Skip to content

Commit 87d8f96

Browse files
committed
HSM: code factorization, wrap setup of the engine
Let's wrap the setup of the OpenSSL engine: it does add any features neither fix any behaviour from the previous commits. Suggested-by: Jakub Zelenka <bukka@php.net>
1 parent 107ae56 commit 87d8f96

File tree

1 file changed

+42
-46
lines changed

1 file changed

+42
-46
lines changed

ext/openssl/openssl.c

Lines changed: 42 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -933,6 +933,44 @@ static void php_openssl_dispose_config(struct php_x509_request * req) /* {{{ */
933933
}
934934
/* }}} */
935935

936+
static ENGINE *php_openssl_make_pkcs11_engine(const bool warn) /* {{{ */
937+
{
938+
char *verbose = NULL;
939+
ENGINE *engine;
940+
941+
engine = ENGINE_by_id("pkcs11");
942+
if (engine == NULL) {
943+
if (warn)
944+
php_error_docref(NULL, E_WARNING, "Cannot load PKCS11 engine");
945+
php_openssl_store_errors();
946+
return NULL;
947+
}
948+
verbose = getenv("OPENSSL_ENGINE_VERBOSE");
949+
if (verbose) {
950+
if (!ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0)) {
951+
ENGINE_free(engine);
952+
php_openssl_store_errors();
953+
return NULL;
954+
}
955+
} else {
956+
if (!ENGINE_ctrl_cmd_string(engine, "QUIET", NULL, 0)) {
957+
ENGINE_free(engine);
958+
php_openssl_store_errors();
959+
return NULL;
960+
}
961+
}
962+
if (!ENGINE_init(engine)) {
963+
ENGINE_free(engine);
964+
if (warn)
965+
php_error_docref(NULL, E_WARNING, "Cannot init PKCS11 engine");
966+
php_openssl_store_errors();
967+
return NULL;
968+
}
969+
970+
return engine;
971+
}
972+
/* }}} */
973+
936974
#if defined(PHP_WIN32) || PHP_OPENSSL_API_VERSION >= 0x10100
937975
#define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0)
938976
#else
@@ -1400,8 +1438,7 @@ X509 *php_openssl_x509_from_str(zend_string *cert_str) {
14001438
}
14011439
cert = PEM_read_bio_X509(in, NULL, NULL, NULL);
14021440
} else if (ZSTR_LEN(cert_str) > 7 && memcmp(ZSTR_VAL(cert_str), "pkcs11:", sizeof("pkcs11:") - 1) == 0) {
1403-
char *verbose = NULL;
1404-
ENGINE *engine;
1441+
ENGINE *engine = php_openssl_make_pkcs11_engine(true);
14051442
struct {
14061443
const char *s_slot_cert_id;
14071444
X509 *cert;
@@ -1411,30 +1448,9 @@ X509 *php_openssl_x509_from_str(zend_string *cert_str) {
14111448
};
14121449
int force_login = 0;
14131450

1414-
engine = ENGINE_by_id("pkcs11");
1415-
if (engine == NULL) {
1416-
php_openssl_store_errors();
1417-
return NULL;
1418-
}
1419-
verbose = getenv("OPENSSL_ENGINE_VERBOSE");
1420-
if (verbose) {
1421-
if (!ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0)) {
1422-
ENGINE_free(engine);
1423-
php_openssl_store_errors();
1424-
return NULL;
1425-
}
1426-
} else {
1427-
if (!ENGINE_ctrl_cmd_string(engine, "QUIET", NULL, 0)) {
1428-
ENGINE_free(engine);
1429-
php_openssl_store_errors();
1430-
return NULL;
1431-
}
1432-
}
1433-
if (!ENGINE_init(engine)) {
1434-
ENGINE_free(engine);
1435-
php_openssl_store_errors();
1451+
if (!engine)
14361452
return NULL;
1437-
}
1453+
14381454
if (!ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, &parms, NULL, force_login)) {
14391455
ENGINE_free(engine);
14401456
php_openssl_store_errors();
@@ -3617,28 +3633,8 @@ EVP_PKEY *php_openssl_pkey_from_zval(zval *val, int public_key, char *passphrase
36173633
}
36183634
}
36193635
if (Z_STRLEN_P(val) > 7 && memcmp(Z_STRVAL_P(val), "pkcs11:", sizeof("pkcs11:") - 1) == 0) {
3620-
char *verbose = NULL;
3621-
engine = ENGINE_by_id("pkcs11");
3636+
engine = php_openssl_make_pkcs11_engine(true);
36223637
if (engine == NULL) {
3623-
php_error_docref(NULL, E_WARNING, "Cannot load PKCS11 engine");
3624-
TMP_CLEAN;
3625-
}
3626-
verbose = getenv("OPENSSL_ENGINE_VERBOSE");
3627-
if (verbose) {
3628-
if (!ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0)) {
3629-
ENGINE_free(engine);
3630-
TMP_CLEAN;
3631-
}
3632-
} else {
3633-
if (!ENGINE_ctrl_cmd_string(engine, "QUIET", NULL, 0)) {
3634-
ENGINE_free(engine);
3635-
TMP_CLEAN;
3636-
}
3637-
}
3638-
if (!ENGINE_init(engine)) {
3639-
ENGINE_free(engine);
3640-
engine = NULL;
3641-
php_error_docref(NULL, E_WARNING, "Cannot init PKCS11 engine");
36423638
TMP_CLEAN;
36433639
}
36443640
}

0 commit comments

Comments
 (0)