From e8ac7cf6ec73981f2a10387a622de92e715b2973 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Mon, 10 Jan 2022 11:34:30 -0800 Subject: [PATCH] remove error handling code around dns_dnsseckey_create() this function can no longer fail, so error checking is not necessary. --- bin/dnssec/dnssec-signzone.c | 14 ++++++-------- lib/dns/dnssec.c | 28 ++++++++++------------------ lib/dns/include/dns/dnssec.h | 6 +----- lib/dns/keymgr.c | 5 +---- 4 files changed, 18 insertions(+), 35 deletions(-) diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 0e70c43723..1c01388bd6 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -417,17 +417,15 @@ keythatsigned(dns_rdata_rrsig_t *rrsig) { DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, directory, mctx, &privkey); if (result == ISC_R_SUCCESS) { dst_key_free(&pubkey); - result = dns_dnsseckey_create(mctx, &privkey, &key); + dns_dnsseckey_create(mctx, &privkey, &key); } else { - result = dns_dnsseckey_create(mctx, &pubkey, &key); + dns_dnsseckey_create(mctx, &pubkey, &key); } - if (result == ISC_R_SUCCESS) { - key->force_publish = false; - key->force_sign = false; - key->index = keycount++; - ISC_LIST_APPEND(keylist, key, link); - } + key->force_publish = false; + key->force_sign = false; + key->index = keycount++; + ISC_LIST_APPEND(keylist, key, link); isc_rwlock_unlock(&keylist_lock, isc_rwlocktype_write); return (key); diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c index 59339c5587..3ed6f6c0e4 100644 --- a/lib/dns/dnssec.c +++ b/lib/dns/dnssec.c @@ -1267,7 +1267,7 @@ dns_dnssec_signs(dns_rdata_t *rdata, const dns_name_t *name, return (false); } -isc_result_t +void dns_dnsseckey_create(isc_mem_t *mctx, dst_key_t **dstkey, dns_dnsseckey_t **dkp) { isc_result_t result; @@ -1311,7 +1311,6 @@ dns_dnsseckey_create(isc_mem_t *mctx, dst_key_t **dstkey, ISC_LINK_INIT(dk, link); *dkp = dk; - return (ISC_R_SUCCESS); } void @@ -1492,7 +1491,7 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, const char *directory, continue; } - RETERR(dns_dnsseckey_create(mctx, &dstkey, &key)); + dns_dnsseckey_create(mctx, &dstkey, &key); key->source = dns_keysource_repository; dns_dnssec_get_hints(key, now); @@ -1535,11 +1534,10 @@ failure: * the keys in the keyset, regardless of whether they have * metadata indicating they should be deactivated or removed. */ -static isc_result_t +static void addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey, bool savekeys, isc_mem_t *mctx) { - dns_dnsseckey_t *key; - isc_result_t result; + dns_dnsseckey_t *key = NULL; /* Skip duplicates */ for (key = ISC_LIST_HEAD(*keylist); key != NULL; @@ -1568,13 +1566,10 @@ addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey, bool savekeys, } key->source = dns_keysource_zoneapex; - return (ISC_R_SUCCESS); + return; } - result = dns_dnsseckey_create(mctx, newkey, &key); - if (result != ISC_R_SUCCESS) { - return (result); - } + dns_dnsseckey_create(mctx, newkey, &key); if (key->legacy || savekeys) { key->force_publish = true; key->force_sign = dst_key_isprivate(key->key); @@ -1582,7 +1577,6 @@ addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey, bool savekeys, key->source = dns_keysource_zoneapex; ISC_LIST_APPEND(*keylist, key, link); *newkey = NULL; - return (ISC_R_SUCCESS); } /*% @@ -1683,7 +1677,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory, } if (publickey) { - RETERR(addkey(keylist, &dnskey, savekeys, mctx)); + addkey(keylist, &dnskey, savekeys, mctx); goto skip; } @@ -1766,11 +1760,9 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory, if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) { if (pubkey != NULL) { - RETERR(addkey(keylist, &pubkey, savekeys, - mctx)); + addkey(keylist, &pubkey, savekeys, mctx); } else { - RETERR(addkey(keylist, &dnskey, savekeys, - mctx)); + addkey(keylist, &dnskey, savekeys, mctx); } goto skip; } @@ -1787,7 +1779,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory, */ dst_key_setttl(privkey, dst_key_getttl(dnskey)); - RETERR(addkey(keylist, &privkey, savekeys, mctx)); + addkey(keylist, &privkey, savekeys, mctx); skip: if (dnskey != NULL) { dst_key_free(&dnskey); diff --git a/lib/dns/include/dns/dnssec.h b/lib/dns/include/dns/dnssec.h index a5451fda7f..ed9927c732 100644 --- a/lib/dns/include/dns/dnssec.h +++ b/lib/dns/include/dns/dnssec.h @@ -245,7 +245,7 @@ dns_dnssec_signs(dns_rdata_t *rdata, const dns_name_t *name, * rrset. dns_dnssec_signs() works on any rrset. */ -isc_result_t +void dns_dnsseckey_create(isc_mem_t *mctx, dst_key_t **dstkey, dns_dnsseckey_t **dkp); /*%< @@ -253,10 +253,6 @@ dns_dnsseckey_create(isc_mem_t *mctx, dst_key_t **dstkey, * * Requires: *\li 'dkp' is not NULL and '*dkp' is NULL. - * - * Returns: - *\li #ISC_R_SUCCESS - *\li #ISC_R_NOMEMORY */ void diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c index 2e0aee466c..6bc11dbb62 100644 --- a/lib/dns/keymgr.c +++ b/lib/dns/keymgr.c @@ -1768,10 +1768,7 @@ keymgr_key_rollover(dns_kasp_key_t *kaspkey, dns_dnsseckey_t *active_key, } dst_key_setttl(dst_key, dns_kasp_dnskeyttl(kasp)); dst_key_settime(dst_key, DST_TIME_CREATED, now); - result = dns_dnsseckey_create(mctx, &dst_key, &new_key); - if (result != ISC_R_SUCCESS) { - return (result); - } + dns_dnsseckey_create(mctx, &dst_key, &new_key); keymgr_key_init(new_key, kasp, now, csk); } else { new_key = candidate;