summaryrefslogtreecommitdiff
path: root/contrib/vcpkg-ports
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff.email>2021-11-29 20:46:00 +0100
committerJörg Frings-Fürst <debian@jff.email>2021-11-29 20:46:00 +0100
commitf2b3dda12a731c2e0971cb7889728edaf23f6cb0 (patch)
treefdf8833416567ca3842f347b2126cdbb13c746bd /contrib/vcpkg-ports
parent4ee98f284a93c3b855092d35ac21371d9dcad65b (diff)
New upstream version 2.5.4upstream/2.5.4
Diffstat (limited to 'contrib/vcpkg-ports')
-rw-r--r--contrib/vcpkg-ports/openssl/portfile.cmake25
-rw-r--r--contrib/vcpkg-ports/openssl/unix/CMakeLists.txt280
-rw-r--r--contrib/vcpkg-ports/openssl/unix/portfile.cmake49
-rw-r--r--contrib/vcpkg-ports/openssl/unix/remove-deps.cmake7
-rw-r--r--contrib/vcpkg-ports/openssl/unix/vcpkg-cmake-wrapper.cmake18
-rw-r--r--contrib/vcpkg-ports/openssl/usage4
-rw-r--r--contrib/vcpkg-ports/openssl/uwp/EnableUWPSupport.patch170
-rw-r--r--contrib/vcpkg-ports/openssl/uwp/make-openssl.bat16
-rw-r--r--contrib/vcpkg-ports/openssl/uwp/portfile.cmake156
-rw-r--r--contrib/vcpkg-ports/openssl/vcpkg.json7
-rw-r--r--contrib/vcpkg-ports/openssl/windows/portfile.cmake174
-rw-r--r--contrib/vcpkg-ports/openssl/windows/vcpkg-cmake-wrapper.cmake10
-rw-r--r--contrib/vcpkg-ports/pkcs11-helper/0001-nmake-openssl-1.1.1-support.patch88
-rw-r--r--contrib/vcpkg-ports/pkcs11-helper/CONTROL4
-rw-r--r--contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch686
-rw-r--r--contrib/vcpkg-ports/pkcs11-helper/portfile.cmake35
16 files changed, 1729 insertions, 0 deletions
diff --git a/contrib/vcpkg-ports/openssl/portfile.cmake b/contrib/vcpkg-ports/openssl/portfile.cmake
new file mode 100644
index 0000000..9b59a3c
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl/portfile.cmake
@@ -0,0 +1,25 @@
+if(EXISTS "${CURRENT_INSTALLED_DIR}/include/openssl/ssl.h")
+ message(FATAL_ERROR "Can't build openssl if libressl/boringssl is installed. Please remove libressl/boringssl, and try install openssl again if you need it.")
+endif()
+
+set(OPENSSL_VERSION 1.1.1k)
+vcpkg_download_distfile(ARCHIVE
+ URLS "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" "https://www.openssl.org/source/old/1.1.1/openssl-${OPENSSL_VERSION}.tar.gz"
+ FILENAME "openssl-${OPENSSL_VERSION}.tar.gz"
+ SHA512 73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121
+)
+
+vcpkg_find_acquire_program(PERL)
+get_filename_component(PERL_EXE_PATH ${PERL} DIRECTORY)
+vcpkg_add_to_path("${PERL_EXE_PATH}")
+
+if(VCPKG_TARGET_IS_UWP)
+ include("${CMAKE_CURRENT_LIST_DIR}/uwp/portfile.cmake")
+elseif(VCPKG_TARGET_IS_WINDOWS AND NOT VCPKG_TARGET_IS_MINGW)
+ include("${CMAKE_CURRENT_LIST_DIR}/windows/portfile.cmake")
+else()
+ include("${CMAKE_CURRENT_LIST_DIR}/unix/portfile.cmake")
+endif()
+
+
+file(INSTALL "${CMAKE_CURRENT_LIST_DIR}/usage" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}")
diff --git a/contrib/vcpkg-ports/openssl/unix/CMakeLists.txt b/contrib/vcpkg-ports/openssl/unix/CMakeLists.txt
new file mode 100644
index 0000000..fd84816
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl/unix/CMakeLists.txt
@@ -0,0 +1,280 @@
+cmake_minimum_required(VERSION 3.9)
+project(openssl C)
+
+if(NOT SOURCE_PATH)
+ message(FATAL_ERROR "Requires SOURCE_PATH")
+endif()
+
+if(CMAKE_SYSTEM_NAME STREQUAL "Android" OR CMAKE_SYSTEM_NAME STREQUAL "Linux")
+ if(CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64")
+ set(PLATFORM linux-x86_64)
+ else()
+ set(PLATFORM linux-generic32)
+ endif()
+elseif(CMAKE_SYSTEM_NAME STREQUAL "iOS")
+ if(VCPKG_TARGET_ARCHITECTURE MATCHES "arm64")
+ set(PLATFORM ios64-xcrun)
+ elseif(VCPKG_TARGET_ARCHITECTURE MATCHES "arm")
+ set(PLATFORM ios-xcrun)
+ elseif(VCPKG_TARGET_ARCHITECTURE MATCHES "x86" OR
+ VCPKG_TARGET_ARCHITECTURE MATCHES "x64")
+ set(PLATFORM iossimulator-xcrun)
+ else()
+ message(FATAL_ERROR "Unknown iOS target architecture: ${VCPKG_TARGET_ARCHITECTURE}")
+ endif()
+ # disable that makes linkage error (e.g. require stderr usage)
+ list(APPEND DISABLES no-stdio no-ui no-asm)
+elseif(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
+ if(VCPKG_TARGET_ARCHITECTURE MATCHES "arm64")
+ set(PLATFORM darwin64-arm64-cc)
+ else()
+ set(PLATFORM darwin64-x86_64-cc)
+ endif()
+elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
+ set(PLATFORM BSD-generic64)
+elseif(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
+ set(PLATFORM BSD-generic64)
+elseif(MINGW)
+ if(CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64")
+ set(PLATFORM mingw64)
+ else()
+ set(PLATFORM mingw)
+ endif()
+elseif(EMSCRIPTEN)
+ set(MAKE $ENV{EMSDK}/upstream/emscripten/emmake)
+ set(ENV{MAKE} $ENV{EMSDK}/upstream/emscripten/emmake)
+else()
+ message(FATAL_ERROR "Unknown platform")
+endif()
+
+get_filename_component(COMPILER_ROOT "${CMAKE_C_COMPILER}" DIRECTORY)
+
+message("CMAKE_C_COMPILER=${CMAKE_C_COMPILER}")
+message("COMPILER_ROOT=${COMPILER_ROOT}")
+message("CMAKE_SYSROOT=${CMAKE_SYSROOT}")
+message("CMAKE_OSX_SYSROOT=${CMAKE_OSX_SYSROOT}")
+message("CMAKE_OSX_DEPLOYMENT_TARGET=${CMAKE_OSX_DEPLOYMENT_TARGET}")
+message("CMAKE_C_FLAGS=${CMAKE_C_FLAGS}")
+message("CMAKE_C_FLAGS_RELEASE=${CMAKE_C_FLAGS_RELEASE}")
+message("CMAKE_C_FLAGS_DEBUG=${CMAKE_C_FLAGS_DEBUG}")
+message("CMAKE_INCLUDE_SYSTEM_FLAG_C=${CMAKE_INCLUDE_SYSTEM_FLAG_C}")
+message("CMAKE_C_OSX_DEPLOYMENT_TARGET_FLAG=${CMAKE_C_OSX_DEPLOYMENT_TARGET_FLAG}")
+
+set(CFLAGS "${CMAKE_C_FLAGS}")
+if(CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
+ set(CFLAGS "-Wno-error=unused-command-line-argument ${CMAKE_C_FLAGS}")
+endif()
+if(CMAKE_C_COMPILER_TARGET AND CMAKE_C_COMPILE_OPTIONS_TARGET)
+ set(CFLAGS "${CFLAGS} ${CMAKE_C_COMPILE_OPTIONS_TARGET}${CMAKE_C_COMPILER_TARGET}")
+endif()
+if(CMAKE_C_COMPILER_EXTERNAL_TOOLCHAIN AND CMAKE_C_COMPILE_OPTIONS_EXTERNAL_TOOLCHAIN)
+ set(CFLAGS "${CFLAGS} ${CMAKE_C_COMPILE_OPTIONS_EXTERNAL_TOOLCHAIN}${CMAKE_C_COMPILER_EXTERNAL_TOOLCHAIN}")
+endif()
+if(CMAKE_SYSROOT AND CMAKE_C_COMPILE_OPTIONS_SYSROOT)
+ set(CFLAGS "${CFLAGS} ${CMAKE_C_COMPILE_OPTIONS_SYSROOT}${CMAKE_SYSROOT}")
+elseif(CMAKE_OSX_SYSROOT AND CMAKE_C_COMPILE_OPTIONS_SYSROOT)
+ set(CFLAGS "${CFLAGS} ${CMAKE_C_COMPILE_OPTIONS_SYSROOT}${CMAKE_OSX_SYSROOT}")
+endif()
+if (CMAKE_OSX_DEPLOYMENT_TARGET AND CMAKE_C_OSX_DEPLOYMENT_TARGET_FLAG)
