From patchwork Thu Jan 20 18:22:58 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lev Stipakov <lstipakov@gmail.com>
X-Patchwork-Id: 2247
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend41.mail.ord1d.rsapps.net with LMTP
	id ILYwA2X87mFWLAAAqwncew
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Mon, 24 Jan 2022 14:22:13 -0500
Received: from proxy3.mail.ord1d.rsapps.net ([172.30.191.6])
	by director10.mail.ord1d.rsapps.net with LMTP
	id cLDFD2X87mHkNgAApN4f7A
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Mon, 24 Jan 2022 14:22:13 -0500
Received: from smtp35.gate.ord1d ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy3.mail.ord1d.rsapps.net with LMTPS
	id 2BRtD2X87mFQWQAA7WKfLA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Mon, 24 Jan 2022 14:22:13 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp35.gate.ord1d.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed) header.d=gmail.com;
 dmarc=fail (p=none; dis=none) header.from=gmail.com
X-Suspicious-Flag: YES
X-Classification-ID: ee8ef662-7d4a-11ec-a9be-525400a7b7b4-1-1
Received: from [216.105.38.7] ([216.105.38.7:41722]
 helo=lists.sourceforge.net)
	by smtp35.gate.ord1d.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id FC/2A-19503-46CFEE16; Mon, 24 Jan 2022 14:22:13 -0500
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1nC4uB-0006bh-Uq; Mon, 24 Jan 2022 19:21:30 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2)
 (envelope-from <lstipakov@gmail.com>) id 1nC4uB-0006bU-2J
 for openvpn-devel@lists.sourceforge.net; Mon, 24 Jan 2022 19:21:29 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:
 To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=ALXWsR8s9qOT+pQfLhbHz5lTaUGKbQ1+PUbhCOxMkfI=; b=WtbyIcbMAJACJi9jGUx41e1P3p
 mLZnH+/SIMuQpMjteK5VFCDd8LD7KD/BXhm0+55UAXKQuRZC2jWI1tmYEeCWymqcYAyJRqr6zeNZi
 s3OWPVXu2BmGXl6LOIvf6Sh0C0hkEJGxFwhl6We1M3qlZbX2ZUHtarOhbLZuROlCg148=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=ALXWsR8s9qOT+pQfLhbHz5lTaUGKbQ1+PUbhCOxMkfI=; b=ZwxtvK/Qh2pNW/fQZb2GDbjjf8
 1j07UyRd5h03V6u66A6tTTIugIhAgOutuKyJ3YfW4CpGQ+MV+w839gNPjLj/WMKoBsV46CMRxO8q9
 Je5XV/NpKqxkLF8UaQs3+S/c3w1Ro3omY1c9IAHHEk2LkEcbY9E2enA+TXAKTrwg/8Bs=;
Received: from mail-lj1-f169.google.com ([209.85.208.169])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3)
 id 1nC4u5-00Ay82-7N
 for openvpn-devel@lists.sourceforge.net; Mon, 24 Jan 2022 19:21:29 +0000
Received: by mail-lj1-f169.google.com with SMTP id t7so5359296ljc.10
 for <openvpn-devel@lists.sourceforge.net>;
 Mon, 24 Jan 2022 11:21:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=ALXWsR8s9qOT+pQfLhbHz5lTaUGKbQ1+PUbhCOxMkfI=;
 b=h7RMFxmu0hap5HYx3TDpq8a3sVCeaBdlr1tcIXLh/MU5B3V2PilE8D8HA06fW21jmA
 CtAhT/rIDBztKXNvnCwZiDqx6P1P/IQS9ry5Pz3j5nIhxQNwPa/5NM8Q2meKlPlYxxs1
 9XPvPf2TF7FxDGZEK5/Spq+I6SXWPqcxgtuPnCvodi5W3bKQvGz9+APZPKBVn36y/y4s
 e3nQJ5aNcxcFbvbzagLvOu9IwkiNFtxQqy3kaaoIsrh0S6hllxUEgx1Pcd1x6JPaSIsJ
 bNYASod/Zerd2sPrfvEWj8w3hmx+u6UHBaCr87yH7VhgCE2Civ+RBqkFYO0SJlhzcGQK
 SdrQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=ALXWsR8s9qOT+pQfLhbHz5lTaUGKbQ1+PUbhCOxMkfI=;
 b=jpYZbkkSj+h2z5zcEolPj5MIe56iafuECCccW1uYzLLHCfjydHJRkjG67YN8peDp2W
 ny1ug46fJ/u+ijMCOpYGyWNKVGMuTDP/2yNzRAQjdMGgPfXtluxWrT2AXoxGg33JDZ/k
 5bIqT/ZIM2+M9eQHzSDa1qEdzFaBSS1N+IEMnh0LIPwDawuu15v+fjRtCqduxTPczymR
 FVgU3oB8q1OTOxEr9sffXJTf/HjXWat8Ea6VOIaEgVez0HpksKYQjvT/YwNKywBOw4Yk
 HBXRL2S2Rk2IKisPc98PKb1aBRHmWka2Jm0amtdkRClPIVjJ4M5LFP27Fl+o7OgAFa8L
 6VJw==
X-Gm-Message-State: AOAM530HIps2jQ6hwNlo+8D4NccH1Pe97qz3xGMLCYeY8YF/INc9W9AP
 sPYM17gW5ULgH04Q6MxyBDmXyn2e0Jk=
X-Google-Smtp-Source: 
 ABdhPJxrvOmAr7kFkWnFMWZv/wyfxFQsLli/89LUT6+YptcUAFbthkJ+OFrtZkElmVP+HdMqUFNVXw==
X-Received: by 2002:a2e:9909:: with SMTP id v9mr1566205lji.227.1643052078487;
 Mon, 24 Jan 2022 11:21:18 -0800 (PST)
Received: from LAPTOP-4L3N7KFS.localdomain (81-175-157-115.bb.dnainternet.fi.
 [81.175.157.115])
 by smtp.gmail.com with ESMTPSA id k4sm973202lja.46.2022.01.24.11.21.17
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 24 Jan 2022 11:21:18 -0800 (PST)
From: Lev Stipakov <lstipakov@gmail.com>
To: openvpn-devel@lists.sourceforge.net
Date: Fri, 21 Jan 2022 07:22:58 +0200
Message-Id: <20220121052259.508-2-lstipakov@gmail.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20220121052259.508-1-lstipakov@gmail.com>
References: <20220121052259.508-1-lstipakov@gmail.com>
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: Lev Stipakov - use sizeof(void *) since msvc doesn't
 support sizeof of function ptr - use XKEY_PROV_PROPS macro instead of props
 since msvc requires constant expression in aggregate initializers
 Content analysis details:   (-0.2 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [lstipakov[at]gmail.com]
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.208.169 listed in wl.mailspike.net]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.208.169 listed in list.dnswl.org]
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1nC4u5-00Ay82-7N
Subject: [Openvpn-devel] [PATCH 1/2] xkey: fix msvc build
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Lev Stipakov <lev@openvpn.net>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

