[PATCH] Add ENGINE_init/finish directives around ENGINE_load_private_key.
Bradley Hess
bdhess at google.com
Tue Dec 7 16:45:01 UTC 2021
# HG changeset patch
# User Bradley Hess <bdhess at google.com>
# Date 1638894138 18000
# Tue Dec 07 11:22:18 2021 -0500
# Node ID c3ec7674556519a9068c4e7a9f6279bbff6c3d31
# Parent a7a77549265ef46f1f0fdb3897f4beabf9e09c40
Add ENGINE_init/finish directives around ENGINE_load_private_key.
ENGINE_by_id creates a "structural reference" to an engine; for
actually performing cryptography, this ought to be a "functional
reference" per those two topics in the OpenSSL docs:
https://www.openssl.org/docs/man1.1.1/man3/ENGINE_load_private_key.html
Unlike the default OpenSSL engine, the OpenSC PKCS #11 engine cannot
load a private key if it is not first initialized.
diff -r a7a77549265e -r c3ec76745565 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Thu Nov 25 22:02:10 2021 +0300
+++ b/src/event/ngx_event_openssl.c Tue Dec 07 11:22:18 2021 -0500
@@ -734,16 +734,24 @@
return NULL;
}
+ if (!ENGINE_init(engine)) {
+ *err = "ENGINE_init() failed";
+ ENGINE_free(engine);
+ return NULL;
+ }
+
*last++ = ':';
pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
if (pkey == NULL) {
*err = "ENGINE_load_private_key() failed";
+ ENGINE_finish(engine);
ENGINE_free(engine);
return NULL;
}
+ ENGINE_finish(engine);
ENGINE_free(engine);
return pkey;
More information about the nginx-devel
mailing list