
 * Peter Gutman <pgut001@cs.auckland.ac.nz>
 * They are only used if nothing else has been defined */
 #if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
 /* Special defines which change the way the code is built depending on the
   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
   even newer MIPS CPU's, but at the moment one size fits all for
   optimization options.  Older Sparc's work better with only UNROLL, but
   there's no way to tell at compile time what it is you're running on */
 #if defined( __sun ) || defined ( sun )		/* Newer Sparc's */
 #  define DES_PTR
 #  define DES_RISC1
 #  define DES_UNROLL
 #elif defined( __ultrix )	/* Older MIPS */
 #  define DES_PTR
 #  define DES_RISC2
 #  define DES_UNROLL
 #elif defined( __osf1__ )	/* Alpha */
 #  define DES_PTR
 #  define DES_RISC2
 #elif defined ( _AIX )		/* RS6000 */
  /* Unknown */
 #elif defined( __hpux )		/* HP-PA */
  /* Unknown */
 #elif defined( __aux )		/* 68K */
  /* Unknown */
 #elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
 #  define DES_UNROLL
 #elif defined( __sgi )		/* Newer MIPS */
 #  define DES_PTR
 #  define DES_RISC2
 #  define DES_UNROLL
 #elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
 #  define DES_PTR
 #  define DES_RISC1
 #  define DES_UNROLL
 #endif /* Systems-specific speed defines */
 #endif
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
 #ifdef  __cplusplus
 }
 #endif
--- a/crypto/opensslconf.h.cmake
+++ b/crypto/opensslconf.h.cmake
--- a/ssl/CMakeLists.txt
+++ b/ssl/CMakeLists.txt
@ -39,18 +39,36 @@ set ( LIBSRC
  bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c
  )
-add_library ( ssl ${LIBSRC} )
+include_directories( BEFORE SYSTEM
-
+  ${PROJECT_SOURCE_DIR}/ # e_os.h
-target_link_libraries ( ssl crypto )
+)
 set_target_properties( ssl PROPERTIES
  VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}" )
 set( EXHEADERS ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h kssl.h srtp.h )
 foreach( file ${EXHEADERS} )
    file ( COPY ${file} DESTINATION ${PROJECT_BINARY_DIR}/include/openssl )
 endforeach( file )
 add_library ( ssl ${LIBSRC} )
 target_include_directories( ssl PUBLIC ${PROJECT_BINARY_DIR}/include )
 target_link_libraries ( ssl crypto )
 set_target_properties( ssl PROPERTIES
  VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}" )
 if( ANDROID )
  set_target_properties( ssl PROPERTIES OUTPUT_NAME "ssl" )
 endif()
 if( MSVC )
  if( CMAKE_SIZEOF_VOID_P EQUAL 8 )
    set_target_properties( ssl PROPERTIES OUTPUT_NAME "ssleay32" )
  elseif( CMAKE_SIZEOF_VOID_P EQUAL 4 )
    set_target_properties( ssl PROPERTIES OUTPUT_NAME "ssleay32" )
  endif()
 endif()
 install( TARGETS ssl
    RUNTIME DESTINATION bin
    LIBRARY DESTINATION lib