From: Lev Stipakov <lev@openvpn.net>

 - use sizeof(void *) since msvc doesn't support sizeof of function ptr

 - use XKEY_PROV_PROPS macro instead of props since msvc
  requires constant expression in aggregate initializers

Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Selva Nair <selva.nair@gmail.com>
Signed-off-by: Lev Stipakov &lt;<a href="mailto:lev@openvpn.net" target="_blank">lev@openvpn.net</a>&gt;<br>
---
 src/openvpn/xkey_helper.c   |  4 ++--
 src/openvpn/xkey_provider.c | 13 +++++--------
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/src/openvpn/xkey_helper.c b/src/openvpn/xkey_helper.c
index c667f7be..50231335 100644
--- a/src/openvpn/xkey_helper.c
+++ b/src/openvpn/xkey_helper.c
@@ -125,8 +125,8 @@ xkey_load_generic_key(OSSL_LIB_CTX *libctx, void *handle, EVP_PKEY *pubkey,
         {"xkey-origin", OSSL_PARAM_UTF8_STRING, (char *) origin, 0, 0},
         {"pubkey", OSSL_PARAM_OCTET_STRING, &pubkey, sizeof(pubkey), 0},
         {"handle", OSSL_PARAM_OCTET_PTR, &handle, sizeof(handle), 0},
-        {"sign_op", OSSL_PARAM_OCTET_PTR, (void **) &sign_op, sizeof(sign_op), 0},
-        {"free_op", OSSL_PARAM_OCTET_PTR, (void **) &free_op, sizeof(free_op), 0},
+        {"sign_op", OSSL_PARAM_OCTET_PTR, (void **) &sign_op, sizeof(void *), 0},
+        {"free_op", OSSL_PARAM_OCTET_PTR, (void **) &free_op, sizeof(void *), 0},
         {NULL, 0, NULL, 0, 0}};
 
     /* Do not use EVP_PKEY_new_from_pkey as that will take keymgmt from pubkey */
diff --git a/src/openvpn/xkey_provider.c b/src/openvpn/xkey_provider.c
index c2d560c5..115b9931 100644
--- a/src/openvpn/xkey_provider.c
+++ b/src/openvpn/xkey_provider.c
@@ -44,9 +44,6 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 
-/* propq set all on all ops we implement */
-static const char *const props = XKEY_PROV_PROPS;
-
 /* A descriptive name */
 static const char *provname = "OpenVPN External Key Provider";
 
