From 750536f74d1d8e261c566b41c765dea5e420e610 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Mon, 16 Oct 2023 13:24:10 +0200 Subject: [PATCH] No longer need to get generated key from label The pkcs11-provider did not yet support getting X/Y coordinates on newly generated EC PKEY keys, thus we attempted to get the key from the label after it was generated in the keystore. This has been fixed in: https://github.com/latchset/pkcs11-provider/pull/293 Thus now we should be able to use the generated key structure immediately. --- lib/dns/keystore.c | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/lib/dns/keystore.c b/lib/dns/keystore.c index d0637354b4..f733310ab9 100644 --- a/lib/dns/keystore.c +++ b/lib/dns/keystore.c @@ -158,7 +158,6 @@ dns_keystore_keygen(dns_keystore_t *keystore, const dns_name_t *origin, uri = dns_keystore_pkcs11uri(keystore); if (uri != NULL) { - dst_key_t *key = NULL; char *label = NULL; size_t len; char timebuf[18]; @@ -179,29 +178,14 @@ dns_keystore_keygen(dns_keystore_t *keystore, const dns_name_t *origin, /* Generate the key */ result = dst_key_generate(origin, alg, size, 0, flags, DNS_KEYPROTO_DNSSEC, rdclass, label, - mctx, &key, NULL); - if (result != ISC_R_SUCCESS) { - isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, - DNS_LOGMODULE_DNSSEC, ISC_LOG_ERROR, - "keystore: failed to generate key " - "%s (ret=%d)", - object, result); - return (result); - } - dst_key_free(&key); - - /* Retrieve generated key from label */ - result = dst_key_fromlabel( - origin, alg, flags, DNS_KEYPROTO_DNSSEC, - dns_rdataclass_in, dns_keystore_engine(keystore), label, - NULL, mctx, &newkey); + mctx, &newkey, NULL); isc_mem_put(mctx, label, len); if (result != ISC_R_SUCCESS) { isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_DNSSEC, ISC_LOG_ERROR, - "keystore: failed to access key " + "keystore: failed to generate key " "%s (ret=%d)", object, result); return (result);