[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r5372 - in trunk/OpenDNSSEC/signer/src: shared signer

Matthijs Mekking matthijs at nlnetlabs.nl
Mon Aug 8 10:02:54 CEST 2011


Author: matthijs
Date: 2011-08-08 10:02:54 +0200 (Mon, 08 Aug 2011)
New Revision: 5372

Modified:
   trunk/OpenDNSSEC/signer/src/shared/hsm.c
   trunk/OpenDNSSEC/signer/src/signer/keys.c
   trunk/OpenDNSSEC/signer/src/signer/keys.h
Log:
Pivotal Story #16517425: Signature lifetime too long/short
https://www.pivotaltracker.com/story/show/16517425

port from branch 1.3



Modified: trunk/OpenDNSSEC/signer/src/shared/hsm.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/shared/hsm.c	2011-08-05 14:56:11 UTC (rev 5371)
+++ trunk/OpenDNSSEC/signer/src/shared/hsm.c	2011-08-08 08:02:54 UTC (rev 5372)
@@ -55,6 +55,7 @@
     ods_log_assert(key_id);
 
     /* set parameters */
+    lock_basic_lock(&key_id->key_lock);
     if (!key_id->params) {
         key_id->params = hsm_sign_params_new();
         if (key_id->params) {
@@ -62,6 +63,7 @@
             key_id->params->algorithm = key_id->algorithm;
             key_id->params->flags = key_id->flags;
         } else {
+            lock_basic_unlock(&key_id->key_lock);
             /* could not create params */
             error = hsm_get_error(ctx);
             if (error) {
@@ -73,6 +75,7 @@
             return ODS_STATUS_ERR;
         }
     }
+    lock_basic_unlock(&key_id->key_lock);
 
     /* lookup key */
     if (!key_id->hsmkey) {
@@ -92,7 +95,9 @@
 
     /* get dnskey */
     if (!key_id->dnskey) {
+        lock_basic_lock(&key_id->key_lock);
         key_id->dnskey = hsm_get_dnskey(ctx, key_id->hsmkey, key_id->params);
+        lock_basic_unlock(&key_id->key_lock);
     }
     if (!key_id->dnskey) {
         error = hsm_get_error(ctx);
@@ -104,7 +109,9 @@
             hsm_str);
         return ODS_STATUS_ERR;
     }
+    lock_basic_lock(&key_id->key_lock);
     key_id->params->keytag = ldns_calc_keytag(key_id->dnskey);
+    lock_basic_unlock(&key_id->key_lock);
     return ODS_STATUS_OK;
 }
 
@@ -147,6 +154,7 @@
     ods_log_assert(key_id->hsmkey);
     ods_log_assert(key_id->params);
 
+    lock_basic_lock(&key_id->key_lock);
     key_id->params->inception = inception;
     key_id->params->expiration = expiration;
     if (!key_id->params->keytag) {
@@ -158,6 +166,7 @@
         key_id->locator?key_id->locator:"(null)", key_id->params->keytag);
 
     result = hsm_sign_rrset(ctx, rrset, key_id->hsmkey, key_id->params);
+    lock_basic_unlock(&key_id->key_lock);
     if (!result) {
         error = hsm_get_error(ctx);
         if (error) {
@@ -165,6 +174,5 @@
             free((void*)error);
         }
     }
-
     return result;
 }

Modified: trunk/OpenDNSSEC/signer/src/signer/keys.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/keys.c	2011-08-05 14:56:11 UTC (rev 5371)
+++ trunk/OpenDNSSEC/signer/src/signer/keys.c	2011-08-08 08:02:54 UTC (rev 5372)
@@ -86,6 +86,7 @@
     key->ksk = ksk;
     key->zsk = zsk;
     key->next = NULL;
+    lock_basic_init(&key->key_lock);
     return key;
 }
 
@@ -455,18 +456,19 @@
     if (!key) {
         return;
     }
-    if (key->dnskey) {
-        ldns_rr_free(key->dnskey);
-        key->dnskey = NULL;
-    }
+    key->dnskey = NULL;
     if (key->hsmkey) {
         hsm_key_free(key->hsmkey);
         key->hsmkey = NULL;
     }
+    lock_basic_lock(&key->key_lock);
     if (key->params) {
         hsm_sign_params_free(key->params);
         key->params = NULL;
     }
+    lock_basic_unlock(&key->key_lock);
+    lock_basic_destroy(&key->key_lock);
+
     allocator = key->allocator;
     allocator_deallocate(allocator, (void*) key->locator);
     allocator_deallocate(allocator, (void*) key);

Modified: trunk/OpenDNSSEC/signer/src/signer/keys.h
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/keys.h	2011-08-05 14:56:11 UTC (rev 5371)
+++ trunk/OpenDNSSEC/signer/src/signer/keys.h	2011-08-08 08:02:54 UTC (rev 5372)
@@ -35,6 +35,7 @@
 #define SIGNER_KEYS_H
 
 #include "shared/allocator.h"
+#include "shared/locks.h"
 #include "shared/status.h"
 
 #ifdef HAVE_SYS_TYPES_H
@@ -64,6 +65,7 @@
     int publish;
     int ksk;
     int zsk;
+    lock_basic_type key_lock;
     key_type* next;
 };
 




More information about the Opendnssec-commits mailing list