+ set(CFLAGS "${CFLAGS} ${CMAKE_C_OSX_DEPLOYMENT_TARGET_FLAG}${CMAKE_OSX_DEPLOYMENT_TARGET}")
+endif()
+
+string(REGEX REPLACE "^ " "" CFLAGS "${CFLAGS}")
+
+if(CMAKE_HOST_WIN32)
+ file(TO_NATIVE_PATH ENV_PATH "${COMPILER_ROOT};$ENV{PATH}")
+else()
+ file(TO_NATIVE_PATH ENV_PATH "${COMPILER_ROOT}:$ENV{PATH}")
+endif()
+set(ENV{ANDROID_DEV} "${CMAKE_SYSROOT}/usr")
+
+if(NOT IOS)
+ set(ENV{CC} "${CMAKE_C_COMPILER}")
+endif()
+
+message("ENV{ANDROID_DEV}=$ENV{ANDROID_DEV}")
+
+get_filename_component(SOURCE_PATH_NAME "${SOURCE_PATH}" NAME)
+set(BUILDDIR "${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_PATH_NAME}")
+
+if(NOT EXISTS "${BUILDDIR}")
+ file(COPY ${SOURCE_PATH} DESTINATION ${CMAKE_CURRENT_BINARY_DIR})
+endif()
+
+get_filename_component(MSYS_BIN_DIR "${MAKE}" DIRECTORY)
+
+if(BUILD_SHARED_LIBS)
+ set(SHARED shared)
+ file(STRINGS "${BUILDDIR}/include/openssl/opensslv.h" SHLIB_VERSION
+ REGEX "^#[\t ]*define[\t ]+SHLIB_VERSION_NUMBER[\t ]+\".*\".*")
+ string(REGEX REPLACE "^.*SHLIB_VERSION_NUMBER[\t ]+\"([^\"]*)\".*$" "\\1"
+ SHLIB_VERSION "${SHLIB_VERSION}")
+ if(CMAKE_SYSTEM_NAME STREQUAL "Darwin" OR CMAKE_SYSTEM_NAME STREQUAL "iOS")
+ set(LIB_EXT dylib)
+ set(LIB_EXTS ${SHLIB_VERSION}.${LIB_EXT})
+ elseif(MINGW)
+ string(REPLACE "." "_" SHLIB_VERSION "${SHLIB_VERSION}")
+ set(BIN_EXT dll)
+ set(LIB_EXT dll.a)
+ else()
+ set(LIB_EXT so)
+ set(LIB_EXTS ${LIB_EXT}.${SHLIB_VERSION})
+ endif()
+ list(APPEND BIN_EXTS ${BIN_EXT})
+ list(APPEND LIB_EXTS ${LIB_EXT})
+else()
+ set(SHARED no-shared)
+ set(LIB_EXTS a)
+endif()
+foreach(lib ssl crypto)
+ foreach(ext ${LIB_EXTS})
+ list(APPEND INSTALL_LIBS "${BUILDDIR}/lib${lib}.${ext}")
+ list(APPEND INSTALL_PKG_CONFIGS "${BUILDDIR}/lib${lib}.pc")
+ endforeach()
+ foreach(ext ${BIN_EXTS})
+ # This might be wrong for targets which don't follow this naming scheme, but I'm not aware of any
+ if(CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64")
+ list(APPEND INSTALL_BINS "${BUILDDIR}/lib${lib}-${SHLIB_VERSION}-x64.${ext}")
+ else()
+ list(APPEND INSTALL_BINS "${BUILDDIR}/lib${lib}-${SHLIB_VERSION}.${ext}")
+ endif()
+ endforeach()
+endforeach()
+
+if(CMAKE_HOST_WIN32)
+ set(ENV_COMMAND set)
+ set(PATH_VAR ";%PATH%")
+else()
+ set(ENV_COMMAND export)
+ set(PATH_VAR ":$ENV{PATH}")
+endif()
+
+add_custom_command(
+ OUTPUT "${BUILDDIR}/Makefile"
+ COMMAND ${ENV_COMMAND} "PATH=${MSYS_BIN_DIR}${PATH_VAR}"
+ VERBATIM
+ WORKING_DIRECTORY "${BUILDDIR}"
+)
+
+if(NOT IOS)
+ add_custom_command(
+ OUTPUT "${BUILDDIR}/Makefile"
+ COMMAND ${ENV_COMMAND} CC=${CMAKE_C_COMPILER}
+ COMMAND ${ENV_COMMAND} AR=${CMAKE_AR}
+ COMMAND ${ENV_COMMAND} LD=${CMAKE_LINKER}
+ COMMAND ${ENV_COMMAND} RANLIB=${CMAKE_RANLIB}
+ COMMAND ${ENV_COMMAND} MAKE=${MAKE}
+ COMMAND ${ENV_COMMAND} MAKEDEPPROG=${CMAKE_C_COMPILER}
+ VERBATIM
+ APPEND
+ )
+
+ if(EMSCRIPTEN)
+ list(APPEND DISABLES
+ threads
+ no-engine
+ no-dso
+ no-asm
+ no-shared
+ no-sse2
+ no-srtp
+ )
+ else()
+ list(APPEND DISABLES
+ enable-static-engine
+ no-zlib
+ no-ssl2
+ no-idea
+ no-cast
+ no-seed
+ no-md2
+ no-tests)
+ endif()
+endif()
+
+if(EMSCRIPTEN)
+ add_custom_command(
+ OUTPUT "${BUILDDIR}/Makefile"
+ COMMAND "$ENV{EMSDK}/upstream/emscripten/emconfigure" ./config
+ ${SHARED}
+ ${DISABLES}
+ "--prefix=${CMAKE_INSTALL_PREFIX}"
+ "--openssldir=/etc/ssl"
+ "--cross-compile-prefix=\"/\""
+ VERBATIM
+ APPEND
+ )
+
+ add_custom_target(build_libs ALL
+ COMMAND ${ENV_COMMAND} "PATH=${MSYS_BIN_DIR}${PATH_VAR}"
+ COMMAND "${CMAKE_COMMAND}" -E touch "${BUILDDIR}/krb5.h"
+ COMMAND "${MAKE}" make build_libs
+ VERBATIM
+ WORKING_DIRECTORY "${BUILDDIR}"
+ DEPENDS "${BUILDDIR}/Makefile"
+ BYPRODUCTS ${INSTALL_LIBS}
+ )
+else()
+ add_custom_command(
+ OUTPUT "${BUILDDIR}/Makefile"
+ COMMAND "${PERL}" Configure
+ ${SHARED}
+ ${DISABLES}
+ ${PLATFORM}
+ "--prefix=${CMAKE_INSTALL_PREFIX}"
+ "--openssldir=/etc/ssl"
+ ${CFLAGS}
+ VERBATIM
+ APPEND
+ )
+
+ add_custom_target(build_libs ALL
+ COMMAND ${ENV_COMMAND} "PATH=${MSYS_BIN_DIR}${PATH_VAR}"
+ COMMAND "${CMAKE_COMMAND}" -E touch "${BUILDDIR}/krb5.h"
+ COMMAND "${MAKE}" -j ${VCPKG_CONCURRENCY} build_libs
+ VERBATIM
+ WORKING_DIRECTORY "${BUILDDIR}"
+ DEPENDS "${BUILDDIR}/Makefile"
+ BYPRODUCTS ${INSTALL_LIBS}
+ )
+endif()
+
+add_custom_command(
+ OUTPUT "${BUILDDIR}/Makefile"
+ COMMAND "${CMAKE_COMMAND}" "-DDIR=${BUILDDIR}" -P "${CMAKE_CURRENT_LIST_DIR}/remove-deps.cmake"
+ VERBATIM
+ APPEND
+)
+
+if((CMAKE_SYSTEM_NAME STREQUAL "Darwin" OR CMAKE_SYSTEM_NAME STREQUAL "iOS") AND BUILD_SHARED_LIBS)
+ if(DEFINED CMAKE_INSTALL_NAME_DIR)
+ set(ID_PREFIX "${CMAKE_INSTALL_NAME_DIR}")
+ else()
+ set(ID_PREFIX "@rpath")
+ endif()
+
+ add_custom_command(
+ TARGET build_libs
+ COMMAND /usr/bin/install_name_tool -id "${ID_PREFIX}/libssl.${SHLIB_VERSION}.dylib"
+ "${BUILDDIR}/libssl.${SHLIB_VERSION}.dylib"
+ COMMAND /usr/bin/install_name_tool -id "${ID_PREFIX}/libcrypto.${SHLIB_VERSION}.dylib"
+ "${BUILDDIR}/libcrypto.1.1.dylib"
+ COMMAND /usr/bin/install_name_tool -change "${CMAKE_INSTALL_PREFIX}/lib/libcrypto.${SHLIB_VERSION}.dylib"
+ "${ID_PREFIX}/libcrypto.${SHLIB_VERSION}.dylib"
+ "${BUILDDIR}/libssl.${SHLIB_VERSION}.dylib"
+ VERBATIM
+ )
+endif()
+
+install(
+ FILES ${INSTALL_LIBS}
+ DESTINATION lib
+)
+install(
+ FILES ${INSTALL_BINS}
+ DESTINATION bin
+)
+install(
+ FILES ${INSTALL_PKG_CONFIGS}
+ DESTINATION lib/pkgconfig
+)
diff --git a/contrib/vcpkg-ports/openssl/unix/portfile.cmake b/contrib/vcpkg-ports/openssl/unix/portfile.cmake
new file mode 100644
index 0000000..9122349
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl/unix/portfile.cmake
@@ -0,0 +1,49 @@
+if (NOT VCPKG_TARGET_IS_MINGW)
+ vcpkg_fail_port_install(MESSAGE "${PORT} is only for openssl on Unix-like systems" ON_TARGET "UWP" "Windows")
+endif()
+
+vcpkg_extract_source_archive_ex(
+ OUT_SOURCE_PATH MASTER_COPY_SOURCE_PATH
+ ARCHIVE "${ARCHIVE}"
+ REF ${OPENSSL_VERSION}
+)
+
+if(CMAKE_HOST_WIN32)
+ vcpkg_acquire_msys(MSYS_ROOT PACKAGES make perl)
+ set(MAKE ${MSYS_ROOT}/usr/bin/make.exe)
+ set(PERL ${MSYS_ROOT}/usr/bin/perl.exe)
+else()
+ find_program(MAKE make)
+ if(NOT MAKE)
+ message(FATAL_ERROR "Could not find make. Please install it through your package manager.")
