- (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}]
Add optional enabling of OpenSSL's (hardware) Engine support, via
configure --with-ssl-engine. Based in part on a diff by michal at
logix.cz.
diff --git a/ChangeLog b/ChangeLog
index 6736937..2c0bd1e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20060220
+ - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}]
+ Add optional enabling of OpenSSL's (hardware) Engine support, via
+ configure --with-ssl-engine. Based in part on a diff by michal at
+ logix.cz.
+
20060219
- (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/]
Add first attempt at regress tests for compat library. ok djm@
@@ -3863,4 +3869,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.4130 2006/02/19 11:50:20 dtucker Exp $
+$Id: ChangeLog,v 1.4131 2006/02/20 09:17:35 dtucker Exp $
diff --git a/INSTALL b/INSTALL
index 753d2d0..38f3947 100644
--- a/INSTALL
+++ b/INSTALL
@@ -165,6 +165,8 @@
--with-ssl-dir=DIR allows you to specify where your OpenSSL libraries
are installed.
+--with-ssl-engine enables OpenSSL's (hardware) ENGINE support
+
--with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to
real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
@@ -225,4 +227,4 @@
http://www.openssh.com/
-$Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $
+$Id: INSTALL,v 1.71 2006/02/20 09:17:36 dtucker Exp $
diff --git a/configure.ac b/configure.ac
index c4feaf7..eb24fa0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.330 2006/02/19 11:50:20 dtucker Exp $
+# $Id: configure.ac,v 1.331 2006/02/20 09:17:36 dtucker Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.330 $)
+AC_REVISION($Revision: 1.331 $)
AC_CONFIG_SRCDIR([ssh.c])
AC_CONFIG_HEADER(config.h)
@@ -1834,6 +1834,24 @@
]
)
+AC_ARG_WITH(ssl-engine,
+ [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
+ [ if test "x$withval" != "xno" ; then
+ AC_MSG_CHECKING(for OpenSSL ENGINE support)
+ AC_TRY_COMPILE(
+ [ #include <openssl/engine.h>],
+ [
+int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
+ ],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(USE_OPENSSL_ENGINE, 1,
+ [Enable OpenSSL engine support])
+ ],
+ [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
+ )
+ fi ]
+)
+
# Check for OpenSSL without EVP_aes_{192,256}_cbc
AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
AC_COMPILE_IFELSE(
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index b690e8f..763f847 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.2 2005/06/17 11:15:21 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.3 2006/02/20 09:17:36 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -18,7 +18,11 @@
#include "includes.h"
-#define SSH_DONT_REDEF_EVP
+#ifdef USE_OPENSSL_ENGINE
+# include <openssl/engine.h>
+#endif
+
+#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
#include "openssl-compat.h"
#ifdef SSH_OLD_EVP
@@ -44,3 +48,15 @@
return 1;
}
#endif
+
+void
+ssh_SSLeay_add_all_algorithms(void)
+{
+ SSLeay_add_all_algorithms();
+
+#ifdef USE_OPENSSL_ENGINE
+ /* Enable use of crypto hardware */
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+#endif
+}
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index 8a015ec..1196d71 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.3 2005/12/19 06:40:40 dtucker Exp $ */
+/* $Id: openssl-compat.h,v 1.4 2006/02/20 09:17:36 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -54,21 +54,22 @@
* define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and
* implement the ssh_* equivalents.
*/
-#ifdef SSH_OLD_EVP
+#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS
-# ifndef SSH_DONT_REDEF_EVP
-
+# ifdef SSH_OLD_EVP
# ifdef EVP_Cipher
# undef EVP_Cipher
# endif
-
# define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e))
# define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d))
# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a))
-# endif
+# endif /* SSH_OLD_EVP */
+
+# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms()
+void ssh_SSLeay_add_all_algorithms(void);
int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
unsigned char *, int);
int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
-#endif
+#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */