HSM: code factorization, wrap setup of the engine

vjardin · vjardin · commit 87d8f961c299 · 2021-05-07T23:54:38.000Z
Let's wrap the setup of the OpenSSL engine: it does add any features
neither fix any behaviour from the previous commits.

Suggested-by: Jakub Zelenka &lt;bukka@php.net&gt;
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -933,6 +933,44 @@ static void php_openssl_dispose_config(struct php_x509_request * req) /* {{{ */
 }
 /* }}} */
 
+static ENGINE *php_openssl_make_pkcs11_engine(const bool warn) /* {{{ */
+{
+	char *verbose = NULL;
+	ENGINE *engine;
+
+	engine = ENGINE_by_id("pkcs11");
+	if (engine == NULL) {
+		if (warn)
+			php_error_docref(NULL, E_WARNING, "Cannot load PKCS11 engine");
+		php_openssl_store_errors();
+		return NULL;
+	}
+	verbose = getenv("OPENSSL_ENGINE_VERBOSE");
+	if (verbose) {
+		if (!ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0)) {
+			ENGINE_free(engine);
+			php_openssl_store_errors();
+			return NULL;
+		}
+	} else {
+		if (!ENGINE_ctrl_cmd_string(engine, "QUIET", NULL, 0)) {
+			ENGINE_free(engine);
+			php_openssl_store_errors();
+			return NULL;
+		}
+	}
+	if (!ENGINE_init(engine)) {
+		ENGINE_free(engine);
+		if (warn)
+			php_error_docref(NULL, E_WARNING, "Cannot init PKCS11 engine");
+		php_openssl_store_errors();
+		return NULL;
+	}
+
+	return engine;
+}
+/* }}} */
+
 #if defined(PHP_WIN32) || PHP_OPENSSL_API_VERSION >= 0x10100
 #define PHP_OPENSSL_RAND_ADD_TIME() ((void) 0)
 #else
@@ -1400,8 +1438,7 @@ X509 *php_openssl_x509_from_str(zend_string *cert_str) {
 		}
 		cert = PEM_read_bio_X509(in, NULL, NULL, NULL);
 	} else if (ZSTR_LEN(cert_str) > 7 && memcmp(ZSTR_VAL(cert_str), "pkcs11:", sizeof("pkcs11:") - 1) == 0) {
-		char *verbose = NULL;
-		ENGINE *engine;
+		ENGINE *engine = php_openssl_make_pkcs11_engine(true);
 	        struct {
 			const char *s_slot_cert_id;
 			X509 *cert;
@@ -1411,30 +1448,9 @@ X509 *php_openssl_x509_from_str(zend_string *cert_str) {
 		};
 		int force_login = 0;
 
-		engine = ENGINE_by_id("pkcs11");
-		if (engine == NULL) {
-			php_openssl_store_errors();
-			return NULL;
-		}
-		verbose = getenv("OPENSSL_ENGINE_VERBOSE");
-		if (verbose) {
-			if (!ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0)) {
-				ENGINE_free(engine);
-				php_openssl_store_errors();
-				return NULL;
-			}
-		} else {
-			if (!ENGINE_ctrl_cmd_string(engine, "QUIET", NULL, 0)) {
-				ENGINE_free(engine);
-				php_openssl_store_errors();
-				return NULL;
-			}
-		}
-		if (!ENGINE_init(engine)) {
-			ENGINE_free(engine);
-			php_openssl_store_errors();
+		if (!engine)
 			return NULL;
-		}
+
 		if (!ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, &parms, NULL, force_login)) {
 			ENGINE_free(engine);
 			php_openssl_store_errors();
@@ -3617,28 +3633,8 @@ EVP_PKEY *php_openssl_pkey_from_zval(zval *val, int public_key, char *passphrase
 			}
 		}
 		if (Z_STRLEN_P(val) > 7 && memcmp(Z_STRVAL_P(val), "pkcs11:", sizeof("pkcs11:") - 1) == 0) {
-			char *verbose = NULL;
-			engine = ENGINE_by_id("pkcs11");
+			engine = php_openssl_make_pkcs11_engine(true);
 			if (engine == NULL) {
-				php_error_docref(NULL, E_WARNING, "Cannot load PKCS11 engine");
-				TMP_CLEAN;
-			}
-			verbose = getenv("OPENSSL_ENGINE_VERBOSE");
-			if (verbose) {
-				if (!ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0)) {
-					ENGINE_free(engine);
-					TMP_CLEAN;
-				}
-			} else {
-				if (!ENGINE_ctrl_cmd_string(engine, "QUIET", NULL, 0)) {
-					ENGINE_free(engine);
-					TMP_CLEAN;
-				}
-			}
-			if (!ENGINE_init(engine)) {
-				ENGINE_free(engine);
-				engine = NULL;
-				php_error_docref(NULL, E_WARNING, "Cannot init PKCS11 engine");
 				TMP_CLEAN;
 			}
 		}