+ endif()
+endif()
+
+vcpkg_configure_cmake(
+ SOURCE_PATH ${CMAKE_CURRENT_LIST_DIR}
+ PREFER_NINJA
+ OPTIONS
+ -DSOURCE_PATH=${MASTER_COPY_SOURCE_PATH}
+ -DPERL=${PERL}
+ -DMAKE=${MAKE}
+ -DVCPKG_CONCURRENCY=${VCPKG_CONCURRENCY}
+ OPTIONS_RELEASE
+ -DINSTALL_HEADERS=ON
+)
+
+vcpkg_install_cmake()
+vcpkg_fixup_pkgconfig()
+
+file(GLOB HEADERS ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/*/include/openssl/*.h)
+set(RESOLVED_HEADERS)
+foreach(HEADER ${HEADERS})
+ get_filename_component(X "${HEADER}" REALPATH)
+ list(APPEND RESOLVED_HEADERS "${X}")
+endforeach()
+
+file(INSTALL ${RESOLVED_HEADERS} DESTINATION ${CURRENT_PACKAGES_DIR}/include/openssl)
+file(INSTALL ${MASTER_COPY_SOURCE_PATH}/LICENSE DESTINATION ${CURRENT_PACKAGES_DIR}/share/${PORT} RENAME copyright)
+
+if(VCPKG_LIBRARY_LINKAGE STREQUAL "static")
+ file(COPY ${CMAKE_CURRENT_LIST_DIR}/vcpkg-cmake-wrapper.cmake DESTINATION ${CURRENT_PACKAGES_DIR}/share/openssl)
+endif()
diff --git a/contrib/vcpkg-ports/openssl/unix/remove-deps.cmake b/contrib/vcpkg-ports/openssl/unix/remove-deps.cmake
new file mode 100644
index 0000000..53ad6ef
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl/unix/remove-deps.cmake
@@ -0,0 +1,7 @@
+file(GLOB_RECURSE MAKEFILES ${DIR}/*/Makefile)
+foreach(MAKEFILE ${MAKEFILES})
+ message("removing deps from ${MAKEFILE}")
+ file(READ "${MAKEFILE}" _contents)
+ string(REGEX REPLACE "\n# DO NOT DELETE THIS LINE.*" "" _contents "${_contents}")
+ file(WRITE "${MAKEFILE}" "${_contents}")
+endforeach()
diff --git a/contrib/vcpkg-ports/openssl/unix/vcpkg-cmake-wrapper.cmake b/contrib/vcpkg-ports/openssl/unix/vcpkg-cmake-wrapper.cmake
new file mode 100644
index 0000000..f36b687
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl/unix/vcpkg-cmake-wrapper.cmake
@@ -0,0 +1,18 @@
+_find_package(${ARGS})
+if(OPENSSL_FOUND)
+ find_library(OPENSSL_DL_LIBRARY NAMES dl)
+ if(OPENSSL_DL_LIBRARY)
+ list(APPEND OPENSSL_LIBRARIES "dl")
+ if(TARGET OpenSSL::Crypto)
+ set_property(TARGET OpenSSL::Crypto APPEND PROPERTY INTERFACE_LINK_LIBRARIES "dl")
+ endif()
+ endif()
+ find_package(Threads REQUIRED)
+ list(APPEND OPENSSL_LIBRARIES ${CMAKE_THREAD_LIBS_INIT})
+ if(TARGET OpenSSL::Crypto)
+ set_property(TARGET OpenSSL::Crypto APPEND PROPERTY INTERFACE_LINK_LIBRARIES "Threads::Threads")
+ endif()
+ if(TARGET OpenSSL::SSL)
+ set_property(TARGET OpenSSL::SSL APPEND PROPERTY INTERFACE_LINK_LIBRARIES "Threads::Threads")
+ endif()
+endif()
diff --git a/contrib/vcpkg-ports/openssl/usage b/contrib/vcpkg-ports/openssl/usage
new file mode 100644
index 0000000..cf83f33
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl/usage
@@ -0,0 +1,4 @@
+The package openssl is compatible with built-in CMake targets:
+
+ find_package(OpenSSL REQUIRED)
+ target_link_libraries(main PRIVATE OpenSSL::SSL OpenSSL::Crypto)
diff --git a/contrib/vcpkg-ports/openssl/uwp/EnableUWPSupport.patch b/contrib/vcpkg-ports/openssl/uwp/EnableUWPSupport.patch
new file mode 100644
index 0000000..fe78374
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl/uwp/EnableUWPSupport.patch
@@ -0,0 +1,170 @@
+diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
+index 3c4299d264..99fcb1f713 100644
+--- a/Configurations/10-main.conf
++++ b/Configurations/10-main.conf
+@@ -1287,7 +1287,7 @@ my %targets = (
+ },
+ "VC-WIN64I" => {
+ inherit_from => [ "VC-WIN64-common", asm("ia64_asm"),
+- sub { $disabled{shared} ? () : "ia64_uplink" } ],
++ sub { $disabled{uplink} ? () : "ia64_uplink" } ],
+ AS => "ias",
+ ASFLAGS => "-d debug",
+ asoutflag => "-o ",
+@@ -1299,7 +1299,7 @@ my %targets = (
+ },
+ "VC-WIN64A" => {
+ inherit_from => [ "VC-WIN64-common", asm("x86_64_asm"),
+- sub { $disabled{shared} ? () : "x86_64_uplink" } ],
++ sub { $disabled{uplink} ? () : "x86_64_uplink" } ],
+ AS => sub { vc_win64a_info()->{AS} },
+ ASFLAGS => sub { vc_win64a_info()->{ASFLAGS} },
+ asoutflag => sub { vc_win64a_info()->{asoutflag} },
+@@ -1312,7 +1312,7 @@ my %targets = (
+ },
+ "VC-WIN32" => {
+ inherit_from => [ "VC-noCE-common", asm("x86_asm"),
+- sub { $disabled{shared} ? () : "uplink_common" } ],
++ sub { $disabled{uplink} ? () : "uplink_common" } ],
+ AS => sub { vc_win32_info()->{AS} },
+ ASFLAGS => sub { vc_win32_info()->{ASFLAGS} },
+ asoutflag => sub { vc_win32_info()->{asoutflag} },
+@@ -1374,7 +1374,7 @@ my %targets = (
+ #### MinGW
+ "mingw" => {
+ inherit_from => [ "BASE_unix", asm("x86_asm"),
+- sub { $disabled{shared} ? () : "x86_uplink" } ],
++ sub { $disabled{uplink} ? () : "x86_uplink" } ],
+ CC => "gcc",
+ CFLAGS => picker(default => "-Wall",
+ debug => "-g -O0",
+diff --git a/Configurations/50-win-onecore.conf b/Configurations/50-win-onecore.conf
+index d478f42b0f..e0fb70daca 100644
+--- a/Configurations/50-win-onecore.conf
++++ b/Configurations/50-win-onecore.conf
+@@ -1,3 +1,4 @@
++## -*- mode: perl; -*-
+ # Windows OneCore targets.
+ #
+ # OneCore is new API stability "contract" that transcends Desktop, IoT and
+@@ -10,6 +11,25 @@
+ # TODO: extend error handling to use ETW based eventing
+ # (Or rework whole error messaging)
+
++my $UWP_info = {};
++sub UWP_info {
++ unless (%$UWP_info) {
++ my $SDKver = `pwsh.exe -Command \"& {\$(Get-Item \\\"hklm:\\SOFTWARE\\WOW6432Node\\Microsoft\\Microsoft SDKs\\Windows\\\").GetValue(\\\"CurrentVersion\\\")}\"`;
++ $SDKver =~ s|\R$||;
++ my @SDKver_split = split(/\./, $SDKver);
++ # SDK version older than 10.0.17763 don't support our ASM builds
++ if ($SDKver_split[0] < 10
++ || ($SDKver_split[0] == 10
++ && $SDKver_split[1] == 0
++ && $SDKver_split[2] < 17763)) {
++ $UWP_info->{disable} = [ 'asm' ];
++ } else {
++ $UWP_info->{disable} = [ ];
++ }
++ }
++ return $UWP_info;
++}
++
+ my %targets = (
+ "VC-WIN32-ONECORE" => {
+ inherit_from => [ "VC-WIN32" ],
+@@ -61,4 +81,57 @@ my %targets = (
+ ex_libs => "onecore.lib",
+ multilib => "-arm64",
+ },
++
++ # Universal Windows Platform (UWP) App Support
++
++ # TODO
++ #
++ # The 'disable' attribute should have 'uplink'.
++ # however, these are checked in some 'inherit_from', which is processed
++ # very early, before the 'disable' attributes are seen.
++ # This is a problem that needs to be resolved in Configure first.
++ #
++ # But if you want to build library with Windows 10 Version 1809 SDK or
++ # earlier, the 'disable' attribute should also have 'asm'.
++
++ "VC-WIN32-UWP" => {
++ inherit_from => [ "VC-WIN32-ONECORE" ],
++ lflags => add("/APPCONTAINER"),
++ defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
++ "_WIN32_WINNT=0x0A00"),
++ dso_scheme => "",
++ disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
++ @{ UWP_info()->{disable} } ] },
++ ex_libs => "WindowsApp.lib",
++ },
++ "VC-WIN64A-UWP" => {
++ inherit_from => [ "VC-WIN64A-ONECORE" ],
++ lflags => add("/APPCONTAINER"),
++ defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
++ "_WIN32_WINNT=0x0A00"),
++ dso_scheme => "",
++ disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
++ @{ UWP_info()->{disable} } ] },
++ ex_libs => "WindowsApp.lib",
++ },
++ "VC-WIN32-ARM-UWP" => {
++ inherit_from => [ "VC-WIN32-ARM" ],
++ lflags => add("/APPCONTAINER"),
++ defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
++ "_WIN32_WINNT=0x0A00"),
++ dso_scheme => "",
++ disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
++ @{ UWP_info()->{disable} } ] },
++ ex_libs => "WindowsApp.lib",
++ },
++ "VC-WIN64-ARM-UWP" => {
++ inherit_from => [ "VC-WIN64-ARM" ],
++ lflags => add("/APPCONTAINER"),
++ defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
++ "_WIN32_WINNT=0x0A00"),
++ dso_scheme => "",
++ disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
++ @{ UWP_info()->{disable} } ] },
++ ex_libs => "WindowsApp.lib",
++ },
+ );
+diff --git a/Configure b/Configure
+index 5a699836f3..de45f1e299 100755
+--- a/Configure
++++ b/Configure
+@@ -407,6 +408,7 @@ my @disablables = (
+ "ubsan",
+ "ui-console",
+ "unit-test",
++ "uplink",
+ "whirlpool",
+ "weak-ssl-ciphers",
+ "zlib",
+@@ -491,8 +493,8 @@ my @disable_cascades = (
+
+ # Without position independent code, there can be no shared libraries or DSOs
+ "pic" => [ "shared" ],
+- "shared" => [ "dynamic-engine" ],
++ "shared" => [ "dynamic-engine", "uplink" ],
+ "dso" => [ "dynamic-engine" ],
+ "engine" => [ "afalgeng", "devcryptoeng" ],
+
+ # no-autoalginit is only useful when building non-shared
+diff --git a/INSTALL b/INSTALL
+index 2119cbae9e..ee54e8c215 100644
+--- a/INSTALL
++++ b/INSTALL
+@@ -560,6 +560,10 @@
+ likely to complement configuration command line with
+ suitable compiler-specific option.
