diff -rc stunnel-4.04/configure.ac stunnel-4.04.new/configure.ac *** stunnel-4.04/configure.ac Wed Jan 1 12:32:03 2003 --- stunnel-4.04.new/configure.ac Wed Oct 1 14:54:46 2003 *************** *** 83,88 **** --- 83,96 ---- AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE") fi + dnl Use SSL Engine? + AC_MSG_CHECKING([whether to build with OpenSSL engine capability]) + AC_ARG_ENABLE(ssl-engine, + [ --enable-ssl-engine Build with OpenSSL engine capability], + [ AC_MSG_RESULT([yes]); AC_DEFINE(SSL_ENGINE) ], + [ AC_MSG_RESULT([no]) ] + ) + dnl Use RSA? AC_MSG_CHECKING([whether to disable RSA support]) AC_ARG_ENABLE(rsa, diff -rc stunnel-4.04/src/options.c stunnel-4.04.new/src/options.c *** stunnel-4.04/src/options.c Wed Jan 1 14:21:58 2003 --- stunnel-4.04.new/src/options.c Wed Oct 1 14:54:46 2003 *************** *** 443,449 **** log_raw("%-15s = service name", "service"); break; } ! /* session */ switch(cmd) { case CMD_INIT: --- 443,469 ---- log_raw("%-15s = service name", "service"); break; } ! ! #ifdef SSL_ENGINE ! /* OpenSSL Engine */ ! switch(cmd) { ! case CMD_INIT: ! options.hw_engine=NULL; ! break; ! case CMD_EXEC: ! if(strcasecmp(opt, "SSLEngine")) ! break; ! options.hw_engine=stralloc(arg); ! return NULL; /* OK */ ! case CMD_DEFAULT: ! log_raw("%-15s = %s", "SSL engine", "openssl"); ! break; ! case CMD_HELP: ! log_raw("%-15s = OpenSSL Engine to use e.g. aep", "SSLEngine"); ! break; ! } ! #endif ! /* session */ switch(cmd) { case CMD_INIT: diff -rc stunnel-4.04/src/prototypes.h stunnel-4.04.new/src/prototypes.h *** stunnel-4.04/src/prototypes.h Wed Jan 1 14:33:54 2003 --- stunnel-4.04.new/src/prototypes.h Wed Oct 1 14:54:46 2003 *************** *** 101,106 **** --- 101,109 ---- char *rand_file; /* file with random data */ int random_bytes; /* how many random bytes to read */ long session_timeout; + #ifdef SSL_ENGINE + char *hw_engine; + #endif int verify_level; int verify_use_only_my; long ssl_options; diff -rc stunnel-4.04/src/ssl.c stunnel-4.04.new/src/ssl.c *** stunnel-4.04/src/ssl.c Wed Jan 1 14:07:08 2003 --- stunnel-4.04.new/src/ssl.c Wed Oct 1 14:59:07 2003 *************** *** 31,36 **** --- 31,40 ---- #include #endif /* __vms */ + #ifdef SSL_ENGINE + #include "openssl/engine.h" + #endif + #ifndef NO_RSA /* Cache temporary keys up to 2048 bits */ *************** *** 65,77 **** --- 69,138 ---- SSL_CTX *ctx; /* global SSL context */ + #ifdef SSL_ENGINE + static ENGINE *try_load_engine(const char* engine) + { + ENGINE *e = ENGINE_by_id("dynamic"); + if (e){ + if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0) + || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)){ + ENGINE_free(e); + e = NULL; + } + } + return e; + } + + ENGINE* setup_engine() + { + ENGINE *e = NULL; + #if OPENSSL_VERSION_NUMBER > 0x000907000L + ENGINE_load_builtin_engines(); + + if((e = ENGINE_by_id(options.hw_engine)) == NULL + && (e = try_load_engine(options.hw_engine)) == NULL){ + log(LOG_ERR, "Invalid SSL Hardware Engine: %s", options.hw_engine); + return NULL; + } + #else + if((e = ENGINE_by_id(options.hw_engine)) == NULL){ + log(LOG_ERR, "Invalid SSL Hardware Engine: %s", options.hw_engine); + sslerror("Invalid Engine."); + return NULL; + } + #endif + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)){ + log(LOG_ERR, "Problem using specified engine: %s", options.hw_engine); + sslerror("Error using engine."); + return NULL; + } + + return e; + } + #endif + void context_init(void) { /* init SSL */ + #ifdef SSL_ENGINE + ENGINE *e; + #endif int i; if(!init_prng()) log(LOG_INFO, "PRNG seeded successfully"); SSLeay_add_ssl_algorithms(); SSL_load_error_strings(); + + #ifdef SSL_ENGINE + if(options.hw_engine){ + e = setup_engine(); + if(e){ + log(LOG_INFO, "Using SSL Hardware engine: %s", options.hw_engine); + } else { + exit(1); + } + } + #endif + if(options.option.client) { ctx=SSL_CTX_new(SSLv3_client_method()); } else { /* Server mode */