Skip to content

Commit ea21407

Browse files
OYTISOYTIS
committed
tls: add cleanup for private key engine
Signed-off-by: Anton Gerasimov <[email protected]>
1 parent 3dae10a commit ea21407

File tree

2 files changed

+20
-7
lines changed

2 files changed

+20
-7
lines changed

src/node_crypto.cc

Lines changed: 19 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -768,6 +768,14 @@ void SecureContext::SetSigalgs(const FunctionCallbackInfo<Value>& args) {
768768
}
769769

770770
#ifndef OPENSSL_NO_ENGINE
771+
// Helpers for the smart pointer.
772+
void ENGINE_free_fn(ENGINE* engine) { ENGINE_free(engine); }
773+
774+
void ENGINE_finish_and_free_fn(ENGINE* engine) {
775+
ENGINE_finish(engine);
776+
ENGINE_free(engine);
777+
}
778+
771779
void SecureContext::SetEngineKey(const FunctionCallbackInfo<Value>& args) {
772780
Environment* env = Environment::GetCurrent(args);
773781

@@ -778,17 +786,22 @@ void SecureContext::SetEngineKey(const FunctionCallbackInfo<Value>& args) {
778786

779787
char errmsg[1024];
780788
const node::Utf8Value engine_id(env->isolate(), args[1]);
781-
ENGINE* e = LoadEngineById(*engine_id, &errmsg);
782-
if (e == nullptr) {
789+
std::unique_ptr<ENGINE, std::function<void(ENGINE*)>> e =
790+
{ LoadEngineById(*engine_id, &errmsg),
791+
ENGINE_free_fn };
792+
if (e.get() == nullptr) {
783793
return env->ThrowError(errmsg);
784794
}
785795

786-
if (!ENGINE_init(e)) {
796+
if (!ENGINE_init(e.get())) {
787797
return env->ThrowError("ENGINE_init");
788798
}
789799

800+
e.get_deleter() = ENGINE_finish_and_free_fn;
801+
790802
const node::Utf8Value key_name(env->isolate(), args[0]);
791-
EVPKeyPointer key(ENGINE_load_private_key(e, *key_name, nullptr, nullptr));
803+
EVPKeyPointer key(ENGINE_load_private_key(e.get(), *key_name,
804+
nullptr, nullptr));
792805

793806
if (!key) {
794807
return ThrowCryptoError(env, ERR_get_error(), "ENGINE_load_private_key");
@@ -799,6 +812,8 @@ void SecureContext::SetEngineKey(const FunctionCallbackInfo<Value>& args) {
799812
if (rv == 0) {
800813
return ThrowCryptoError(env, ERR_get_error(), "SSL_CTX_use_PrivateKey");
801814
}
815+
816+
sc->private_key_engine_ = std::move(e);
802817
}
803818
#endif // !OPENSSL_NO_ENGINE
804819

@@ -1476,9 +1491,6 @@ void SecureContext::LoadPKCS12(const FunctionCallbackInfo<Value>& args) {
14761491

14771492

14781493
#ifndef OPENSSL_NO_ENGINE
1479-
// Helper for the smart pointer.
1480-
void ENGINE_free_fn(ENGINE* engine) { ENGINE_free(engine); }
1481-
14821494
void SecureContext::SetClientCertEngine(
14831495
const FunctionCallbackInfo<Value>& args) {
14841496
Environment* env = Environment::GetCurrent(args);

src/node_crypto.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,7 @@ class SecureContext : public BaseObject {
9797
X509Pointer issuer_;
9898
#ifndef OPENSSL_NO_ENGINE
9999
bool client_cert_engine_provided_ = false;
100+
std::unique_ptr<ENGINE, std::function<void(ENGINE*)>> private_key_engine_;
100101
#endif // !OPENSSL_NO_ENGINE
101102

102103
static const int kMaxSessionSize = 10 * 1024;

0 commit comments

Comments
 (0)