@@ -592,9 +589,9 @@ static const OSSL_DISPATCH ec_keymgmt_functions[] = {
 };
 
 const OSSL_ALGORITHM keymgmts[] = {
-    {"RSA:rsaEncryption", props, rsa_keymgmt_functions, "OpenVPN xkey RSA Key Manager"},
-    {"RSA-PSS:RSASSA-PSS", props, rsa_keymgmt_functions, "OpenVPN xkey RSA-PSS Key Manager"},
-    {"EC:id-ecPublicKey", props, ec_keymgmt_functions, "OpenVPN xkey EC Key Manager"},
+    {"RSA:rsaEncryption", XKEY_PROV_PROPS, rsa_keymgmt_functions, "OpenVPN xkey RSA Key Manager"},
+    {"RSA-PSS:RSASSA-PSS", XKEY_PROV_PROPS, rsa_keymgmt_functions, "OpenVPN xkey RSA-PSS Key Manager"},
+    {"EC:id-ecPublicKey", XKEY_PROV_PROPS, ec_keymgmt_functions, "OpenVPN xkey EC Key Manager"},
     {NULL, NULL, NULL, NULL}
 };
 
@@ -1074,8 +1071,8 @@ static const OSSL_DISPATCH signature_functions[] = {
 };
 
 const OSSL_ALGORITHM signatures[] = {
-    {"RSA:rsaEncryption", props, signature_functions, "OpenVPN xkey RSA Signature"},
-    {"ECDSA", props, signature_functions, "OpenVPN xkey ECDSA Signature"},
+    {"RSA:rsaEncryption", XKEY_PROV_PROPS, signature_functions, "OpenVPN xkey RSA Signature"},
+    {"ECDSA", XKEY_PROV_PROPS, signature_functions, "OpenVPN xkey ECDSA Signature"},
     {NULL, NULL, NULL, NULL}
 };
 

From patchwork Thu Jan 20 18:22:59 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lev Stipakov <lstipakov@gmail.com>
X-Patchwork-Id: 2249
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director13.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend41.mail.ord1d.rsapps.net with LMTP
	id AKEhOHb87mHnLAAAqwncew
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Mon, 24 Jan 2022 14:22:30 -0500
Received: from proxy15.mail.ord1d.rsapps.net ([172.30.191.6])
	by director13.mail.ord1d.rsapps.net with LMTP
	id AIsbCXf87mHnawAA91zNiA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Mon, 24 Jan 2022 14:22:31 -0500
Received: from smtp13.gate.ord1d ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy15.mail.ord1d.rsapps.net with LMTPS
	id 0FW9CHf87mEgNgAAAY1PeQ
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Mon, 24 Jan 2022 14:22:31 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp13.gate.ord1d.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed) header.d=gmail.com;
 dmarc=fail (p=none; dis=none) header.from=gmail.com
X-Suspicious-Flag: YES
X-Classification-ID: f92575ce-7d4a-11ec-aa57-525400b197d9-1-1
Received: from [216.105.38.7] ([216.105.38.7:32784]
 helo=lists.sourceforge.net)
	by smtp13.gate.ord1d.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id E5/30-20852-67CFEE16; Mon, 24 Jan 2022 14:22:30 -0500
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1nC4uR-0002xp-02; Mon, 24 Jan 2022 19:21:45 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2)
 (envelope-from <lstipakov@gmail.com>) id 1nC4uP-0002xj-N9
 for openvpn-devel@lists.sourceforge.net; Mon, 24 Jan 2022 19:21:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:
 To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=/Zg+wEk5Km10maOIIqhnMKa9iR2BJ7BQzMkPcCShNMY=; b=hAy7JbvlUHBHqIiSSBIymufmj7
 9MEjymVHKAtNKG2Ffd6HFXU01UCCeGl9IesQDnDhD4Jtsd19S7cFIAQ95g2Ivpct5KsitvWFqA1rf
 nQjcCvh3qg3X9CwuvLY4AJPgHW6TjCSr6I2X17hHoLxa6iWV3rDyQnDv92Ef7F8TsLfA=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=/Zg+wEk5Km10maOIIqhnMKa9iR2BJ7BQzMkPcCShNMY=; b=XGd9mWnZxD8S7f0qUVYiafuVid
 XMTDdVhc8+2bDEt+ZJUbboA3b4rsfaZB2iipVnrzBkkQxoXl0TOaEu8MbhACU9f3lYPpqKUpx1LlJ
 RjA7mw1tLmqob+u6dgVDRrWuONU4/LV7mEsFubBC2sTtJDbfFjfocGN0ZdYlqmu9EgCU=;
Received: from mail-lf1-f42.google.com ([209.85.167.42])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3)
 id 1nC4u7-0007ru-Nw
 for openvpn-devel@lists.sourceforge.net; Mon, 24 Jan 2022 19:21:35 +0000
Received: by mail-lf1-f42.google.com with SMTP id x23so5067080lfc.0
 for <openvpn-devel@lists.sourceforge.net>;
 Mon, 24 Jan 2022 11:21:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=/Zg+wEk5Km10maOIIqhnMKa9iR2BJ7BQzMkPcCShNMY=;
 b=G0ikSZYVkzw2SVHV02wzpbsIlQ1sStTbJaUDPebOR2856Uf6PyyZ6ZauTXe6ZNCrge
 XcB3UGELccm5lWOkylMMQny6LxUqNxKQY26luUSpHHDDm+g3fUArTPyL+D54MAn/PHgU
 YjE8W5KeDjoGYVreFcHUoEorq9zTpvNyKt0cFnN5WzuiexAtjb9D1ePk7jEPqjHkp7rE
 0LOMK8HlOSMtCiDUWQKgX5/Vb6dhWFwc2oMrOc6Pxdbr9QT5GjGPpEp5hs1o7zR+lQv4
 IEplfThu39HggBt32lwtoakeMQCSsxOPH4oCCybgtdo+WYzJqFDfPvfNy/4wFr1rSCNX
 XIdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=/Zg+wEk5Km10maOIIqhnMKa9iR2BJ7BQzMkPcCShNMY=;
 b=d3/kZb/S4YSf2SDhDNXmkZTENOlB8rKQo//xn6TKwP9pUoC5GPc0BVrFFXNF7e2vk1
 sU6NXQp01Esi+rcWB1wPs1sqDOQ3FzLtDTqWOC0xRuS/+N9SjfB6gUe52ndyAQoqEm+W
 PJyUQPl8UsNE0qMTfEBxNQUrXKbSmga8dAlZYfhyD+2irWI7j2lfAxhfzpABe0JPjs8S
 ktlDHlopJTMT/vbBFMr/eqOZY9tToK9i31xliwufDaAJh/+8TFURkacMaq3JEV471LNQ
 o2j+SzrXDR50ASRQqxrXo/zYqV9xTXoNssHehis77mtyPnQL2MbKx7tRpm+eL/ho7DuG
 qALw==
X-Gm-Message-State: AOAM532Q4UEAHfy7nRhFR72/3Jgj2L2xS0m7hHUeDwKP3pa5QCdz2rQq
 IwF9K8VS19t9diQ1WNMI3QWpojUDC8Y=
X-Google-Smtp-Source: 
 ABdhPJzGOCqHeLjpiZ69/Vc4YJzTmAu7US4/VhiAM8X7HBRgrQx7EnLSmYirRPrhpDhSkJTLSlhMcA==
X-Received: by 2002:a05:6512:3987:: with SMTP id
 j7mr13671616lfu.10.1643052080789;
 Mon, 24 Jan 2022 11:21:20 -0800 (PST)
Received: from LAPTOP-4L3N7KFS.localdomain (81-175-157-115.bb.dnainternet.fi.
 [81.175.157.115])
 by smtp.gmail.com with ESMTPSA id k4sm973202lja.46.2022.01.24.11.21.19
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 24 Jan 2022 11:21:20 -0800 (PST)
From: Lev Stipakov <lstipakov@gmail.com>
To: openvpn-devel@lists.sourceforge.net
Date: Fri, 21 Jan 2022 07:22:59 +0200
Message-Id: <20220121052259.508-3-lstipakov@gmail.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20220121052259.508-1-lstipakov@gmail.com>
References: <20220121052259.508-1-lstipakov@gmail.com>
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Lev Stipakov Add openssl3 vcpkg port from
 https://github.com/microsoft/vcpkg/pull/20428/files
 with some changes: - switch to openssl 3.0.1 - add install_runtime make
 target
 to build openssl.exe - create tools/openssl and copy there openssl.exe with
 dependency dlls
 Content analysis details:   (-0.2 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.167.42 listed in list.dnswl.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [lstipakov[at]gmail.com]
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.167.42 listed in wl.mailspike.net]
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1nC4u7-0007ru-Nw
Subject: [Openvpn-devel] [PATCH 2/2] msvc: switch to openssl3
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Lev Stipakov <lev@openvpn.net>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

From: Lev Stipakov <lev@openvpn.net>

Add openssl3 vcpkg port from https://github.com/microsoft/vcpkg/pull/20428/files
with some changes:

