From: Matthijs Mekking <matthijs@isc.org>
Date: Mon, 30 Nov 2020 11:28:11 +0000 (+0100)
Subject: Correctly update pointers to pubkey and privkey
X-Git-Tag: v9.17.10~21^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=01239691a16434cdf4883daff857480f15390db6;p=thirdparty%2Fbind9.git

Correctly update pointers to pubkey and privkey

The functions 'load_pubkey_from_engine()' and
'load_privkey_from_engine()' did not correctly store the pointers.

Update both functions to add 'EC_KEY_set_public_key()' and
'EC_KEY_set_private_key()' respectively, so that the pointers to
the public and private keys survive the "load from engine" functions.
---

diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index 98c41a79389..f198599e2f3 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -618,57 +618,67 @@ load_privkey_from_privstruct(EC_KEY *eckey, dst_private_t *priv) {
 #if !defined(OPENSSL_NO_ENGINE)
 static isc_result_t
 load_pubkey_from_engine(EC_KEY *eckey, const char *engine, const char *label) {
+	EC_KEY *key;
+	ENGINE *ep;
+	EVP_PKEY *pubkey;
+
 	if (engine == NULL || label == NULL) {
 		return (DST_R_NOENGINE);
 	}
 
-	ENGINE *ep = dst__openssl_getengine(engine);
-	;
+	ep = dst__openssl_getengine(engine);
 	if (ep == NULL) {
 		return (DST_R_NOENGINE);
 	}
 
-	EVP_PKEY *pubkey = ENGINE_load_public_key(ep, label, NULL, NULL);
+	pubkey = ENGINE_load_public_key(ep, label, NULL, NULL);
 	if (pubkey == NULL) {
 		return (dst__openssl_toresult2("ENGINE_load_public_key",
 					       ISC_R_NOTFOUND));
 	}
 
-	eckey = EVP_PKEY_get1_EC_KEY(pubkey);
+	key = EVP_PKEY_get1_EC_KEY(pubkey);
 	EVP_PKEY_free(pubkey);
 
-	if (eckey == NULL) {
+	if (key == NULL) {
 		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 	}
 
+	EC_KEY_set_public_key(eckey, EC_KEY_get0_public_key(key));
+
 	return (ISC_R_SUCCESS);
 }
 
 static isc_result_t
 load_privkey_from_engine(EC_KEY *eckey, const char *engine, const char *label) {
+	EC_KEY *key;
+	ENGINE *ep;
+	EVP_PKEY *privkey;
+
 	if (engine == NULL || label == NULL) {
 		return (DST_R_NOENGINE);
 	}
 
-	ENGINE *ep = dst__openssl_getengine(engine);
-	;
+	ep = dst__openssl_getengine(engine);
 	if (ep == NULL) {
 		return (DST_R_NOENGINE);
 	}
 
-	EVP_PKEY *privkey = ENGINE_load_private_key(ep, label, NULL, NULL);
+	privkey = ENGINE_load_private_key(ep, label, NULL, NULL);
 	if (privkey == NULL) {
 		return (dst__openssl_toresult2("ENGINE_load_private_key",
 					       ISC_R_NOTFOUND));
 	}
 
-	eckey = EVP_PKEY_get1_EC_KEY(privkey);
+	key = EVP_PKEY_get1_EC_KEY(privkey);
 	EVP_PKEY_free(privkey);
 
-	if (eckey == NULL) {
+	if (key == NULL) {
 		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 	}
 
+	EC_KEY_set_private_key(eckey, EC_KEY_get0_private_key(key));
+
 	return (ISC_R_SUCCESS);
 }
 #else