diff -rc stunnel-4.04/configure.ac stunnel-4.04.new/configure.ac *** stunnel-4.04/configure.ac Wed Jan 1 12:32:03 2003 --- stunnel-4.04.new/configure.ac Wed Jun 25 10:24:30 2003 *************** *** 83,88 **** --- 83,96 ---- AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE") fi + dnl Use SSL Engine? + AC_MSG_CHECKING([whether to build with OpenSSL engine capability]) + AC_ARG_ENABLE(ssl-engine, + [ --enable-ssl-engine Build with OpenSSL engine capability], + [ AC_MSG_RESULT([yes]); AC_DEFINE(SSL_ENGINE) ], + [ AC_MSG_RESULT([no]) ] + ) + dnl Use RSA? AC_MSG_CHECKING([whether to disable RSA support]) AC_ARG_ENABLE(rsa, diff -rc stunnel-4.04/src/options.c stunnel-4.04.new/src/options.c *** stunnel-4.04/src/options.c Wed Jan 1 14:21:58 2003 --- stunnel-4.04.new/src/options.c Wed Jun 25 10:24:38 2003 *************** *** 443,449 **** log_raw("%-15s = service name", "service"); break; } ! /* session */ switch(cmd) { case CMD_INIT: --- 443,469 ---- log_raw("%-15s = service name", "service"); break; } ! ! #ifdef SSL_ENGINE ! /* OpenSSL Engine */ ! switch(cmd) { ! case CMD_INIT: ! options.hw_engine=NULL; ! break; ! case CMD_EXEC: ! if(strcasecmp(opt, "SSLEngine")) ! break; ! options.hw_engine=stralloc(arg); ! return NULL; /* OK */ ! case CMD_DEFAULT: ! log_raw("%-15s = %s", "SSL engine", "openssl"); ! break; ! case CMD_HELP: ! log_raw("%-15s = OpenSSL Engine to use e.g. aep", "SSLEngine"); ! break; ! } ! #endif ! /* session */ switch(cmd) { case CMD_INIT: diff -rc stunnel-4.04/src/prototypes.h stunnel-4.04.new/src/prototypes.h *** stunnel-4.04/src/prototypes.h Wed Jan 1 14:33:54 2003 --- stunnel-4.04.new/src/prototypes.h Wed Jun 25 10:24:43 2003 *************** *** 101,106 **** --- 101,109 ---- char *rand_file; /* file with random data */ int random_bytes; /* how many random bytes to read */ long session_timeout; + #ifdef SSL_ENGINE + char *hw_engine; + #endif int verify_level; int verify_use_only_my; long ssl_options; diff -rc stunnel-4.04/src/ssl.c stunnel-4.04.new/src/ssl.c *** stunnel-4.04/src/ssl.c Wed Jan 1 14:07:08 2003 --- stunnel-4.04.new/src/ssl.c Wed Jun 25 10:24:47 2003 *************** *** 31,36 **** --- 31,40 ---- #include #endif /* __vms */ + #ifdef SSL_ENGINE + #include "openssl/engine.h" + #endif + #ifndef NO_RSA /* Cache temporary keys up to 2048 bits */ *************** *** 66,77 **** --- 70,103 ---- SSL_CTX *ctx; /* global SSL context */ void context_init(void) { /* init SSL */ + #ifdef SSL_ENGINE + ENGINE *e; + #endif int i; if(!init_prng()) log(LOG_INFO, "PRNG seeded successfully"); SSLeay_add_ssl_algorithms(); SSL_load_error_strings(); + + #ifdef SSL_ENGINE + if(options.hw_engine){ + if((e = ENGINE_by_id(options.hw_engine)) == NULL){ + log(LOG_ERR, "Invalid SSL Hardware Engine: %s", options.hw_engine); + sslerror("Invalid Engine."); + exit(1); + } + + if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)){ + log(LOG_ERR, "Problem using specified engine: %s", options.hw_engine); + sslerror("Error using Engine."); + exit(1); + } + + log(LOG_INFO, "Using SSL Hardware Engine: %s", options.hw_engine); + } + #endif + if(options.option.client) { ctx=SSL_CTX_new(SSLv3_client_method()); } else { /* Server mode */