 - switch to openssl 3.0.1
 - add install_runtime make target to build openssl.exe
 - create tools/openssl and copy there openssl.exe with dependency dlls

Signed-off-by: Lev Stipakov <lev@openvpn.net>
---
 .github/workflows/build.yaml                  |   2 +-
 .../openssl3/detect_platform.cmake            |  86 ++++++++
 contrib/vcpkg-ports/openssl3/portfile.cmake   | 204 ++++++++++++++++++
 contrib/vcpkg-ports/openssl3/usage            |  11 +
 contrib/vcpkg-ports/openssl3/vcpkg.json       |   7 +
 .../vcpkg-ports/pkcs11-helper/portfile.cmake  |   2 +-
 6 files changed, 310 insertions(+), 2 deletions(-)
 create mode 100644 contrib/vcpkg-ports/openssl3/detect_platform.cmake
 create mode 100644 contrib/vcpkg-ports/openssl3/portfile.cmake
 create mode 100644 contrib/vcpkg-ports/openssl3/usage
 create mode 100644 contrib/vcpkg-ports/openssl3/vcpkg.json

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 9f884ac2..f1a75736 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -294,7 +294,7 @@ jobs:
         uses: lukka/run-vcpkg@v7.4
         with:
           vcpkgGitCommitId: 'a2fcb03749ff5897b5985092934dc6057680c789'
-          vcpkgArguments: 'openssl lz4 lzo pkcs11-helper tap-windows6'
+          vcpkgArguments: 'openssl3 lz4 lzo pkcs11-helper tap-windows6'
           vcpkgTriplet: '${{ matrix.triplet }}-windows-ovpn'
           cleanAfterBuild: false
 
diff --git a/contrib/vcpkg-ports/openssl3/detect_platform.cmake b/contrib/vcpkg-ports/openssl3/detect_platform.cmake
new file mode 100644
index 00000000..5f67f8d5
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl3/detect_platform.cmake
@@ -0,0 +1,86 @@
+if(VCPKG_TARGET_IS_ANDROID)
+    # ${SOURCE_PATH}/Configuration/15-android.conf
+    if(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm64")
+        set(PLATFORM "android-arm64")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm")
+        set(PLATFORM "android-arm")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
+        set(PLATFORM "android-x86_64")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x86")
+        set(PLATFORM "android-x86")
+    endif()
+
+elseif(VCPKG_TARGET_IS_LINUX)
+    if(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm64")
+        set(PLATFORM "linux-aarch64")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm")
+        set(PLATFORM "linux-armv4")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
+        set(PLATFORM "linux-x86_64")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x86")
+        set(PLATFORM "linux-x86")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "ppc64le")
+        set(PLATFORM "linux-ppc64le")
+    endif()
+
+elseif(VCPKG_TARGET_IS_IOS)
+    # ${SOURCE_PATH}/Configuration/15-ios.conf
+    if(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm64")
+        set(PLATFORM "ios64-xcrun")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm")
+        set(PLATFORM "ios-xcrun")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x86" OR
+           VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
+        set(PLATFORM "iossimulator-xcrun")
+    endif()
+
+elseif(VCPKG_TARGET_IS_OSX)
+    if(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm64")
+        set(PLATFORM "darwin64-arm64-cc")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
+        set(PLATFORM "darwin64-x86_64-cc")
+    endif()
+
+elseif(VCPKG_TARGET_IS_FREEBSD OR VCPKG_TARGET_IS_OPENBSD)
+    if(VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
+        set(PLATFORM "BSD-x86_64")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x86")
+        set(PLATFORM "BSD-x86")
+    endif()
+
+elseif(VCPKG_TARGET_IS_MINGW)
+    if(VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
+        set(PLATFORM "mingw64")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x86")
+        set(PLATFORM "mingw")
+    endif()
+
+elseif(VCPKG_TARGET_IS_UWP)
+    # ${SOURCE_PATH}/Configuration/50-win-onecore.conf
+    if(VCPKG_TARGET_ARCHITECTURE STREQUAL "x86")
+        set(PLATFORM "VC-WIN32-UWP")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
+        set(PLATFORM "VC-WIN64A-UWP")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm")
+        set(PLATFORM "VC-WIN32-ARM-UWP")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm64")
+        set(PLATFORM "VC-WIN64-ARM-UWP")
+    endif()
+
+elseif(VCPKG_TARGET_IS_WINDOWS)
+    # ${SOURCE_PATH}/Configuration/50-win-onecore.conf
+    if(VCPKG_TARGET_ARCHITECTURE STREQUAL "x86")
+        set(PLATFORM "VC-WIN32")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
+        set(PLATFORM "VC-WIN64A")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm")
+        set(PLATFORM "VC-WIN32-ARM")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm64")
+        set(PLATFORM "VC-WIN64-ARM")
+    endif()
+
+endif()
+
+if(NOT DEFINED PLATFORM)
+    message(FATAL_ERROR "PLATFORM is unknown for the target platform/architecture")
+endif()
diff --git a/contrib/vcpkg-ports/openssl3/portfile.cmake b/contrib/vcpkg-ports/openssl3/portfile.cmake
new file mode 100644
index 00000000..25d6cdf0
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl3/portfile.cmake
@@ -0,0 +1,204 @@
+# original version could be found at https://raw.githubusercontent.com/luncliff/vcpkg/2ab7467c8bacaf640cfc8e4fa7f3fdf16de1945d/ports/openssl/portfile.cmake
+# following changes are made:
+# - switch to openssl 3.0.1
+# - add install_runtime make target to build openssl.exe
+# - create tools/openssl and copy there openssl.exe with dependency dlls
+
+if(EXISTS ${CURRENT_INSTALLED_DIR}/include/openssl/ssl.h)
+    message(FATAL_ERROR "Can't build '${PORT}' if another SSL library is installed. Please remove existing one and try install '${PORT}' again if you need it.")
+endif()
+
+vcpkg_from_github(
+    OUT_SOURCE_PATH SOURCE_PATH
+    REPO openssl/openssl
+    REF openssl-3.0.1
+    SHA512 7f303769a3a796b88478399d42aa2a9a70dc74f62c975bbb93e8903e3bb8e25f16ecfc436186c2d4aa7383302c73ad1dd8ac4fccaa589062bbce6059d6073f18
+)
+
+if(VCPKG_LIBRARY_LINKAGE STREQUAL "dynamic")
+    list(APPEND CONFIGURE_OPTIONS shared)
+else()
