Add win32 OpenSSL binaries, update build

New build script changes to handle win32/win64 openssl binaries.
There's more to do here with copying out the README files and such, but
this should be a good working start.

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>

build/build-dist.sh

@@ -19,7 +19,7 @@ build-dist options:
  --dist-root=X	set DIST_ROOT, default=dist-staging
  --src-root=X	set SRC_ROOT for git src dir, default=.
  --bin-dest=X	set BIN_DEST where to put tar/zip, default=.
- --no-windows	do not build for win32
+ --no-windows	do not build for Windows
  --no-unix	do not build for UNIX
  --no-compress  do not create zip/tar
 
@@ -87,47 +87,52 @@ stage_unix() {
 }
 
 stage_win() {
-	# make our windows stage if it doesn't exist
-	mkdir -p "$DIST_ROOT/windows/$PV"
+	for win in win32 win64;
+	do
+		# make our windows stage if it doesn't exist
+		mkdir -p "$DIST_ROOT/$win/$PV"
 	
-	# make doc dir
-	mkdir -p "$DIST_ROOT/windows/$PV/doc"
+		# make doc dir
+		mkdir -p "$DIST_ROOT/$win/$PV/doc"
 
-	for f in doc/*.md README.md README.quickstart.md COPYING.md;
-	do
-		# FreeBSD does not accept -i without argument in a way also acceptable by GNU sed
-		sed -i.tmp -e "s/~~~/$VERSION/" "$SRC_ROOT/$f" || die "Cannot update easyrsa version"
-		rm -f "$SRC_ROOT/$f.tmp"
-		python -m markdown "$SRC_ROOT/$f" > "$DIST_ROOT/windows/$PV/${f%.md}.html" || die "Failed to convert markdown to HTML"
-	done
+		for f in doc/*.md README.md README.quickstart.md COPYING.md;
+		do
+			# FreeBSD does not accept -i without argument in a way also acceptable by GNU sed
+			sed -i.tmp -e "s/~~~/$VERSION/" "$SRC_ROOT/$f" || die "Cannot update easyrsa version"
+			rm -f "$SRC_ROOT/$f.tmp"
+			python -m markdown "$SRC_ROOT/$f" > "$DIST_ROOT/$win/$PV/${f%.md}.html" || die "Failed to convert markdown to HTML"
+		done
 	
-	# Copy files into $PV, starting with easyrsa3 as the initial root dir
-	src_files="easyrsa3/. ChangeLog COPYING.md Licensing distro/windows/Licensing distro/windows/bin"
-	for f in $src_files
-	do
-		cp -R "$SRC_ROOT/$f" "$DIST_ROOT/windows/$PV/" || die "failed to copy $f"
+		# Copy files into $PV, starting with easyrsa3 as the initial root dir
+		src_files="easyrsa3/. ChangeLog COPYING.md Licensing distro/windows/Licensing distro/windows/bin distro/windows/$win/lib* distro/windows/$win/openssl.exe"
+		for f in $src_files
+		do
+			cp -R "$SRC_ROOT/$f" "$DIST_ROOT/$win/$PV/" || die "failed to copy $f"
+		done
+		
+		src_files="README-Windows.txt EasyRSA-Start.bat"
+		for f in $src_files
+		do
+			cp -R "$SRC_ROOT/distro/windows/$f" "$DIST_ROOT/$win/$PV/" || die "failed to copy $f"
+			unix2dos "$DIST_ROOT/$win/$PV/$f" || die "unix2dos conversion failed for $f"
+		done
+		
+		# files not included
+		rm -rf "$DIST_ROOT/$win/$PV/doc/TODO" || die "failed rm TODO"
 	done
-	
-	src_files="README-Windows.txt EasyRSA-Start.bat"
-	for f in $src_files
-	do
-		cp -R "$SRC_ROOT/distro/windows/$f" "$DIST_ROOT/windows/$PV/" || die "failed to copy $f"
-		unix2dos "$DIST_ROOT/windows/$PV/$f" || die "unix2dos conversion failed for $f"
-	done
-	
-	# files not included
-	rm -rf "$DIST_ROOT/windows/$PV/doc/TODO" || die "failed rm TODO"
-
 }
 
 make_tar() {
-	(cd "$DIST_ROOT/unix/"; tar -czf "$BIN_DEST/${PV}.tgz" "$PV") || die "tar failed"
-	note "tarball created at: $BIN_DEST/${PV}.tgz" 
+	(cd "$DIST_ROOT/unix/"; tar -czf "../${PV}.tgz" "$PV") || die "tar failed"
+	note "tarball created at: $DIST_ROOT/${PV}.tgz" 
 }
 
 make_zip() {
-	(cd "$DIST_ROOT/windows/"; zip -qr "$BIN_DEST/${PV}.zip" "$PV") || die "zip failed"
-	note "zip file created at: $BIN_DEST/${PV}.zip" 
+	for win in win32 win64;
+	do
+		(cd "$DIST_ROOT/$win/"; zip -qr "../${PV}-$win.zip" "$PV") || die "zip failed"
+		note "zip file created at: $DIST_ROOT/${PV}-$win.zip" 
+	done
 }
 
 SKIP_WIN=false

distro/windows/README-Windows.txt

@@ -3,8 +3,12 @@ Easy-RSA 3 Windows README
 Easy-RSA 3 runs POSIX shell code, so use on Windows has some additional
 requirements: an OpenSSL installation, and a usable shell environment.
 