+
++ no-uplink
++ Don't build support for UPLINK interface.
++
++
+ no-<prot>
+ Don't build support for negotiating the specified SSL/TLS
+ protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2,
diff --git a/contrib/vcpkg-ports/openssl/uwp/make-openssl.bat b/contrib/vcpkg-ports/openssl/uwp/make-openssl.bat
new file mode 100644
index 0000000..6f6166a
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl/uwp/make-openssl.bat
@@ -0,0 +1,16 @@
+set build=%1
+
+perl Configure no-asm no-hw no-dso VC-WINUNIVERSAL -FS -FIWindows.h
+
+for /D %%f in ("%WindowsSdkDir%References\%WindowsSDKLibVersion%Windows.Foundation.FoundationContract\*") do set LibPath=%LibPath%;%%f\
+for /D %%f in ("%WindowsSdkDir%References\%WindowsSDKLibVersion%Windows.Foundation.UniversalApiContract\*") do set LibPath=%LibPath%;%%f\
+for /D %%f in ("%WindowsSdkDir%References\Windows.Foundation.FoundationContract\*") do set LibPath=%LibPath%;%%f\
+for /D %%f in ("%WindowsSdkDir%References\Windows.Foundation.UniversalApiContract\*") do set LibPath=%LibPath%;%%f\
+
+call ms\do_winuniversal.bat
+
+mkdir inc32\openssl
+
+jom -j %NUMBER_OF_PROCESSORS% -k -f ms\ntdll.mak
+REM due to a race condition in the build, we need to have a second single-threaded pass.
+nmake -f ms\ntdll.mak
diff --git a/contrib/vcpkg-ports/openssl/uwp/portfile.cmake b/contrib/vcpkg-ports/openssl/uwp/portfile.cmake
new file mode 100644
index 0000000..08a523c
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl/uwp/portfile.cmake
@@ -0,0 +1,156 @@
+vcpkg_fail_port_install(MESSAGE "${PORT} is only for Windows Universal Platform" ON_TARGET "Linux" "OSX")
+
+vcpkg_check_linkage(ONLY_DYNAMIC_LIBRARY)
+
+vcpkg_find_acquire_program(JOM)
+get_filename_component(JOM_EXE_PATH ${JOM} DIRECTORY)
+vcpkg_add_to_path("${PERL_EXE_PATH}")
+
+vcpkg_extract_source_archive_ex(
+ OUT_SOURCE_PATH SOURCE_PATH
+ ARCHIVE ${ARCHIVE}
+ PATCHES
+ uwp/EnableUWPSupport.patch
+)
+
+vcpkg_find_acquire_program(NASM)
+get_filename_component(NASM_EXE_PATH ${NASM} DIRECTORY)
+vcpkg_add_to_path(PREPEND "${NASM_EXE_PATH}")
+
+set(CONFIGURE_COMMAND ${PERL} Configure
+ enable-static-engine
+ enable-capieng
+ no-unit-test
+ no-ssl2
+ no-asm
+ no-uplink
+ no-tests
+ -utf-8
+ shared
+)
+
+if(VCPKG_TARGET_ARCHITECTURE STREQUAL "x86")
+ set(OPENSSL_ARCH VC-WIN32-UWP)
+elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
+ set(OPENSSL_ARCH VC-WIN64A-UWP)
+elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm")
+ set(OPENSSL_ARCH VC-WIN32-ARM-UWP)
+elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm64")
+ set(OPENSSL_ARCH VC-WIN64-ARM-UWP)
+else()
+ message(FATAL_ERROR "Unsupported target architecture: ${VCPKG_TARGET_ARCHITECTURE}")
+endif()
+
+set(OPENSSL_MAKEFILE "makefile")
+
+file(REMOVE_RECURSE ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg)
+
+
+if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "release")
+
+ # Copy openssl sources.
+ message(STATUS "Copying openssl release source files...")
+ file(GLOB OPENSSL_SOURCE_FILES "${SOURCE_PATH}/*")
+ foreach(SOURCE_FILE ${OPENSSL_SOURCE_FILES})
+ file(COPY ${SOURCE_FILE} DESTINATION "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel")
+ endforeach()
+ message(STATUS "Copying openssl release source files... done")
+ set(SOURCE_PATH_RELEASE "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel")
+
+ set(OPENSSLDIR_RELEASE "${CURRENT_PACKAGES_DIR}")
+
+ message(STATUS "Configure ${TARGET_TRIPLET}-rel")
+ vcpkg_execute_required_process(
+ COMMAND ${CONFIGURE_COMMAND} ${OPENSSL_ARCH} "--prefix=${OPENSSLDIR_RELEASE}" "--openssldir=${OPENSSLDIR_RELEASE}" -FS
+ WORKING_DIRECTORY "${SOURCE_PATH_RELEASE}"
+ LOGNAME configure-perl-${TARGET_TRIPLET}-${VCPKG_BUILD_TYPE}-rel
+ )
+ message(STATUS "Configure ${TARGET_TRIPLET}-rel done")
+
+ message(STATUS "Build ${TARGET_TRIPLET}-rel")
+ # Openssl's buildsystem has a race condition which will cause JOM to fail at some point.
+ # This is ok; we just do as much work as we can in parallel first, then follow up with a single-threaded build.
+ make_directory(${SOURCE_PATH_RELEASE}/inc32/openssl)
+ execute_process(
+ COMMAND "${JOM}" -k -j ${VCPKG_CONCURRENCY} -f "${OPENSSL_MAKEFILE}" build_libs
+ WORKING_DIRECTORY "${SOURCE_PATH_RELEASE}"
+ OUTPUT_FILE "${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-rel-0-out.log"
+ ERROR_FILE "${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-rel-0-err.log"
+ )
+ vcpkg_execute_required_process(
+ COMMAND nmake -f "${OPENSSL_MAKEFILE}" install_dev
+ WORKING_DIRECTORY "${SOURCE_PATH_RELEASE}"
+ LOGNAME build-${TARGET_TRIPLET}-rel-1)
+
+ message(STATUS "Build ${TARGET_TRIPLET}-rel done")
+endif()
+
+
+if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "debug")
+ # Copy openssl sources.
+ message(STATUS "Copying openssl debug source files...")
+ file(GLOB OPENSSL_SOURCE_FILES ${SOURCE_PATH}/*)
+ foreach(SOURCE_FILE ${OPENSSL_SOURCE_FILES})
+ file(COPY "${SOURCE_FILE}" DESTINATION "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg")
+ endforeach()
+ message(STATUS "Copying openssl debug source files... done")
+ set(SOURCE_PATH_DEBUG "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg")
+
+ set(OPENSSLDIR_DEBUG "${CURRENT_PACKAGES_DIR}/debug")
+
+ message(STATUS "Configure ${TARGET_TRIPLET}-dbg")
+ vcpkg_execute_required_process(
+ COMMAND ${CONFIGURE_COMMAND} debug-${OPENSSL_ARCH} "--prefix=${OPENSSLDIR_DEBUG}" "--openssldir=${OPENSSLDIR_DEBUG}" -FS
+ WORKING_DIRECTORY "${SOURCE_PATH_DEBUG}"
+ LOGNAME configure-perl-${TARGET_TRIPLET}-${VCPKG_BUILD_TYPE}-dbg
+ )
+ message(STATUS "Configure ${TARGET_TRIPLET}-dbg done")
+
+ message(STATUS "Build ${TARGET_TRIPLET}-dbg")
+ make_directory("${SOURCE_PATH_DEBUG}/inc32/openssl")
+ execute_process(
+ COMMAND "${JOM}" -k -j ${VCPKG_CONCURRENCY} -f "${OPENSSL_MAKEFILE}" build_libs
+ WORKING_DIRECTORY "${SOURCE_PATH_DEBUG}"
+ OUTPUT_FILE "${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-dbg-0-out.log"
+ ERROR_FILE "${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-dbg-0-err.log"
+ )
+ vcpkg_execute_required_process(
+ COMMAND nmake -f "${OPENSSL_MAKEFILE}" install_dev
+ WORKING_DIRECTORY "${SOURCE_PATH_DEBUG}"
+ LOGNAME build-${TARGET_TRIPLET}-dbg-1)
+
+ message(STATUS "Build ${TARGET_TRIPLET}-dbg done")
+endif()
+
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/certs")
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/private")
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/lib/engines-1_1")
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/certs")
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/lib/engines-1_1")
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/private")
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/include")
+
+file(REMOVE
+ "${CURRENT_PACKAGES_DIR}/bin/openssl.exe"
+ "${CURRENT_PACKAGES_DIR}/debug/bin/openssl.exe"
+ "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf"
+ "${CURRENT_PACKAGES_DIR}/openssl.cnf"
+ "${CURRENT_PACKAGES_DIR}/ct_log_list.cnf"
+ "${CURRENT_PACKAGES_DIR}/ct_log_list.cnf.dist"
+ "${CURRENT_PACKAGES_DIR}/openssl.cnf.dist"
+ "${CURRENT_PACKAGES_DIR}/debug/ct_log_list.cnf"
+ "${CURRENT_PACKAGES_DIR}/debug/ct_log_list.cnf.dist"
+ "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf.dist"
+)
+
+file(READ "${CURRENT_PACKAGES_DIR}/include/openssl/dtls1.h" _contents)
+string(REPLACE "<winsock.h>" "<winsock2.h>" _contents "${_contents}")
+file(WRITE "${CURRENT_PACKAGES_DIR}/include/openssl/dtls1.h" "${_contents}")
+
+file(READ "${CURRENT_PACKAGES_DIR}/include/openssl/rand.h" _contents)
+string(REPLACE "# include <windows.h>" "#ifndef _WINSOCKAPI_\n#define _WINSOCKAPI_\n#endif\n# include <windows.h>" _contents "${_contents}")
+file(WRITE "${CURRENT_PACKAGES_DIR}/include/openssl/rand.h" "${_contents}")
+
+vcpkg_copy_pdbs()
+
+file(INSTALL "${SOURCE_PATH}/LICENSE" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}" RENAME copyright)
diff --git a/contrib/vcpkg-ports/openssl/vcpkg.json b/contrib/vcpkg-ports/openssl/vcpkg.json
new file mode 100644
index 0000000..2d0eb13
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl/vcpkg.json
@@ -0,0 +1,7 @@
+{
+ "name": "openssl",
+ "version-string": "1.1.1k",
+ "port-version": 4,
+ "description": "OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.",
+ "homepage": "https://www.openssl.org"
+}
diff --git a/contrib/vcpkg-ports/openssl/windows/portfile.cmake b/contrib/vcpkg-ports/openssl/windows/portfile.cmake
new file mode 100644
