HSM: openssl_pkey_get_public(URI) support

Add RFC7512 URIs with openssl_pkey_get_public()

Author: vjardin

ext/openssl/openssl.c

@@ -3550,6 +3550,8 @@ static EVP_PKEY *php_openssl_pkey_from_zval(zval *val, int public_key, char *pas
 	} else if (Z_TYPE_P(val) == IS_OBJECT && Z_OBJCE_P(val) == php_openssl_certificate_ce) {
 		cert = php_openssl_certificate_from_obj(Z_OBJ_P(val))->x509;
 	} else {
+		ENGINE *engine = NULL;
+
 		/* force it to be a string and check if it refers to a file */
 		/* passing non string values leaks, object uses toString, it returns NULL
 		 * See bug38255.phpt
@@ -3567,13 +3569,42 @@ static EVP_PKEY *php_openssl_pkey_from_zval(zval *val, int public_key, char *pas
 				TMP_CLEAN;
 			}
 		}
+		if (Z_STRLEN_P(val) > 7 && memcmp(Z_STRVAL_P(val), "pkcs11:", sizeof("pkcs11:") - 1) == 0) {
+			char *verbose = NULL;
+			engine = ENGINE_by_id("pkcs11");
+			if (engine == NULL) {
+				php_error_docref(NULL, E_WARNING, "Cannot load PKCS11 engine");
+				TMP_CLEAN;
+			}
+			verbose = getenv("OPENSSL_ENGINE_VERBOSE");
+			if (verbose) {
+				if (!ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0)) {
+					ENGINE_free(engine);
+					TMP_CLEAN;
+				}
+			}
+			if (!ENGINE_init(engine)) {
+				ENGINE_free(engine);
+				engine = NULL;
+				php_error_docref(NULL, E_WARNING, "Cannot init PKCS11 engine");
+				TMP_CLEAN;
+			}
+		}
 		/* it's an X509 file/cert of some kind, and we need to extract the data from that */
 		if (public_key) {
-			cert = php_openssl_x509_from_str(Z_STR_P(val));
+			if (engine) {
+				key = ENGINE_load_public_key(engine, Z_STRVAL_P(val), NULL, NULL);
+				ENGINE_free(engine);
+				ENGINE_finish(engine);
+				engine = NULL;
+			}
+			/* val could be a certificate (file, pkcs11:, etc., let's try to extract the key */
+			if (!key)
+				cert = php_openssl_x509_from_str(Z_STR_P(val));
 
 			if (cert) {
 				free_cert = 1;
-			} else {
+			} else if (!key) {
 				/* not a X509 certificate, try to retrieve public key */
 				BIO* in;
 				if (filename) {