actually add nginx-1.21.4-pq.patch

2021-12-30 12:02:49 -05:00 · 2021-12-30 12:02:49 -05:00 · 47588dd83d
parent 10fa7c8f58
commit 47588dd83d
1 changed files with 124 additions and 0 deletions
--- a/nginx-1.21.4-pq.patch
+++ b/nginx-1.21.4-pq.patch
@ -0,0 +1,124 @@
+diff -ur nginx-1.21.4/src/event/ngx_event_openssl.c nginx-1.21.4-pq/src/event/ngx_event_openssl.c
+--- nginx-1.21.4/src/event/ngx_event_openssl.c	2021-12-24 12:15:25.943693122 -0500
+++ nginx-1.21.4-pq/src/event/ngx_event_openssl.c	2021-12-22 15:18:26.681445109 -0500
+@@ -20,10 +20,14 @@
+ 
+ static X509 *ngx_ssl_load_certificate(ngx_pool_t *pool, char **err,
+     ngx_str_t *cert, STACK_OF(X509) **chain);
+ifndef HAVE_LIBOQS
+/* In the case that HAVE_LIBOQS is defined, these functions are unused as we
+ * call SSL_CTX_use_PrivateKey_file() instead. */
+ static EVP_PKEY *ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
+     ngx_str_t *key, ngx_array_t *passwords);
+ static int ngx_ssl_password_callback(char *buf, int size, int rwflag,
+     void *userdata);
+#endif
+ static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
+ static void ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where,
+     int ret);
+@@ -433,7 +437,9 @@
+ {
+     char            *err;
+     X509            *x509;
+#ifndef HAVE_LIBOQS
+     EVP_PKEY        *pkey;
+#endif
+     STACK_OF(X509)  *chain;
+ 
+     x509 = ngx_ssl_load_certificate(cf->pool, &err, cert, &chain);
+@@ -524,6 +530,20 @@
+     }
+ #endif
+ 
+#ifdef HAVE_LIBOQS
+        if (ngx_get_full_name(cf->pool, (ngx_str_t *) &ngx_cycle->conf_prefix,
+                              key) != NGX_OK) {
+            return NGX_OK;
+        }
+
+        if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *)key->data, SSL_FILETYPE_PEM)
+            < 1) {
+            ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+                          "cannot load certificate key \"%s\"",
+                          key->data);
+            return NGX_ERROR;
+        }
+#else
+     pkey = ngx_ssl_load_certificate_key(cf->pool, &err, key, passwords);
+     if (pkey == NULL) {
+         if (err != NULL) {
+@@ -543,6 +563,7 @@
+     }
+ 
+     EVP_PKEY_free(pkey);
+#endif
+ 
+     return NGX_OK;
+ }
+@@ -554,7 +575,9 @@
+ {
+     char            *err;
+     X509            *x509;
+#ifndef HAVE_LIBOQS
+     EVP_PKEY        *pkey;
+#endif
+     STACK_OF(X509)  *chain;
+ 
+     x509 = ngx_ssl_load_certificate(pool, &err, cert, &chain);
+@@ -595,6 +618,20 @@
+ 
+ #endif
+ 
+#ifdef HAVE_LIBOQS
+    if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix,
+                          key) != NGX_OK) {
+        return NGX_OK;
+    }
+
+    if (SSL_use_PrivateKey_file(c->ssl->connection, (char *)key->data, SSL_FILETYPE_PEM)
+        < 1) {
+        ngx_ssl_error(NGX_LOG_EMERG, c->log, 0,
+                      "cannot load certificate key \"%s\"",
+                      key->data);
+        return NGX_ERROR;
+    }
+#else
+     pkey = ngx_ssl_load_certificate_key(pool, &err, key, passwords);
+     if (pkey == NULL) {
+         if (err != NULL) {
+@@ -614,6 +651,7 @@
+     }
+ 
+     EVP_PKEY_free(pkey);
+#endif
+ 
+     return NGX_OK;
+ }
+@@ -709,6 +747,7 @@
+ }
+ 
+ 
+#ifndef HAVE_LIBOQS
+ static EVP_PKEY *
+ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
+     ngx_str_t *key, ngx_array_t *passwords)
+@@ -824,8 +863,10 @@
+ 
+     return pkey;
+ }
+#endif
+ 
+ 
+#ifndef HAVE_LIBOQS
+ static int
+ ngx_ssl_password_callback(char *buf, int size, int rwflag, void *userdata)
+ {
+@@ -852,7 +893,7 @@
+ 
+     return size;
+ }
+-
+#endif
+ 
+ ngx_int_t
+ ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,