index 0000000..c873eb7
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl/windows/portfile.cmake
@@ -0,0 +1,174 @@
+vcpkg_fail_port_install(MESSAGE "${PORT} is only for Windows Desktop" ON_TARGET "UWP" "Linux" "OSX")
+
+vcpkg_extract_source_archive_ex(
+ OUT_SOURCE_PATH SOURCE_PATH
+ ARCHIVE ${ARCHIVE}
+)
+
+vcpkg_find_acquire_program(NASM)
+get_filename_component(NASM_EXE_PATH "${NASM}" DIRECTORY)
+vcpkg_add_to_path(PREPEND "${NASM_EXE_PATH}")
+
+vcpkg_find_acquire_program(JOM)
+
+set(OPENSSL_SHARED no-shared)
+if(VCPKG_LIBRARY_LINKAGE STREQUAL dynamic)
+ set(OPENSSL_SHARED shared)
+endif()
+
+set(CONFIGURE_OPTIONS
+ enable-static-engine
+ enable-capieng
+ no-ssl2
+ no-tests
+ no-autoload-config
+ -utf-8
+ ${OPENSSL_SHARED}
+)
+
+if(DEFINED OPENSSL_USE_NOPINSHARED)
+ set(CONFIGURE_OPTIONS ${CONFIGURE_OPTIONS} no-pinshared)
+endif()
+
+set(CONFIGURE_COMMAND "${PERL}" Configure ${CONFIGURE_OPTIONS})
+
+if(VCPKG_TARGET_ARCHITECTURE STREQUAL "x86")
+ set(OPENSSL_ARCH VC-WIN32)
+elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
+ set(OPENSSL_ARCH VC-WIN64A)
+elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm")
+ set(OPENSSL_ARCH VC-WIN32-ARM)
+elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm64")
+ set(OPENSSL_ARCH VC-WIN64-ARM)
+else()
+ message(FATAL_ERROR "Unsupported target architecture: ${VCPKG_TARGET_ARCHITECTURE}")
+endif()
+
+set(OPENSSL_MAKEFILE "makefile")
+
+file(REMOVE_RECURSE "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel"
+ "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg")
+
+if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "release")
+
+ # Copy openssl sources.
+ message(STATUS "Copying openssl release source files...")
+ file(GLOB OPENSSL_SOURCE_FILES ${SOURCE_PATH}/*)
+ foreach(SOURCE_FILE ${OPENSSL_SOURCE_FILES})
+ file(COPY ${SOURCE_FILE} DESTINATION "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel")
+ endforeach()
+ message(STATUS "Copying openssl release source files... done")
+ set(SOURCE_PATH_RELEASE "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel")
+
+ set(OPENSSLDIR_RELEASE ${CURRENT_PACKAGES_DIR})
+
+ message(STATUS "Configure ${TARGET_TRIPLET}-rel")
+ vcpkg_execute_required_process(
+ COMMAND ${CONFIGURE_COMMAND} ${OPENSSL_ARCH} "--prefix=${OPENSSLDIR_RELEASE}" "--openssldir=${OPENSSLDIR_RELEASE}" -FS
+ WORKING_DIRECTORY ${SOURCE_PATH_RELEASE}
+ LOGNAME configure-perl-${TARGET_TRIPLET}-rel
+ )
+ message(STATUS "Configure ${TARGET_TRIPLET}-rel done")
+
+ message(STATUS "Build ${TARGET_TRIPLET}-rel")
+ # Openssl's buildsystem has a race condition which will cause JOM to fail at some point.
+ # This is ok; we just do as much work as we can in parallel first, then follow up with a single-threaded build.
+ make_directory(${SOURCE_PATH_RELEASE}/inc32/openssl)
+ execute_process(
+ COMMAND ${JOM} -k -j $ENV{NUMBER_OF_PROCESSORS} -f ${OPENSSL_MAKEFILE}
+ WORKING_DIRECTORY ${SOURCE_PATH_RELEASE}
+ OUTPUT_FILE ${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-rel-0-out.log
+ ERROR_FILE ${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-rel-0-err.log
+ )
+ vcpkg_execute_required_process(
+ COMMAND nmake -f ${OPENSSL_MAKEFILE} install_sw install_ssldirs
+ WORKING_DIRECTORY ${SOURCE_PATH_RELEASE}
+ LOGNAME build-${TARGET_TRIPLET}-rel-1)
+
+ message(STATUS "Build ${TARGET_TRIPLET}-rel done")
+endif()
+
+
+if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "debug")
+ # Copy openssl sources.
+ message(STATUS "Copying openssl debug source files...")
+ file(GLOB OPENSSL_SOURCE_FILES ${SOURCE_PATH}/*)
+ foreach(SOURCE_FILE ${OPENSSL_SOURCE_FILES})
+ file(COPY ${SOURCE_FILE} DESTINATION "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg")
+ endforeach()
+ message(STATUS "Copying openssl debug source files... done")
+ set(SOURCE_PATH_DEBUG "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg")
+
+ set(OPENSSLDIR_DEBUG ${CURRENT_PACKAGES_DIR}/debug)
+
+ message(STATUS "Configure ${TARGET_TRIPLET}-dbg")
+ vcpkg_execute_required_process(
+ COMMAND ${CONFIGURE_COMMAND} debug-${OPENSSL_ARCH} "--prefix=${OPENSSLDIR_DEBUG}" "--openssldir=${OPENSSLDIR_DEBUG}" -FS
+ WORKING_DIRECTORY ${SOURCE_PATH_DEBUG}
+ LOGNAME configure-perl-${TARGET_TRIPLET}-dbg
+ )
+ message(STATUS "Configure ${TARGET_TRIPLET}-dbg done")
+
+ message(STATUS "Build ${TARGET_TRIPLET}-dbg")
+ make_directory(${SOURCE_PATH_DEBUG}/inc32/openssl)
+ execute_process(
+ COMMAND "${JOM}" -k -j ${VCPKG_CONCURRENCY} -f "${OPENSSL_MAKEFILE}"
+ WORKING_DIRECTORY ${SOURCE_PATH_DEBUG}
+ OUTPUT_FILE ${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-dbg-0-out.log
+ ERROR_FILE ${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-dbg-0-err.log
+ )
+ vcpkg_execute_required_process(
+ COMMAND nmake -f "${OPENSSL_MAKEFILE}" install_sw install_ssldirs
+ WORKING_DIRECTORY ${SOURCE_PATH_DEBUG}
+ LOGNAME build-${TARGET_TRIPLET}-dbg-1)
+
+ message(STATUS "Build ${TARGET_TRIPLET}-dbg done")
+endif()
+
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/certs")
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/private")
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/lib/engines-1_1")
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/certs")
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/lib/engines-1_1")
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/private")
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/include")
+
+file(REMOVE
+ "${CURRENT_PACKAGES_DIR}/ct_log_list.cnf"
+ "${CURRENT_PACKAGES_DIR}/ct_log_list.cnf.dist"
+ "${CURRENT_PACKAGES_DIR}/openssl.cnf.dist"
+ "${CURRENT_PACKAGES_DIR}/debug/bin/openssl.exe"
+ "${CURRENT_PACKAGES_DIR}/debug/ct_log_list.cnf"
+ "${CURRENT_PACKAGES_DIR}/debug/ct_log_list.cnf.dist"
+ "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf"
+ "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf.dist"
+)
+
+file(MAKE_DIRECTORY "${CURRENT_PACKAGES_DIR}/tools/openssl/")
+file(RENAME "${CURRENT_PACKAGES_DIR}/bin/openssl.exe" "${CURRENT_PACKAGES_DIR}/tools/openssl/openssl.exe")
+file(RENAME "${CURRENT_PACKAGES_DIR}/openssl.cnf" "${CURRENT_PACKAGES_DIR}/tools/openssl/openssl.cnf")
+
+vcpkg_copy_tool_dependencies("${CURRENT_PACKAGES_DIR}/tools/openssl")
+
+if(VCPKG_LIBRARY_LINKAGE STREQUAL static)
+ # They should be empty, only the exes deleted above were in these directories
+ file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/bin/")
+ file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/bin/")
+endif()
+
+vcpkg_replace_string("${CURRENT_PACKAGES_DIR}/include/openssl/dtls1.h"
+ "<winsock.h>"
+ "<winsock2.h>"
+)
+
+vcpkg_replace_string("${CURRENT_PACKAGES_DIR}/include/openssl/rand.h"
+ "# include <windows.h>"
+ "#ifndef _WINSOCKAPI_\n#define _WINSOCKAPI_\n#endif\n# include <windows.h>"
+)
+
+vcpkg_copy_pdbs()
+
+file(INSTALL "${SOURCE_PATH}/LICENSE" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}" RENAME copyright)
+if(VCPKG_LIBRARY_LINKAGE STREQUAL "static")
+ file(COPY "${CMAKE_CURRENT_LIST_DIR}/vcpkg-cmake-wrapper.cmake" DESTINATION "${CURRENT_PACKAGES_DIR}/share/openssl")
+endif()
diff --git a/contrib/vcpkg-ports/openssl/windows/vcpkg-cmake-wrapper.cmake b/contrib/vcpkg-ports/openssl/windows/vcpkg-cmake-wrapper.cmake
new file mode 100644
index 0000000..1e3b837
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl/windows/vcpkg-cmake-wrapper.cmake
@@ -0,0 +1,10 @@
+_find_package(${ARGS})
+if(OPENSSL_FOUND)
+ list(APPEND OPENSSL_LIBRARIES Crypt32.lib ws2_32.lib)
+ if(TARGET OpenSSL::Crypto)
+ set_property(TARGET OpenSSL::Crypto APPEND PROPERTY INTERFACE_LINK_LIBRARIES "Crypt32.lib;ws2_32.lib")
+ endif()
+ if(TARGET OpenSSL::SSL)
+ set_property(TARGET OpenSSL::SSL APPEND PROPERTY INTERFACE_LINK_LIBRARIES "Crypt32.lib;ws2_32.lib")
+ endif()
+endif()
diff --git a/contrib/vcpkg-ports/pkcs11-helper/0001-nmake-openssl-1.1.1-support.patch b/contrib/vcpkg-ports/pkcs11-helper/0001-nmake-openssl-1.1.1-support.patch
new file mode 100644
index 0000000..d1942a9
--- /dev/null
+++ b/contrib/vcpkg-ports/pkcs11-helper/0001-nmake-openssl-1.1.1-support.patch
@@ -0,0 +1,88 @@
+From 324026ce179468fcea348e59259dbc5456438ead Mon Sep 17 00:00:00 2001
+From: Lev Stipakov <lev@openvpn.net>
+Date: Fri, 14 May 2021 14:35:53 +0300
+Subject: [PATCH] nmake: openssl 1.1.1 support
+
+Starting from version 1.1.1, OpenSSL includes routines
+like RSA_meth_xxx and DSA_meth_xxx. pkcs11-helper includes
+implementation of those routines. That code is compiled if
+they're missing from OpenSSL.
