nmake: openssl 1.1.1 support

[lstipakov]

Starting from version 1.1.1, OpenSSL includes routines like RSA_meth_xxx and DSA_meth_xxx. pkcs11-helper includes implementation of those routines. That code is compiled if they're missing from OpenSSL.

nmake build uses pre-generated config-w32-vc.h, which lacks defines which indicate that OpenSSL includes above routines, which causes pkcs11's own implementaion to be compiled. However, pkcs11-helper implementation is not compatible with OpenSSL 1.1.1 - for example, it takes size of opaque struct RSA_METHOD, which has become internal in OpenSSL.

This adds necessary defines to config header used by nmake build so that pkcs11-helper code, which is not compatible with OpenSSL 1.1.1, is not compiled.

Also libeay is changed to libcrypto.

Signed-off-by: Lev Stipakov lev@openvpn.net

[lstipakov]

Hello,

We at OpenVPN are working on making MSVC build system first class citizen. We manage dependencies (OpenSSL etc) with vcpkg and, since official vcpkg repo lacks pkcs11-helper port, we created our own port: https://github.com/lstipakov/openvpn/blob/vcpkg-pkcs11-helper/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake

With above changes we could drop patch from the port which provides openssl 1.1.1 compatibility (https://github.com/lstipakov/openvpn/blob/vcpkg-pkcs11-helper/contrib/vcpkg-ports/pkcs11-helper/0001-nmake-openssl-1.1.1-support.patch).

[alonbl]

Thanks!

BTW: I truly do not understand why using MSVC is better than using standard gcc/clang...

For openvpn, I suggest to remove the pkcs#11 support from core and focus on management interface external private key usage, this will allow you to implement a standalone agent to process the interaction with hardware also at server side.

[lstipakov]

Currently we use mingw for building release binaries. We are working on Windows arm64 support, however mingw cannot do that, so at least arm64 binaries have to be built with msvc.