Welcome! Log In Create A New Profile

[PATCH] allow to use engine keyform for server private key

Forum List Message List New Topic Print View

Dmitrii Pichulin

July 23, 2014 10:56AM

# HG changeset patch
# User Dmitrii Pichulin
# Date 1406127158 -14400
# Wed Jul 23 18:52:38 2014 +0400
# Node ID fec1d814c8f363976a1217c81faec3d80e6c718f
# Parent 9de5820bb3e04d7e21727b472a15831ec0b2be1d
allow to use engine keyform for server private key

diff -r 9de5820bb3e0 -r fec1d814c8f3 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Fri Jul 18 20:11:40 2014 +0400
+++ b/src/event/ngx_event_openssl.c Wed Jul 23 18:52:38 2014 +0400
@@ -11,6 +11,7 @@

#define NGX_SSL_PASSWORD_BUFFER_SIZE 4096
+#define NGX_SSL_MAX_ENGINE_NAME_LEN 260

typedef struct {
@@ -270,6 +271,10 @@
u_long n;
ngx_str_t *pwd;
ngx_uint_t tries;
+ EVP_PKEY *pkey;
+ ENGINE *e;
+ char *p, *last;
+ char e_name[NGX_SSL_MAX_ENGINE_NAME_LEN + 1];

if (ngx_conf_full_name(cf->cycle, cert, 1) != NGX_OK) {
return NGX_ERROR;
@@ -352,6 +357,61 @@

BIO_free(bio);

+ if (ngx_strncmp(key->data, "engine:", sizeof("engine:") - 1) == 0) {
+
+ p = (char *) key->data + sizeof("engine:") - 1;
+ last = ngx_strchr(p, ':');
+
+ if (last == NULL || ngx_strchr(last + 1, ':') != NULL) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid syntax: %V", key);
+ return NGX_ERROR;
+ }
+
+ if (last - p > NGX_SSL_MAX_ENGINE_NAME_LEN) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "too long engine name in \"ssl_certificate_key\"");
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(e_name, p, last - p);
+ e_name[last - p] = 0;
+
+ e = ENGINE_by_id((char *) e_name);
+
+ if (e == NULL) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "ENGINE_by_id(\"%s\") failed", e_name);
+ return NGX_ERROR;
+ }
+
+ pkey = ENGINE_load_private_key(e, (char *) last + 1, 0, 0);
+
+ if (!pkey) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "ENGINE_load_private_key(\"%s\") failed", last + 1);
+ ENGINE_free(e);
+ return NGX_ERROR;
+ }
+
+ if (SSL_CTX_use_PrivateKey(ssl->ctx, pkey) == 0) {
+
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "SSL_CTX_use_PrivateKey_file(\"%s\") failed", last + 1);
+ EVP_PKEY_free(pkey);
+ ENGINE_free(e);
+ return NGX_ERROR;
+ }
+
+ EVP_PKEY_free(pkey);
+
+ if (ENGINE_free(e) == 0) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "ENGINE_free() failed");
+ return NGX_ERROR;
+ }
+
+ return NGX_OK;
+ }
+
if (ngx_conf_full_name(cf->cycle, key, 1) != NGX_OK) {
return NGX_ERROR;
}

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH] allow to use engine keyform for server private key	Dmitrii Pichulin	2762	July 22, 2014 07:16AM
Re: [PATCH] allow to use engine keyform for server private key	Maxim Dounin	1193	July 22, 2014 10:54AM
[PATCH] allow to use engine keyform for server private key	Dmitrii Pichulin	895	July 23, 2014 10:56AM
Re: [PATCH] allow to use engine keyform for server private key	Maxim Dounin	832	July 27, 2014 10:44PM
[PATCH 0 of 1 ] Questions about ENGINE_load_private_key	Dmitrii Pichulin	1063	July 29, 2014 11:12AM
[PATCH 1 of 1] allow to use engine keyform for server private key	Dmitrii Pichulin	799	July 29, 2014 11:12AM
Re: [PATCH 1 of 1] allow to use engine keyform for server private key	Maxim Dounin	732	July 29, 2014 11:42AM
[PATCH] allow to use engine keyform for server private key	Dmitrii Pichulin	776	July 30, 2014 11:30AM
Re: [PATCH] allow to use engine keyform for server private key	Maxim Dounin	903	July 31, 2014 09:50AM
Re: [PATCH] allow to use engine keyform for server private key	Dmitrii Pichulin	653	August 01, 2014 01:22AM
Re: [PATCH] allow to use engine keyform for server private key	Maxim Dounin	904	August 01, 2014 01:00PM
[PATCH] allow to use engine keyform for server private key	Dmitrii Pichulin	1032	August 04, 2014 03:08AM
Re: [PATCH] allow to use engine keyform for server private key	Dmitrii Pichulin	766	August 11, 2014 12:38AM
Re: [PATCH] allow to use engine keyform for server private key	Maxim Dounin	782	August 11, 2014 08:44PM
Re: [PATCH] allow to use engine keyform for server private key	Dmitrii Pichulin	4331	October 29, 2014 10:48AM
Re: [PATCH] allow to use engine keyform for server private key	Dmitrii Pichulin	735	November 21, 2014 12:22AM
Re: [PATCH] allow to use engine keyform for server private key	Maxim Dounin	920	November 21, 2014 08:10AM
Re: [PATCH] allow to use engine keyform for server private key	Maxim Dounin	977	December 03, 2014 04:26PM
Re: [PATCH] allow to use engine keyform for server private key	Dmitrii Pichulin	737	December 04, 2014 05:58AM
Re: [PATCH] allow to use engine keyform for server private key	Maxim Dounin	1068	December 04, 2014 09:42AM
Re: [PATCH 0 of 1 ] Questions about ENGINE_load_private_key	Maxim Dounin	1111	July 29, 2014 11:34AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 126

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018