+
+nmake build uses pre-generated config-w32-vc.h, which lacks
+defines which indicate that OpenSSL includes above routines,
+which causes pkcs11's own implementaion to be compiled. However,
+pkcs11-helper implementation is not compatible with OpenSSL 1.1.1 -
+for example, it takes size of opaque struct RSA_METHOD, which
+has become internal in OpenSSL.
+
+This adds necessary defines to config header used by nmake build
+so that pkcs11-helper code, which is not compatible with OpenSSL 1.1.1,
+is not compiled.
+
+Also libeay is changed to libcrypto.
+
+Signed-off-by: Lev Stipakov <lev@openvpn.net>
+---
+ config-w32-vc.h.in | 33 +++++++++++++++++++++++++++++++++
+ lib/Makefile.w32-vc | 4 ++--
+ 2 files changed, 35 insertions(+), 2 deletions(-)
+
+diff --git a/config-w32-vc.h b/config-w32-vc.h
+index 6346f02..102b2e3 100644
+--- a/config-w32-vc.h
++++ b/config-w32-vc.h
+@@ -185,3 +185,36 @@
+ #if _MSC_VER >= 1400
+ #define HAVE_CPP_VARARG_MACRO_ISO 1
+ #endif
++
++/* Define to 1 if you have the `RSA_meth_dup' function. */
++#define HAVE_RSA_METH_DUP 1
++
++/* Define to 1 if you have the `RSA_meth_free' function. */
++#define HAVE_RSA_METH_FREE 1
++
++/* Define to 1 if you have the `RSA_meth_set1_name' function. */
++#define HAVE_RSA_METH_SET1_NAME 1
++
++/* Define to 1 if you have the `RSA_meth_set_flags' function. */
++#define HAVE_RSA_METH_SET_FLAGS 1
++
++/* Define to 1 if you have the `RSA_meth_set_priv_dec' function. */
++#define HAVE_RSA_METH_SET_PRIV_DEC 1
++
++/* Define to 1 if you have the `RSA_meth_set_priv_enc' function. */
++#define HAVE_RSA_METH_SET_PRIV_ENC 1
++
++/* Define to 1 if you have the `DSA_meth_dup' function. */
++#define HAVE_DSA_METH_DUP 1
++
++/* Define to 1 if you have the `DSA_meth_free' function. */
++#define HAVE_DSA_METH_FREE 1
++
++/* Define to 1 if you have the `DSA_meth_set1_name' function. */
++#define HAVE_DSA_METH_SET1_NAME 1
++
++/* Define to 1 if you have the `DSA_meth_set_sign' function. */
++#define HAVE_DSA_METH_SET_SIGN 1
++
++/* Define to 1 if you have the `DSA_SIG_set0' function. */
++#define HAVE_DSA_SIG_SET0 1
+diff --git a/lib/Makefile.w32-vc b/lib/Makefile.w32-vc
+index 2edab39..b2ac746 100644
+--- a/lib/Makefile.w32-vc
++++ b/lib/Makefile.w32-vc
+@@ -60,9 +60,9 @@ OPENSSL_HOME = ..\..\openssl-0.9.8a
+ !endif
+
+ !ifdef OPENSSL
+-OPENSSL_STATIC = libeay32.lib
++OPENSSL_STATIC = libcrypto.lib
+ #OPENSSL_STATIC = libeay32sd.lib
+-OPENSSL_DYNAMIC = libeay32.lib
++OPENSSL_DYNAMIC = libcrypto.lib
+ #OPENSSL_DYNAMIC = libeay32d.lib
+
+ OPENSSL_INC=$(OPENSSL_HOME)\include
+--
+2.23.0.windows.1
diff --git a/contrib/vcpkg-ports/pkcs11-helper/CONTROL b/contrib/vcpkg-ports/pkcs11-helper/CONTROL
new file mode 100644
index 0000000..0183180
--- /dev/null
+++ b/contrib/vcpkg-ports/pkcs11-helper/CONTROL
@@ -0,0 +1,4 @@
+Source: pkcs11-helper
+Version: 1.27-1
+Homepage: https://github.com/OpenSC/pkcs11-helper
+Description: pkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications.
diff --git a/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch b/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch
new file mode 100644
index 0000000..84fba08
--- /dev/null
+++ b/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch
@@ -0,0 +1,686 @@
+commit 90590b02085edc3830bdfe0942a46c4e7bf3f1ab (HEAD -> master)
+Author: David Woodhouse <David.Woodhouse@intel.com>
+Date: Thu Apr 30 14:58:24 2015 +0100
+
+ Serialize to RFC7512-compliant PKCS#11 URIs
+
+ Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
+
+commit 4d5280da8df591aab701dff4493d13a835a9b29c
+Author: David Woodhouse <David.Woodhouse@intel.com>
+Date: Wed Dec 10 14:00:21 2014 +0000
+
+ Accept RFC7512-compliant PKCS#11 URIs as serialized token/certificate IDs
+
+ The old format is still accepted for compatibility.
+
+ Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
+
+commit 14e09211c3d50eb06825090c9765e4382cf52f19
+Author: David Woodhouse <David.Woodhouse@intel.com>
+Date: Sun Dec 14 19:42:18 2014 +0000
+
+ Stop _pkcs11h_util_hexToBinary() checking for trailing NUL
+
+ We are going to want to use this for parsing %XX hex escapes in RFC7512
+ PKCS#11 URIs, where we cannot expect a trailing NUL. Since there's only
+ one existing caller at the moment, it's simple just to let the caller
+ have responsibility for that check.
+
+ Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
+diff --git a/lib/pkcs11h-serialization.c b/lib/pkcs11h-serialization.c
+index ad275f8..1d077e4 100644
+--- a/lib/pkcs11h-serialization.c
++++ b/lib/pkcs11h-serialization.c
+@@ -61,29 +61,127 @@
+
+ #if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE)
+
++#define URI_SCHEME "pkcs11:"
++
++#define token_field_ofs(field) ((unsigned long)&(((struct pkcs11h_token_id_s *)0)->field))
++#define token_field_size(field) sizeof((((struct pkcs11h_token_id_s *)0)->field))
++#define token_field(name, field) { name "=", sizeof(name), \
++ token_field_ofs(field), token_field_size(field) }
++
++static struct {
++ const char const *name;
++ size_t namelen;
++ unsigned long field_ofs;
++ size_t field_size;
++} __token_fields[] = {
++ token_field ("model", model),
++ token_field ("token", label),
++ token_field ("manufacturer", manufacturerID ),
++ token_field ("serial", serialNumber ),
++ { NULL },
++};
++
++#define P11_URL_VERBATIM "abcdefghijklmnopqrstuvwxyz" \
++ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
++ "0123456789_-."