-If you don't have OpenSSL, you'll need to install an OpenSSL package (see
-section 1.) The Easy-RSA Windows release includes a ready-to-use shell
+The Windows packages of EasyRSA 3.0.7+ include an OpenSSL binary and 
+libraries that will be used by default.  If you want to use a system binary
+instead, remove the openssl.exe and the lib*.dll files from the bin
+directory.
+
+The Easy-RSA Windows release includes a ready-to-use shell
 environment with special thanks to the mksh/Win32 project.
 
 Contents of this file:
@@ -17,29 +21,7 @@ Contents of this file:
   5. Special Thanks
    5.1: mksh/Win32
 
-1. Obtaining OpenSSL for use with Easy-RSA
-
-   There are a couple of ways to do this:
-   
-  (A) If you are using OpenVPN, the easiest solution is to install the OpenSSL
-  program components and add openvpn to the system PATH; this is offered as an
-  installation option as part of OpenVPN.
-
-  (B) Optionally, install an OpenSSL package, such as from the openssl.org
-  website (see appendix.) In this case it will be required to do one of the
-  following:
-
-    (1) Add the location of openssl.exe to the system PATH
-
-    (2) Define the EASYRSA_OPENSSL env-var to reference the full path to
-    openssl.exe
-
-    (3) Edit the vars file (copy vars.example as a starting point) as instructed
-    in the comments
-
-    NOTE: for options 2 & 3 above, see section 3 below called "Windows Paths"
-
-2. Getting a POSIX shell
+1. Getting a POSIX shell
 
    The binary release of Easy-RSA 3 comes bundled with the mksh/Win32 shell
    environment and a handful of shell utility programs from the unxutils
@@ -66,7 +48,7 @@ Contents of this file:
        Provided this requirement is met, Cygwin can directly run the easyrsa
        script without any special interpreter or startup wrapper.
 
-3. Windows Paths
+2. Windows Paths
 
    The provided mksh/Win32 shell understands Windows paths. However, you MUST
    either:
@@ -83,9 +65,9 @@ Contents of this file:
    section 1 above) but applies to any other paths used in env-vars, the `vars`
    file, or in shell commands such as ls, cd, and so on.
 
-4. Appendix
+3. Appendix
 
- 4.1: Reference Links
+ 3.1: Reference Links
 
    * OpenSSL website:
      https://www.openssl.org
@@ -102,7 +84,7 @@ Contents of this file:
    * UnxUtils project:
      http://sourceforge.net/projects/unxutils
 
- 4.2: License of included components
+ 3.2: License of included components
 
       Text-format copies of these licenses are available in the Licensing/
       directory.
@@ -120,9 +102,9 @@ Contents of this file:
        The full source for this win32 port can be found here:
        http://sourceforge.net/projects/unxutils/
 
-5. Special Thanks
+4. Special Thanks
 
- 5.1: mksh/Win32
+ 4.1: mksh/Win32
 
     A special thanks is in order to the mksh/Win32 project and its primary
     maintainer, Michael Langguth <mksh-w32@gmx.net>. This shell offers featurs

distro/windows/win32/LICENSE

@@ -0,0 +1,125 @@
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a double license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+

distro/windows/win32/readme.txt

@@ -0,0 +1,30 @@
+-----------------------------------------------------------------------
+OpenSSL v1.1.0j Win32 for ICS, http://www.overbyte.be
+-----------------------------------------------------------------------
+
+Built with:
+                  Visual Studio Build Tools 2017
+                  The Netwide Assembler (NASM) v2.11.05
+                  Strawberry Perl v5.20.3.1
+
+Build Commands:
+                  perl configure VC-WIN32-rtt
+                  nmake
+
+Custom configuration file (.conf file at the "Configurations" folder):
+
+## -*- mode: perl; -*-
+## Personal configuration targets
+
+%targets = (
+    "VC-WIN32-rtt" => {
+        inherit_from     => [ "VC-WIN32" ],
+        cflags           => sub{my $v=pop; $v=~ s/\/MD/\/MT/ig; return $v},
+        lflags           => "/nologo /release",
+    },
+	"VC-WIN64A-rtt" => {
+        inherit_from     => [ "VC-WIN64A" ],
+        cflags           => sub{my $v=pop; $v=~ s/\/MD/\/MT/ig; return $v},
+        lflags           => "/nologo /release",
+    },
+);

distro/windows/win64/LICENSE

@@ -0,0 +1,125 @@
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a double license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+

distro/windows/win64/readme.txt

@@ -0,0 +1,30 @@
+-----------------------------------------------------------------------
+OpenSSL v1.1.0j Win64 for ICS, http://www.overbyte.be
+-----------------------------------------------------------------------
+
+Built with:
+                  Visual Studio Build Tools 2017
+                  The Netwide Assembler (NASM) v2.11.05
+                  Strawberry Perl v5.20.3.1
+
+Build Commands:
+                  perl configure VC-WIN64A-rtt
+                  nmake
+
+Custom configuration file (.conf file at the "Configurations" folder):
+
+## -*- mode: perl; -*-
+## Personal configuration targets
+
+%targets = (
+    "VC-WIN32-rtt" => {
+        inherit_from     => [ "VC-WIN32" ],
+        cflags           => sub{my $v=pop; $v=~ s/\/MD/\/MT/ig; return $v},
+        lflags           => "/nologo /release",
+    },
+	"VC-WIN64A-rtt" => {
+        inherit_from     => [ "VC-WIN64A" ],
+        cflags           => sub{my $v=pop; $v=~ s/\/MD/\/MT/ig; return $v},
+        lflags           => "/nologo /release",
+    },
+);