mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

Create private keys with PKCS#11 object

Browse Source 
If there is a keystore configured with a PKCS#11 URI, zones that
are using a dnssec-policy that uses such a keystore should create keys
via the PKCS#11 interface. Those keys are generally stored inside an
HSM.

Some changes to the code are required, to store the engine reference
into the keystore.
This commit is contained in:
Matthijs Mekking
2022-02-28 11:50:43 +01:00
parent d795710541
commit f096472eb4
10 changed files with 314 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/isccfg/check.c
View File

@@ -1412,8 +1412,9 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
}
}
ret = cfg_keystore_fromconfig(
kconfig, mctx, logctx, &kslist, &ks);
ret = cfg_keystore_fromconfig(kconfig, mctx,
logctx, NULL,
&kslist, &ks);
if (ret != ISC_R_SUCCESS) {
if (result == ISC_R_SUCCESS) {
result = ret;
@@ -1429,7 +1430,8 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
/*
* Add default key-store "key-directory".
*/
tresult = cfg_keystore_fromconfig(NULL, mctx, logctx, &kslist, &ks);
tresult = cfg_keystore_fromconfig(NULL, mctx, logctx, NULL, &kslist,
&ks);
if (tresult != ISC_R_SUCCESS) {
if (result == ISC_R_SUCCESS) {
result = tresult;
@@ -2961,12 +2963,13 @@ check_keydir(const cfg_obj_t *config, const cfg_obj_t *zconfig,
{
cfg_obj_t *kcfg = cfg_listelt_value(element);
ks = NULL;
(void)cfg_keystore_fromconfig(kcfg, mctx, logctx, &kslist, &ks);
(void)cfg_keystore_fromconfig(kcfg, mctx, logctx, NULL, &kslist,
&ks);
INSIST(ks != NULL);
dns_keystore_detach(&ks);
}
ks = NULL;
(void)cfg_keystore_fromconfig(NULL, mctx, logctx, &kslist, &ks);
(void)cfg_keystore_fromconfig(NULL, mctx, logctx, NULL, &kslist, &ks);
INSIST(ks != NULL);
dns_keystore_detach(&ks);