++
++static
++int
++__token_attr_escape(char *uri, char *attr, size_t attrlen)
++{
++ int len = 0, i;
++
++ for (i = 0; i < attrlen; i++) {
++ if ((attr[i] != '\x0') && strchr(P11_URL_VERBATIM, attr[i])) {
++ if (uri) {
++ *(uri++) = attr[i];
++ }
++ len++;
++ } else {
++ if (uri) {
++ sprintf(uri, "%%%02x", (unsigned char)attr[i]);
++ uri += 3;
++ }
++ len += 3;
++ }
++ }
++ return len;
++}
++
++static
++CK_RV
++__generate_pkcs11_uri (
++ OUT char * const sz,
++ IN OUT size_t *max,
++ IN const pkcs11h_certificate_id_t certificate_id,
++ IN const pkcs11h_token_id_t token_id
++) {
++ size_t _max;
++ char *p = sz;
++ int i;
++
++ _PKCS11H_ASSERT (max!=NULL);
++ _PKCS11H_ASSERT (token_id!=NULL);
++
++ _max = strlen(URI_SCHEME);
++ for (i = 0; __token_fields[i].name; i++) {
++ char *field = ((char *)token_id) + __token_fields[i].field_ofs;
++
++ _max += __token_fields[i].namelen;
++ _max += __token_attr_escape (NULL, field, strlen(field));
++ _max++; /* For a semicolon or trailing NUL */
++ }
++ if (certificate_id) {
++ _max += strlen (";id=");
++ _max += __token_attr_escape (NULL,
++ (char *)certificate_id->attrCKA_ID,
++ certificate_id->attrCKA_ID_size);
++ }
++
++ if (!sz) {
++ *max = _max;
++ return CKR_OK;
++ }
++
++ if (sz && *max < _max)
++ return CKR_ATTRIBUTE_VALUE_INVALID;
++
++ p += sprintf(p, URI_SCHEME);
++ for (i = 0; __token_fields[i].name; i++) {
++ char *field = ((char *)token_id) + __token_fields[i].field_ofs;
++
++ p += sprintf (p, "%s", __token_fields[i].name);
++ p += __token_attr_escape (p, field, strlen(field));
++ *(p++) = ';';
++ }
++ if (certificate_id) {
++ p += sprintf (p, "id=");
++ p += __token_attr_escape (p,
++ (char *)certificate_id->attrCKA_ID,
++ certificate_id->attrCKA_ID_size);
++ } else {
++ /* Remove the unneeded trailing semicolon */
++ p--;
++ }
++ *(p++) = 0;
++
++ *max = _max;
++
++ return CKR_OK;
++}
++
+ CK_RV
+ pkcs11h_token_serializeTokenId (
+ OUT char * const sz,
+ IN OUT size_t *max,
+ IN const pkcs11h_token_id_t token_id
+ ) {
+- const char *sources[5];
+ CK_RV rv = CKR_FUNCTION_FAILED;
+- size_t n;
+- int e;
+
+ /*_PKCS11H_ASSERT (sz!=NULL); Not required*/
+ _PKCS11H_ASSERT (max!=NULL);
+ _PKCS11H_ASSERT (token_id!=NULL);
+
+- { /* Must be after assert */
+- sources[0] = token_id->manufacturerID;
+- sources[1] = token_id->model;
+- sources[2] = token_id->serialNumber;
+- sources[3] = token_id->label;
+- sources[4] = NULL;
+- }
+-
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: pkcs11h_token_serializeTokenId entry sz=%p, *max="P_Z", token_id=%p",
+@@ -92,67 +190,161 @@ pkcs11h_token_serializeTokenId (
+ (void *)token_id
+ );
+
+- n = 0;
+- for (e=0;sources[e] != NULL;e++) {
+- size_t t;
+- if (
+- (rv = _pkcs11h_util_escapeString (
+- NULL,
+- sources[e],
+- &t,
+- __PKCS11H_SERIALIZE_INVALID_CHARS
+- )) != CKR_OK
+- ) {
+- goto cleanup;
++ rv = __generate_pkcs11_uri(sz, max, NULL, token_id);
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG2,
++ "PKCS#11: pkcs11h_token_serializeTokenId return rv=%lu-'%s', *max="P_Z", sz='%s'",
++ rv,
++ pkcs11h_getMessage (rv),
++ *max,
++ sz
++ );
++
++ return rv;
++}
++
++static
++CK_RV
++__parse_token_uri_attr (
++ const char *uri,
++ size_t urilen,
++ char *tokstr,
++ size_t toklen,
++ size_t *parsed_len
++) {
++ size_t orig_toklen = toklen;
++ CK_RV rv = CKR_OK;
++
++ while (urilen && toklen > 1) {
++ if (*uri == '%') {
++ size_t size = 1;
++
++ if (urilen < 3) {
++ rv = CKR_ATTRIBUTE_VALUE_INVALID;
++ goto done;
++ }
++
++ rv = _pkcs11h_util_hexToBinary ((unsigned char *)tokstr,
++ uri + 1, &size);
++ if (rv != CKR_OK) {
++ goto done;
++ }
++
++ uri += 2;
++ urilen -= 2;
++ } else {
++ *tokstr = *uri;
+ }
+- n+=t;
++ tokstr++;
++ uri++;
++ toklen--;
++ urilen--;
++ tokstr[0] = 0;
+ }
+
+- if (sz != NULL) {
+- if (*max < n) {
+- rv = CKR_ATTRIBUTE_VALUE_INVALID;
+- goto cleanup;
++ if (urilen) {
++ rv = CKR_ATTRIBUTE_VALUE_INVALID;
++ } else if (parsed_len) {
++ *parsed_len = orig_toklen - toklen;
++ }
++
++ done:
++ return rv;
++}
++
++static
++CK_RV
++__parse_pkcs11_uri (
++ OUT pkcs11h_token_id_t token_id,
++ OUT pkcs11h_certificate_id_t certificate_id,
++ IN const char * const sz
++) {
++ const char *end, *p;
++ CK_RV rv = CKR_OK;
++
++ _PKCS11H_ASSERT (token_id!=NULL);
++ _PKCS11H_ASSERT (sz!=NULL);
++
++ if (strncmp (sz, URI_SCHEME, strlen (URI_SCHEME)))
++ return CKR_ATTRIBUTE_VALUE_INVALID;
++
++ end = sz + strlen (URI_SCHEME) - 1;
++ while (rv == CKR_OK && end[0] && end[1]) {
++ int i;
++
++ p = end + 1;
++ end = strchr (p, ';');
++ if (!end)
++ end = p + strlen(p);
++
++ for (i = 0; __token_fields[i].name; i++) {
++ /* Parse the token=, label=, manufacturer= and serial= fields */
++ if (!strncmp(p, __token_fields[i].name, __token_fields[i].namelen)) {
++ char *field = ((char *)token_id) + __token_fields[i].field_ofs;
++
++ p += __token_fields[i].namelen;
++ rv = __parse_token_uri_attr (p, end - p, field,
++ __token_fields[i].field_size,
++ NULL);
++ if (rv != CKR_OK) {
++ goto cleanup;
++ }
++
++ goto matched;
++ }
+ }
++ if (certificate_id && !strncmp(p, "id=", 3)) {
++ p += 3;
++
++ rv = _pkcs11h_mem_malloc ((void *)&certificate_id->attrCKA_ID,
++ end - p + 1);
++ if (rv != CKR_OK) {
++ goto cleanup;
++ }
+
+- n = 0;
+- for (e=0;sources[e] != NULL;e++) {
+- size_t t = *max-n;
+- if (
+- (rv = _pkcs11h_util_escapeString (
+- sz+n,
+- sources[e],
+- &t,
+- __PKCS11H_SERIALIZE_INVALID_CHARS
+- )) != CKR_OK
+- ) {
++ rv = __parse_token_uri_attr (p, end - p,
++ (char *)certificate_id->attrCKA_ID,
++ end - p + 1,
++ &certificate_id->attrCKA_ID_size);
++ if (rv != CKR_OK) {
+ goto cleanup;
+ }
+- n+=t;
+- sz[n-1] = '/';
++
++ goto matched;
+ }
+- sz[n-1] = '\x0';
+- }
+
+- *max = n;
+- rv = CKR_OK;
++ /* We don't parse object= because the match code doesn't support
++ matching by label. */
++
++ /* Failed to parse PKCS#11 URI element. */
++ return CKR_ATTRIBUTE_VALUE_INVALID;
+
++ matched:
++ ;
++ }
+ cleanup:
++ /* The matching code doesn't support support partial matches; it needs
++ * *all* of manufacturer, model, serial and label attributes to be
++ * defined. So reject partial URIs early instead of letting it do the
++ * wrong thing. We can maybe improve this later. */
++ if (!token_id->model[0] || !token_id->label[0] ||
++ !token_id->manufacturerID[0] || !token_id->serialNumber[0]) {
++ return CKR_ATTRIBUTE_VALUE_INVALID;
++ }
+
+- _PKCS11H_DEBUG (
+- PKCS11H_LOG_DEBUG2,
+- "PKCS#11: pkcs11h_token_serializeTokenId return rv=%lu-'%s', *max="P_Z", sz='%s'",
+- rv,
+- pkcs11h_getMessage (rv),
+- *max,
+- sz
+- );
++ /* For a certificate ID we need CKA_ID */
++ if (certificate_id && !certificate_id->attrCKA_ID_size) {
++ return CKR_ATTRIBUTE_VALUE_INVALID;
++ }
+
+ return rv;
+ }
+
++static
+ CK_RV
+-pkcs11h_token_deserializeTokenId (
+- OUT pkcs11h_token_id_t *p_token_id,
++__pkcs11h_token_legacy_deserializeTokenId (
++ OUT pkcs11h_token_id_t token_id,
+ IN const char * const sz
+ ) {
+ #define __PKCS11H_TARGETS_NUMBER 4
+@@ -161,24 +353,11 @@ pkcs11h_token_deserializeTokenId (
+ size_t s;
+ } targets[__PKCS11H_TARGETS_NUMBER];
+
+- pkcs11h_token_id_t token_id = NULL;
+ char *p1 = NULL;
+ char *_sz = NULL;
+ int e;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+
+- _PKCS11H_ASSERT (p_token_id!=NULL);
+- _PKCS11H_ASSERT (sz!=NULL);
+-
+- _PKCS11H_DEBUG (
+- PKCS11H_LOG_DEBUG2,
+- "PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=%p, sz='%s'",
+- (void *)p_token_id,
+- sz
+- );
+-
+- *p_token_id = NULL;
+-
+ if (
+ (rv = _pkcs11h_mem_strdup (
+ (void *)&_sz,
+@@ -190,10 +369,6 @@ pkcs11h_token_deserializeTokenId (
+
+ p1 = _sz;
+
+- if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) {
+- goto cleanup;
+- }
+-
