[PATCH] SSL: Add ENGINE_init() calls before using engines.

Anderson Sasaki ansasaki at redhat.com
Wed Apr 25 15:52:45 UTC 2018


# HG changeset patch
# User Anderson Toshiyuki Sasaki <ansasaki at redhat.com>
# Date 1524670310 -7200
#      Wed Apr 25 17:31:50 2018 +0200
# Node ID f916a804d526c1acb493c7c4e5c114d947e0eed1
# Parent  46c0c7ef4913011f3f1e073f9ac880b07b1a8154
SSL: Add ENGINE_init() calls before using engines.
It is necessary to call ENGINE_init() before using a OpenSSL engine
to get the engine functional reference.

diff -r 46c0c7ef4913 -r f916a804d526 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c	Wed Apr 25 14:57:24 2018 +0300
+++ b/src/event/ngx_event_openssl.c	Wed Apr 25 17:31:50 2018 +0200
@@ -527,27 +527,44 @@
             return NGX_ERROR;
         }
 
+        if (!ENGINE_init(engine)) {
+            ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+                          "ENGINE_init(\"%s\") failed", p);
+            ENGINE_free(engine);
+            return NGX_ERROR;
+        }
+
         *last++ = ':';
 
         pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
 
         if (pkey == NULL) {
             ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
-                          "ENGINE_load_private_key(\"%s\") failed", last);
+                          "ENGINE_load_private_key(\"%s\", %s, %d, %d) failed",
+                          p, last, 0, 0);
             ENGINE_free(engine);
             return NGX_ERROR;
         }
 
-        ENGINE_free(engine);
+        if (!ENGINE_set_default(engine, ENGINE_METHOD_PKEY_METHS)) {
+            ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+                          "ENGINE_set_default(\"%s\", %s) failed",
+                          p, "ENGINE_METHOD_PKEY_METHS");
+            EVP_PKEY_free(pkey);
+            ENGINE_free(engine);
+            return NGX_ERROR;
+        }
 
         if (SSL_CTX_use_PrivateKey(ssl->ctx, pkey) == 0) {
             ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
-                          "SSL_CTX_use_PrivateKey(\"%s\") failed", last);
+                          "SSL_CTX_use_PrivateKey() failed trying to use %s",
+                          key->data);
             EVP_PKEY_free(pkey);
             return NGX_ERROR;
         }
 
         EVP_PKEY_free(pkey);
+        ENGINE_free(engine);
 
         return NGX_OK;
 
@@ -4215,13 +4232,18 @@
         return NGX_CONF_ERROR;
     }
 
-    if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
-        ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
-                      "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed",
+    if (!ENGINE_init(engine)) {
+        ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "ENGINE_init(\"%V\") failed",
                       &value[1]);
-
         ENGINE_free(engine);
-
+        return NGX_CONF_ERROR;
+    }
+
+    if (ENGINE_set_default(engine, ENGINE_METHOD_PKEY_METHS) == 0) {
+        ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
+                      "ENGINE_set_default(\"%V\", %s) failed",
+                      &value[1], "ENGINE_METHOD_PKEY_METHS");
+        ENGINE_free(engine);
         return NGX_CONF_ERROR;
     }
 


More information about the nginx-devel mailing list