HSM: RFC7512 URI support for pkey

When a URI based on the RFC7512 is used, the private key should be loaded
from the engine instead of using a local file.

Suggested-by: Jakub Zelenka <bukka@php.net>
It would be better to add this to php_openssl_pkey_from_zval so it's available
for other functions and it can also support ENGINE_load_public_key based on
public_key argument. Then the val received from local_pk could be passed to
php_openssl_pkey_from_zval. It will still require to keep
VCWD_REALPATH(private_key, resolved_path_buff_pk) check before that as
php_openssl_pkey_from_zval supports a file:// prefix only for path and
otherwise it thinks that it's a PEM string. Think that this would be useful
as it would add support for pkey objects as well.

Author: vjardin

ext/openssl/xp_ssl.c

@@ -949,14 +949,20 @@ static int php_openssl_set_local_cert(SSL_CTX *ctx, php_stream *stream) /* {{{ *
 				return FAILURE;
 			}
 			GET_VER_OPT_STRING("local_pk", private_key);
-
 			if (private_key) {
 				char resolved_path_buff_pk[MAXPATHLEN];
 				if (VCWD_REALPATH(private_key, resolved_path_buff_pk)) {
 					if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff_pk, SSL_FILETYPE_PEM) != 1) {
 						php_error_docref(NULL, E_WARNING, "Unable to set private key file `%s'", resolved_path_buff_pk);
 						return FAILURE;
 					}
+				} else if (GET_VER_OPT("local_pk")) /* fill val with local_pk if any */ {
+					EVP_PKEY *pkey = php_openssl_pkey_from_zval(val /* local_pk */, 0/* not public */, NULL, 0);
+					if (SSL_CTX_use_PrivateKey(ctx, pkey) != 1) {
+						EVP_PKEY_free(pkey);
+						php_error_docref(NULL, E_WARNING, "Unable to set private key `%s'", private_key);
+						return FAILURE;
+					}
 				}
 			} else {
 				if (SSL_CTX_use_PrivateKey_file(ctx, resolved_path_buff, SSL_FILETYPE_PEM) != 1) {