+ targets[0].p = token_id->manufacturerID;
+ targets[0].s = sizeof (token_id->manufacturerID);
+ targets[1].p = token_id->model;
+@@ -252,6 +427,51 @@ pkcs11h_token_deserializeTokenId (
+ p1 = p2+1;
+ }
+
++ rv = CKR_OK;
++
++cleanup:
++
++ if (_sz != NULL) {
++ _pkcs11h_mem_free ((void *)&_sz);
++ }
++
++ return rv;
++#undef __PKCS11H_TARGETS_NUMBER
++}
++
++CK_RV
++pkcs11h_token_deserializeTokenId (
++ OUT pkcs11h_token_id_t *p_token_id,
++ IN const char * const sz
++) {
++ pkcs11h_token_id_t token_id = NULL;
++ CK_RV rv = CKR_FUNCTION_FAILED;
++
++ _PKCS11H_ASSERT (p_token_id!=NULL);
++ _PKCS11H_ASSERT (sz!=NULL);
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG2,
++ "PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=%p, sz='%s'",
++ (void *)p_token_id,
++ sz
++ );
++
++ *p_token_id = NULL;
++
++ if ((rv = _pkcs11h_token_newTokenId (&token_id)) != CKR_OK) {
++ goto cleanup;
++ }
++
++ if (!strncmp (sz, URI_SCHEME, strlen (URI_SCHEME))) {
++ rv = __parse_pkcs11_uri(token_id, NULL, sz);
++ } else {
++ rv = __pkcs11h_token_legacy_deserializeTokenId(token_id, sz);
++ }
++ if (rv != CKR_OK) {
++ goto cleanup;
++ }
++
+ strncpy (
+ token_id->display,
+ token_id->label,
+@@ -264,11 +484,6 @@ pkcs11h_token_deserializeTokenId (
+ rv = CKR_OK;
+
+ cleanup:
+-
+- if (_sz != NULL) {
+- _pkcs11h_mem_free ((void *)&_sz);
+- }
+-
+ if (token_id != NULL) {
+ pkcs11h_token_freeTokenId (token_id);
+ }
+@@ -281,7 +496,6 @@ cleanup:
+ );
+
+ return rv;
+-#undef __PKCS11H_TARGETS_NUMBER
+ }
+
+ #endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */
+@@ -295,9 +509,6 @@ pkcs11h_certificate_serializeCertificateId (
+ IN const pkcs11h_certificate_id_t certificate_id
+ ) {
+ CK_RV rv = CKR_FUNCTION_FAILED;
+- size_t saved_max = 0;
+- size_t n = 0;
+- size_t _max = 0;
+
+ /*_PKCS11H_ASSERT (sz!=NULL); Not required */
+ _PKCS11H_ASSERT (max!=NULL);
+@@ -311,42 +522,7 @@ pkcs11h_certificate_serializeCertificateId (
+ (void *)certificate_id
+ );
+
+- if (sz != NULL) {
+- saved_max = n = *max;
+- }
+- *max = 0;
+-
+- if (
+- (rv = pkcs11h_token_serializeTokenId (
+- sz,
+- &n,
+- certificate_id->token_id
+- )) != CKR_OK
+- ) {
+- goto cleanup;
+- }
+-
+- _max = n + certificate_id->attrCKA_ID_size*2 + 1;
+-
+- if (sz != NULL) {
+- if (saved_max < _max) {
+- rv = CKR_ATTRIBUTE_VALUE_INVALID;
+- goto cleanup;
+- }
+-
+- sz[n-1] = '/';
+- rv = _pkcs11h_util_binaryToHex (
+- sz+n,
+- saved_max-n,
+- certificate_id->attrCKA_ID,
+- certificate_id->attrCKA_ID_size
+- );
+- }
+-
+- *max = _max;
+- rv = CKR_OK;
+-
+-cleanup:
++ rv = __generate_pkcs11_uri(sz, max, certificate_id, certificate_id->token_id);
+
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+@@ -360,27 +536,16 @@ cleanup:
+ return rv;
+ }
+
++static
+ CK_RV
+-pkcs11h_certificate_deserializeCertificateId (
+- OUT pkcs11h_certificate_id_t * const p_certificate_id,
++__pkcs11h_certificate_legacy_deserializeCertificateId (
++ OUT pkcs11h_certificate_id_t certificate_id,
+ IN const char * const sz
+ ) {
+- pkcs11h_certificate_id_t certificate_id = NULL;
+ CK_RV rv = CKR_FUNCTION_FAILED;
+ char *p = NULL;
+ char *_sz = NULL;
+-
+- _PKCS11H_ASSERT (p_certificate_id!=NULL);
+- _PKCS11H_ASSERT (sz!=NULL);
+-
+- *p_certificate_id = NULL;
+-
+- _PKCS11H_DEBUG (
+- PKCS11H_LOG_DEBUG2,
+- "PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=%p, sz='%s'",
+- (void *)p_certificate_id,
+- sz
+- );
++ size_t id_hex_len;
+
+ if (
+ (rv = _pkcs11h_mem_strdup (
+@@ -393,10 +558,6 @@ pkcs11h_certificate_deserializeCertificateId (
+
+ p = _sz;
+
+- if ((rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK) {
+- goto cleanup;
+- }
+-
+ if ((p = strrchr (_sz, '/')) == NULL) {
+ rv = CKR_ATTRIBUTE_VALUE_INVALID;
+ goto cleanup;
+@@ -414,7 +575,12 @@ pkcs11h_certificate_deserializeCertificateId (
+ goto cleanup;
+ }
+
+- certificate_id->attrCKA_ID_size = strlen (p)/2;
++ id_hex_len = strlen (p);
++ if (id_hex_len & 1) {
++ rv = CKR_ATTRIBUTE_VALUE_INVALID;
++ goto cleanup;
++ }
++ certificate_id->attrCKA_ID_size = id_hex_len/2;
+
+ if (
+ (rv = _pkcs11h_mem_malloc (
+@@ -430,21 +596,64 @@ pkcs11h_certificate_deserializeCertificateId (
+ goto cleanup;
+ }
+
++ rv = CKR_OK;
++
++cleanup:
++
++ if (_sz != NULL) {
++ _pkcs11h_mem_free ((void *)&_sz);
++ }
++
++ return rv;
++
++}
++
++CK_RV
++pkcs11h_certificate_deserializeCertificateId (
++ OUT pkcs11h_certificate_id_t * const p_certificate_id,
++ IN const char * const sz
++) {
++ pkcs11h_certificate_id_t certificate_id = NULL;
++ CK_RV rv = CKR_FUNCTION_FAILED;
++
++ _PKCS11H_ASSERT (p_certificate_id!=NULL);
++ _PKCS11H_ASSERT (sz!=NULL);
++
++ *p_certificate_id = NULL;
++
++ _PKCS11H_DEBUG (
++ PKCS11H_LOG_DEBUG2,
++ "PKCS#11: pkcs11h_certificate_deserializeCertificateId entry p_certificate_id=%p, sz='%s'",
++ (void *)p_certificate_id,
++ sz
++ );
++
++ if ((rv = _pkcs11h_certificate_newCertificateId (&certificate_id)) != CKR_OK) {
++ goto cleanup;
++ }
++ if ((rv = _pkcs11h_token_newTokenId (&certificate_id->token_id)) != CKR_OK) {
++ goto cleanup;
++ }
++
++ if (!strncmp(sz, URI_SCHEME, strlen (URI_SCHEME))) {
++ rv = __parse_pkcs11_uri (certificate_id->token_id, certificate_id, sz);
++ } else {
++ rv = __pkcs11h_certificate_legacy_deserializeCertificateId (certificate_id, sz);
++ }
++ if (rv != CKR_OK) {
++ goto cleanup;
++ }
++
+ *p_certificate_id = certificate_id;
+ certificate_id = NULL;
+ rv = CKR_OK;
+
+ cleanup:
+-
+ if (certificate_id != NULL) {
+ pkcs11h_certificate_freeCertificateId (certificate_id);
+ certificate_id = NULL;
+ }
+
+- if (_sz != NULL) {
+- _pkcs11h_mem_free ((void *)&_sz);
+- }
+-
+ _PKCS11H_DEBUG (
+ PKCS11H_LOG_DEBUG2,
+ "PKCS#11: pkcs11h_certificate_deserializeCertificateId return rv=%lu-'%s'",
+diff --git a/lib/pkcs11h-util.c b/lib/pkcs11h-util.c
+index 0743fd1..f90e443 100644
+--- a/lib/pkcs11h-util.c
++++ b/lib/pkcs11h-util.c
+@@ -110,12 +110,7 @@ _pkcs11h_util_hexToBinary (
+ p++;
+ }
+
+- if (*p != '\x0') {
+- return CKR_ATTRIBUTE_VALUE_INVALID;
+- }
+- else {
+- return CKR_OK;
+- }
++ return CKR_OK;
+ }
+
+ CK_RV
diff --git a/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake b/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake
new file mode 100644
index 0000000..54a0009
--- /dev/null
+++ b/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake
@@ -0,0 +1,35 @@
+set(VERSION 1.27)
+
+vcpkg_download_distfile(ARCHIVE
+ URLS "https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-${VERSION}/pkcs11-helper-${VERSION}.0.tar.bz2"
+ FILENAME "pkcs11-helper-${VERSION}.tar.bz2"
+ SHA512 5799342cb755dae8b7ba0880d652e9d4b4f1e52a74043015e1185e1e059326cb2689bb51957db98060ac2257dee34e2f047dcf3d52ad59fd49b91fedcfc5332b
+)
+
+vcpkg_extract_source_archive_ex(
+ OUT_SOURCE_PATH SOURCE_PATH
+ ARCHIVE ${ARCHIVE}
+ REF ${VERSION}
+ PATCHES
+ 0001-nmake-openssl-1.1.1-support.patch
+ pkcs11-helper-001-RFC7512.patch
+)
+
+vcpkg_build_nmake(
+ SOURCE_PATH ${SOURCE_PATH}
+ NO_DEBUG
+ PROJECT_SUBPATH lib
+ PROJECT_NAME Makefile.w32-vc
+ OPTIONS
+ OPENSSL=1
+ OPENSSL_HOME=${CURRENT_PACKAGES_DIR}/../openssl_${TARGET_TRIPLET}
+)
+
+file(INSTALL ${SOURCE_PATH}/include/pkcs11-helper-1.0 DESTINATION ${CURRENT_PACKAGES_DIR}/include/)
+file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/lib)
+file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}/lib/pkcs11-helper.dll.lib DESTINATION ${CURRENT_PACKAGES_DIR}/debug/lib)
+
+file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/bin)
+file(INSTALL ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}/lib/libpkcs11-helper-1.dll DESTINATION ${CURRENT_PACKAGES_DIR}/debug/bin)
+
+file(INSTALL ${SOURCE_PATH}/COPYING DESTINATION ${CURRENT_PACKAGES_DIR}/share/${PORT} RENAME copyright)