From fabdb6c29022846ed10fde235db0a7c53f21a6b1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 20 Feb 2006 20:17:35 +1100 Subject: [PATCH] - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}] Add optional enabling of OpenSSL's (hardware) Engine support, via configure --with-ssl-engine. Based in part on a diff by michal at logix.cz. --- ChangeLog | 8 +++++++- INSTALL | 4 +++- configure.ac | 22 ++++++++++++++++++++-- openbsd-compat/openssl-compat.c | 20 ++++++++++++++++++-- openbsd-compat/openssl-compat.h | 15 ++++++++------- 5 files changed, 56 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 67369376f..2c0bd1e9d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20060220 + - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}] + Add optional enabling of OpenSSL's (hardware) Engine support, via + configure --with-ssl-engine. Based in part on a diff by michal at + logix.cz. + 20060219 - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/] Add first attempt at regress tests for compat library. ok djm@ @@ -3863,4 +3869,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4130 2006/02/19 11:50:20 dtucker Exp $ +$Id: ChangeLog,v 1.4131 2006/02/20 09:17:35 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 753d2d061..38f39473f 100644 --- a/INSTALL +++ b/INSTALL @@ -165,6 +165,8 @@ created. --with-ssl-dir=DIR allows you to specify where your OpenSSL libraries are installed. +--with-ssl-engine enables OpenSSL's (hardware) ENGINE support + --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to real (AF_INET) IPv4 addresses. Works around some quirks on Linux. @@ -225,4 +227,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $ +$Id: INSTALL,v 1.71 2006/02/20 09:17:36 dtucker Exp $ diff --git a/configure.ac b/configure.ac index c4feaf752..eb24fa00e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.330 2006/02/19 11:50:20 dtucker Exp $ +# $Id: configure.ac,v 1.331 2006/02/20 09:17:36 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.330 $) +AC_REVISION($Revision: 1.331 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -1834,6 +1834,24 @@ Also see contrib/findssl.sh for help identifying header/library mismatches.]) ] ) +AC_ARG_WITH(ssl-engine, + [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], + [ if test "x$withval" != "xno" ; then + AC_MSG_CHECKING(for OpenSSL ENGINE support) + AC_TRY_COMPILE( + [ #include ], + [ +int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();} + ], + [ AC_MSG_RESULT(yes) + AC_DEFINE(USE_OPENSSL_ENGINE, 1, + [Enable OpenSSL engine support]) + ], + [ AC_MSG_ERROR(OpenSSL ENGINE support not found)] + ) + fi ] +) + # Check for OpenSSL without EVP_aes_{192,256}_cbc AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) AC_COMPILE_IFELSE( diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index b690e8fe6..763f84734 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.2 2005/06/17 11:15:21 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.3 2006/02/20 09:17:36 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -18,7 +18,11 @@ #include "includes.h" -#define SSH_DONT_REDEF_EVP +#ifdef USE_OPENSSL_ENGINE +# include +#endif + +#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS #include "openssl-compat.h" #ifdef SSH_OLD_EVP @@ -44,3 +48,15 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) return 1; } #endif + +void +ssh_SSLeay_add_all_algorithms(void) +{ + SSLeay_add_all_algorithms(); + +#ifdef USE_OPENSSL_ENGINE + /* Enable use of crypto hardware */ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); +#endif +} diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index 8a015ec43..1196d71ea 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.3 2005/12/19 06:40:40 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.4 2006/02/20 09:17:36 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -54,21 +54,22 @@ extern const EVP_CIPHER *evp_acss(void); * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and * implement the ssh_* equivalents. */ -#ifdef SSH_OLD_EVP - -# ifndef SSH_DONT_REDEF_EVP +#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS +# ifdef SSH_OLD_EVP # ifdef EVP_Cipher # undef EVP_Cipher # endif - # define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e)) # define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d)) # define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a)) -# endif +# endif /* SSH_OLD_EVP */ + +# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms() +void ssh_SSLeay_add_all_algorithms(void); int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, unsigned char *, int); int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); -#endif +#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */