From: Ondřej Surý <ondrej@isc.org>
Date: Wed, 22 Jan 2020 09:16:22 +0000 (+0100)
Subject: Cleanup support for specifying PKCS#11 engine as part of the label
X-Git-Tag: v9.14.11~9^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95130a379c448a1dfe44cdc736d2abef53ed58a0;p=thirdparty%2Fbind9.git

Cleanup support for specifying PKCS#11 engine as part of the label

The code for specifying OpenSSL PKCS#11 engine as part of the label
(e.g. -l "pkcs11:token=..." instead of -E pkcs11 -l "token=...")
was non-functional.  This commit just cleans the related code.

(cherry picked from commit a5c87d9d186e155553be0ae153bb50180f54fffd)
---

diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index 8425b86dfd6..230efa7238e 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -1035,64 +1035,58 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
 	isc_result_t ret;
 	EVP_PKEY *pkey = NULL;
 	RSA *rsa = NULL, *pubrsa = NULL;
-	char *colon, *tmpengine = NULL;
 	const BIGNUM *ex = NULL;
 
 	UNUSED(pin);
 
 	if (engine == NULL) {
-		if (strchr(label, ':') == NULL)
-			DST_RET(DST_R_NOENGINE);
-		tmpengine = isc_mem_strdup(key->mctx, label);
-		if (tmpengine == NULL)
-			DST_RET(ISC_R_NOMEMORY);
-		colon = strchr(tmpengine, ':');
-		INSIST(colon != NULL);
-		*colon = '\0';
+		DST_RET(DST_R_NOENGINE);
 	}
 	e = dst__openssl_getengine(engine);
-	if (e == NULL)
+	if (e == NULL) {
 		DST_RET(DST_R_NOENGINE);
+	}
 	pkey = ENGINE_load_public_key(e, label, NULL, NULL);
 	if (pkey != NULL) {
 		pubrsa = EVP_PKEY_get1_RSA(pkey);
 		EVP_PKEY_free(pkey);
-		if (pubrsa == NULL)
+		if (pubrsa == NULL) {
 			DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+		}
 	}
 	pkey = ENGINE_load_private_key(e, label, NULL, NULL);
-	if (pkey == NULL)
+	if (pkey == NULL) {
 		DST_RET(dst__openssl_toresult2("ENGINE_load_private_key",
 					       ISC_R_NOTFOUND));
-	if (tmpengine != NULL) {
-		key->engine = tmpengine;
-		tmpengine = NULL;
-	} else {
-		key->engine = isc_mem_strdup(key->mctx, engine);
-		if (key->engine == NULL)
-			DST_RET(ISC_R_NOMEMORY);
+	}
+	key->engine = isc_mem_strdup(key->mctx, engine);
+	if (key->engine == NULL) {
+		DST_RET(ISC_R_NOMEMORY);
 	}
 	key->label = isc_mem_strdup(key->mctx, label);
-	if (key->label == NULL)
+	if (key->label == NULL) {
 		DST_RET(ISC_R_NOMEMORY);
+	}
 	rsa = EVP_PKEY_get1_RSA(pkey);
-	if (rsa == NULL)
+	if (rsa == NULL) {
 		DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
-	if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS)
+	}
+	if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS) {
 		DST_RET(DST_R_INVALIDPRIVATEKEY);
+	}
 	RSA_get0_key(rsa, NULL, &ex, NULL);
-	if (BN_num_bits(ex) > RSA_MAX_PUBEXP_BITS)
+	if (BN_num_bits(ex) > RSA_MAX_PUBEXP_BITS) {
 		DST_RET(ISC_R_RANGE);
-	if (pubrsa != NULL)
+	}
+	if (pubrsa != NULL) {
 		RSA_free(pubrsa);
+	}
 	key->key_size = EVP_PKEY_bits(pkey);
 	key->keydata.pkey = pkey;
 	RSA_free(rsa);
 	return (ISC_R_SUCCESS);
 
  err:
-	if (tmpengine != NULL)
-		isc_mem_free(key->mctx, tmpengine);
 	if (rsa != NULL)
 		RSA_free(rsa);
 	if (pubrsa != NULL)