HSM: openssl_x509_read() get from URI

Let's read a certificate from a URI.

Author: vjardin

ext/openssl/openssl.c

@@ -1386,7 +1386,7 @@ PHP_FUNCTION(openssl_get_cert_locations)
 
 static X509 *php_openssl_x509_from_str(zend_string *cert_str) {
 	X509 *cert = NULL;
-	BIO *in;
+	BIO *in = NULL;
 
 	if (ZSTR_LEN(cert_str) > 7 && memcmp(ZSTR_VAL(cert_str), "file://", sizeof("file://") - 1) == 0) {
 		if (php_openssl_open_base_dir_chk(ZSTR_VAL(cert_str) + (sizeof("file://") - 1))) {
@@ -1399,6 +1399,48 @@ static X509 *php_openssl_x509_from_str(zend_string *cert_str) {
 			return NULL;
 		}
 		cert = PEM_read_bio_X509(in, NULL, NULL, NULL);
+	} else if (ZSTR_LEN(cert_str) > 7 && memcmp(ZSTR_VAL(cert_str), "pkcs11:", sizeof("pkcs11:") - 1) == 0) {
+		char *verbose = NULL;
+		ENGINE *engine;
+	        struct {
+			const char *s_slot_cert_id;
+			X509 *cert;
+		} parms = {
+			.s_slot_cert_id = ZSTR_VAL(cert_str),
+			.cert = NULL,
+		};
+		int force_login = 0;
+
+		engine = ENGINE_by_id("pkcs11");
+		if (engine == NULL) {
+			php_openssl_store_errors();
+			return NULL;
+		}
+		verbose = getenv("OPENSSL_ENGINE_VERBOSE");
+		if (verbose) {
+			if (!ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0)) {
+				ENGINE_free(engine);
+				php_openssl_store_errors();
+				return NULL;
+			}
+		}
+		if (!ENGINE_init(engine)) {
+			ENGINE_free(engine);
+			php_openssl_store_errors();
+			return NULL;
+		}
+		if (!ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, &parms, NULL, force_login)) {
+			ENGINE_free(engine);
+			php_openssl_store_errors();
+			return NULL;
+		}
+		ENGINE_free(engine);
+		ENGINE_finish(engine);
+		if (parms.cert == NULL) {
+			php_openssl_store_errors();
+			return NULL;
+		}
+		cert = parms.cert;
 	} else {
 		in = BIO_new_mem_buf(ZSTR_VAL(cert_str), (int) ZSTR_LEN(cert_str));
 		if (in == NULL) {
@@ -1412,7 +1454,7 @@ static X509 *php_openssl_x509_from_str(zend_string *cert_str) {
 #endif
 	}
 
-	if (!BIO_free(in)) {
+	if (in && !BIO_free(in)) {
 		php_openssl_store_errors();
 	}