+    list(APPEND CONFIGURE_OPTIONS no-shared)
+endif()
+
+# see ${SOURCE_PATH}/INSTALL.md
+list(APPEND CONFIGURE_OPTIONS
+    no-zlib
+    no-ui-console   # Don't build with the User Interface (UI) console method
+    no-module       # Don't build any dynamically loadable engines
+    no-makedepend   # Don't generate dependencies
+    no-tests        # Don't build test programs or run any tests
+)
+if(VCPKG_TARGET_IS_UWP)
+    list(APPEND CONFIGURE_OPTIONS no-async)
+endif()
+if(VCPKG_TARGET_IS_WINDOWS)
+    # jom will build in parallel mode, we need /FS for PDB access
+    list(APPEND CONFIGURE_OPTIONS -utf-8 -FS)
+
+elseif(VCPKG_TARGET_IS_IOS)
+    # see https://github.com/microsoft/vcpkg PR 12527
+    # disable that makes linkage error (e.g. require stderr usage)
+    list(APPEND CONFIGURE_OPTIONS no-stdio no-ui no-asm)
+
+endif()
+
+# Option: platform/architecture. Defined a variable 'PLATFORM'
+include(${CMAKE_CURRENT_LIST_DIR}/detect_platform.cmake)
+
+# Clean & copy source files for working directories
+file(REMOVE_RECURSE "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg"
+                    "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel"
+)
+get_filename_component(SOURCE_DIR_NAME "${SOURCE_PATH}" NAME)
+file(COPY        "${SOURCE_PATH}"
+     DESTINATION "${CURRENT_BUILDTREES_DIR}")
+file(RENAME      "${CURRENT_BUILDTREES_DIR}/${SOURCE_DIR_NAME}"
+                 "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg")
+file(COPY        "${SOURCE_PATH}"
+     DESTINATION "${CURRENT_BUILDTREES_DIR}")
+file(RENAME      "${CURRENT_BUILDTREES_DIR}/${SOURCE_DIR_NAME}"
+                 "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel")
+
+# see ${SOURCE_PATH}/NOTES-PERL.md
+vcpkg_find_acquire_program(PERL)
+get_filename_component(PERL_EXE_PATH "${PERL}" PATH)
+vcpkg_add_to_path("${PERL_EXE_PATH}")
+
+if(NOT VCPKG_HOST_IS_WINDOWS)
+    # see ${SOURCE_PATH}/NOTES-UNIX.md
+    find_program(MAKE make REQUIRED)
+endif()
+
+if(VCPKG_TARGET_IS_WINDOWS)
+    # see ${SOURCE_PATH}/NOTES-WINDOWS.md
+    vcpkg_find_acquire_program(NASM)
+    get_filename_component(NASM_EXE_PATH "${NASM}" PATH)
+    vcpkg_add_to_path(PREPEND "${NASM_EXE_PATH}")
+    # note: jom is not for `vcpkg_add_to_path`
+    vcpkg_find_acquire_program(JOM)
+
+elseif(VCPKG_TARGET_IS_ANDROID)
+    # see ${SOURCE_PATH}/NOTES-ANDROID.md
+    if(NOT DEFINED ENV{ANDROID_NDK_ROOT} AND DEFINED ENV{ANDROID_NDK_HOME})
+        set(ENV{ANDROID_NDK_ROOT} $ENV{ANDROID_NDK_HOME})
+    endif()
+    if(NOT DEFINED ENV{ANDROID_NDK_ROOT})
+        message(FATAL_ERROR "ENV{ANDROID_NDK_ROOT} is required by ${SOURCE_PATH}/Configurations/15-android.conf")
+    endif()
+    if(VCPKG_HOST_IS_LINUX)
+        set(NDK_HOST_TAG "linux-x86_64")
+    elseif(VCPKG_HOST_IS_OSX)
+        set(NDK_HOST_TAG "darwin-x86_64")
+    elseif(VCPKG_HOST_IS_WINDOWS)
+        set(NDK_HOST_TAG "windows-x86_64")
+    else()
+        message(FATAL_ERROR "Unknown NDK host platform")
+    endif()
+    get_filename_component(NDK_TOOL_PATH "$ENV{ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/${NDK_HOST_TAG}/bin" ABSOLUTE)
+    vcpkg_add_to_path(PREPEND "${NDK_TOOL_PATH}")
+
+endif()
+
+# Configure / Install
+# note: we need a PERL so can't use `vcpkg_configure_make` directly...
+message(STATUS "Configuring ${TARGET_TRIPLET}-dbg")
+vcpkg_execute_required_process(
+    COMMAND ${PERL} Configure ${OPENSSL_SHARED} ${CONFIGURE_OPTIONS}
+                ${PLATFORM} "--prefix=${CURRENT_PACKAGES_DIR}/debug"
+    WORKING_DIRECTORY "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg"
+    LOGNAME configure-perl-${TARGET_TRIPLET}-dbg
+)
+message(STATUS "Configuring ${TARGET_TRIPLET}-rel")
+vcpkg_execute_required_process(
+    COMMAND ${PERL} Configure ${OPENSSL_SHARED} ${CONFIGURE_OPTIONS}
+                ${PLATFORM} "--prefix=${CURRENT_PACKAGES_DIR}"
+    WORKING_DIRECTORY "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel"
+    LOGNAME configure-perl-${TARGET_TRIPLET}-rel
+)
+
+if(VCPKG_TARGET_IS_UWP OR VCPKG_TARGET_IS_WINDOWS)
+    message(STATUS "Building ${TARGET_TRIPLET}-dbg")
+    vcpkg_execute_required_process(
+        COMMAND ${JOM} /K /J ${VCPKG_CONCURRENCY} /F makefile install_dev install_runtime
+        WORKING_DIRECTORY "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg"
+        LOGNAME install-${TARGET_TRIPLET}-dbg
+    )
+    message(STATUS "Building ${TARGET_TRIPLET}-rel")
+    vcpkg_execute_required_process(
+        COMMAND ${JOM} /K /J ${VCPKG_CONCURRENCY} /F makefile install_dev install_runtime
+        WORKING_DIRECTORY "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel"
+        LOGNAME install-${TARGET_TRIPLET}-rel
+    )
+    vcpkg_copy_pdbs()
+
+else()
+    message(STATUS "Building ${TARGET_TRIPLET}-dbg")
+    vcpkg_execute_required_process(
+        COMMAND ${MAKE} -j ${VCPKG_CONCURRENCY} install_dev install_runtime
+        WORKING_DIRECTORY "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg"
+        LOGNAME install-${TARGET_TRIPLET}-dbg
+    )
+    message(STATUS "Building ${TARGET_TRIPLET}-rel")
+    vcpkg_execute_required_process(
+        COMMAND ${MAKE} -j ${VCPKG_CONCURRENCY} install_dev install_runtime
+        WORKING_DIRECTORY "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel"
+        LOGNAME install-${TARGET_TRIPLET}-rel
+    )
+    if(VCPKG_TARGET_IS_ANDROID AND VCPKG_LIBRARY_LINKAGE STREQUAL "dynamic")
+        # install_dev copies symbolic link. overwrite them with the actual shared objects
+        file(INSTALL "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/libcrypto.so"
+                     "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg/libssl.so"
+             DESTINATION "${CURRENT_PACKAGES_DIR}/debug/lib"
+        )
+        file(INSTALL "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/libcrypto.so"
+                     "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/libssl.so"
+             DESTINATION "${CURRENT_PACKAGES_DIR}/lib"
+        )
+    endif()
+    # rename lib64 to lib for lib/pkgconfig
+    if(EXISTS "${CURRENT_PACKAGES_DIR}/debug/lib64")
+        file(RENAME "${CURRENT_PACKAGES_DIR}/debug/lib64" "${CURRENT_PACKAGES_DIR}/debug/lib")
+    endif()
+    if(EXISTS "${CURRENT_PACKAGES_DIR}/lib64")
+        file(RENAME "${CURRENT_PACKAGES_DIR}/lib64" "${CURRENT_PACKAGES_DIR}/lib")
+    endif()
+    vcpkg_fixup_pkgconfig()
+
+endif()
+
+if(VCPKG_TARGET_IS_WINDOWS)
+    file(MAKE_DIRECTORY "${CURRENT_PACKAGES_DIR}/tools/openssl/")
+    file(RENAME "${CURRENT_PACKAGES_DIR}/bin/openssl.exe" "${CURRENT_PACKAGES_DIR}/tools/openssl/openssl.exe")
+
+    file(REMOVE
+        "${CURRENT_PACKAGES_DIR}/debug/bin/openssl.exe"
+    )
+endif()
+
+vcpkg_copy_tool_dependencies("${CURRENT_PACKAGES_DIR}/tools/openssl")
+
+if(VCPKG_LIBRARY_LINKAGE STREQUAL "dynamic")
+    file(REMOVE "${CURRENT_PACKAGES_DIR}/debug/lib/libcrypto.a"
+                "${CURRENT_PACKAGES_DIR}/debug/lib/libssl.a"
+                "${CURRENT_PACKAGES_DIR}/lib/libcrypto.a"
+                "${CURRENT_PACKAGES_DIR}/lib/libssl.a"
+    )
+else()
+    file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/bin"
+                        "${CURRENT_PACKAGES_DIR}/bin"
+    )
+    if(VCPKG_TARGET_IS_WINDOWS)
+        file(REMOVE "${CURRENT_PACKAGES_DIR}/debug/lib/ossl_static.pdb"
+                    "${CURRENT_PACKAGES_DIR}/lib/ossl_static.pdb"
+        )
+    endif()
+endif()
+file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/include")
+
+file(INSTALL     "${SOURCE_PATH}/LICENSE.txt"
+     DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}" RENAME "copyright"
+)
+file(INSTALL     "${CURRENT_PORT_DIR}/usage"
+     DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}"
+)
diff --git a/contrib/vcpkg-ports/openssl3/usage b/contrib/vcpkg-ports/openssl3/usage
new file mode 100644
index 00000000..1f4298f7
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl3/usage
@@ -0,0 +1,11 @@
+The package openssl3 can be imported via CMake FindOpenSSL module:
+
+    find_package(OpenSSL REQUIRED)
+    target_link_libraries(main PRIVATE OpenSSL::SSL OpenSSL::Crypto)
+
+Also, FindPkgConfig module can be used if pkg-config(.pc) files are installed:
+
+    find_package(PkgConfig REQUIRED)
+    pkg_check_modules(openssl REQUIRED IMPORTED_TARGET GLOBAL openssl>=3.0)
+    
+    target_link_libraries(main PRIVATE PkgConfig::openssl)
diff --git a/contrib/vcpkg-ports/openssl3/vcpkg.json b/contrib/vcpkg-ports/openssl3/vcpkg.json
new file mode 100644
index 00000000..93db84b9
--- /dev/null
+++ b/contrib/vcpkg-ports/openssl3/vcpkg.json
@@ -0,0 +1,7 @@
+{
+  "name": "openssl3",
+  "version-semver": "3.0.1",
+  "description": "TLS/SSL and crypto library",
+  "homepage": "https://www.openssl.org/",
+  "license": "Apache-2.0"
+}
diff --git a/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake b/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake
index 532aa69b..0723344e 100644
--- a/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake
+++ b/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake
@@ -23,7 +23,7 @@ vcpkg_build_nmake(
     PROJECT_NAME Makefile.w32-vc
     OPTIONS
         OPENSSL=1
-        OPENSSL_HOME=${CURRENT_PACKAGES_DIR}/../openssl_${TARGET_TRIPLET}
+        OPENSSL_HOME=${CURRENT_PACKAGES_DIR}/../openssl3_${TARGET_TRIPLET}
 )
 
 file(INSTALL ${SOURCE_PATH}/include/pkcs11-helper-1.0 DESTINATION ${CURRENT_PACKAGES_DIR}/include/)