mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

Replace custom isc_boolean_t with C standard bool type

Browse Source
This commit is contained in:
Ondřej Surý
2018-04-17 08:29:14 -07:00
parent cb6a185c69
commit 994e656977
546 changed files with 10785 additions and 10367 deletions
Download Patch File Download Diff File Expand all files Collapse all files

199
lib/dns/dnssec.c
View File

@@ -14,6 +14,7 @@
#include <config.h>
#include <inttypes.h>
#include <stdbool.h>
#include <stdlib.h>
#include <isc/buffer.h>
@@ -156,7 +157,7 @@ dns_dnssec_keyfromrdata(const dns_name_t *name, const dns_rdata_t *rdata,
}
static isc_result_t
digest_sig(dst_context_t *ctx, isc_boolean_t downcase, dns_rdata_t *sigrdata,
digest_sig(dst_context_t *ctx, bool downcase, dns_rdata_t *sigrdata,
dns_rdata_rrsig_t *rrsig)
{
isc_region_t r;
@@ -270,14 +271,14 @@ dns_dnssec_sign(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
goto cleanup_databuf;
ret = dst_context_create(key, mctx,
DNS_LOGCATEGORY_DNSSEC, ISC_TRUE, 0, &ctx);
DNS_LOGCATEGORY_DNSSEC, true, 0, &ctx);
if (ret != ISC_R_SUCCESS)
goto cleanup_databuf;
/*
* Digest the SIG rdata.
*/
ret = digest_sig(ctx, ISC_FALSE, &tmpsigrdata, &sig);
ret = digest_sig(ctx, false, &tmpsigrdata, &sig);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
@@ -365,7 +366,7 @@ cleanup_signature:
isc_result_t
dns_dnssec_verify(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
isc_boolean_t ignoretime, unsigned int maxbits,
bool ignoretime, unsigned int maxbits,
isc_mem_t *mctx, dns_rdata_t *sigrdata, dns_name_t *wild)
{
dns_rdata_rrsig_t sig;
@@ -380,7 +381,7 @@ dns_dnssec_verify(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
dst_context_t *ctx = NULL;
int labels = 0;
uint32_t flags;
isc_boolean_t downcase = ISC_FALSE;
bool downcase = false;
REQUIRE(name != NULL);
REQUIRE(set != NULL);
@@ -457,7 +458,7 @@ dns_dnssec_verify(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
again:
ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC,
ISC_FALSE, maxbits, &ctx);
false, maxbits, &ctx);
if (ret != ISC_R_SUCCESS)
goto cleanup_struct;
@@ -559,7 +560,7 @@ cleanup_array:
cleanup_context:
dst_context_destroy(&ctx);
if (ret == DST_R_VERIFYFAILURE && !downcase) {
downcase = ISC_TRUE;
downcase = true;
goto again;
}
cleanup_struct:
@@ -582,13 +583,13 @@ cleanup_struct:
return (ret);
}
isc_boolean_t
bool
dns_dnssec_keyactive(dst_key_t *key, isc_stdtime_t now) {
isc_result_t result;
isc_stdtime_t publish, active, revoke, inactive, deltime;
isc_boolean_t pubset = ISC_FALSE, actset = ISC_FALSE;
isc_boolean_t revset = ISC_FALSE, inactset = ISC_FALSE;
isc_boolean_t delset = ISC_FALSE;
bool pubset = false, actset = false;
bool revset = false, inactset = false;
bool delset = false;
int major, minor;
/* Is this an old-style key? */
@@ -600,49 +601,49 @@ dns_dnssec_keyactive(dst_key_t *key, isc_stdtime_t now) {
* keys are assumed active
*/
if (major == 1 && minor <= 2)
return (ISC_TRUE);
return (true);
result = dst_key_gettime(key, DST_TIME_PUBLISH, &publish);
if (result == ISC_R_SUCCESS)
pubset = ISC_TRUE;
pubset = true;
result = dst_key_gettime(key, DST_TIME_ACTIVATE, &active);
if (result == ISC_R_SUCCESS)
actset = ISC_TRUE;
actset = true;
result = dst_key_gettime(key, DST_TIME_REVOKE, &revoke);
if (result == ISC_R_SUCCESS)
revset = ISC_TRUE;
revset = true;
result = dst_key_gettime(key, DST_TIME_INACTIVE, &inactive);
if (result == ISC_R_SUCCESS)
inactset = ISC_TRUE;
inactset = true;
result = dst_key_gettime(key, DST_TIME_DELETE, &deltime);
if (result == ISC_R_SUCCESS)
delset = ISC_TRUE;
delset = true;
if ((inactset && inactive <= now) || (delset && deltime <= now))
return (ISC_FALSE);
return (false);
if (revset && revoke <= now && pubset && publish <= now)
return (ISC_TRUE);
return (true);
if (actset && active <= now)
return (ISC_TRUE);
return (true);
return (ISC_FALSE);
return (false);
}
/*%<
* Indicate whether a key is scheduled to to have CDS/CDNSKEY records
* published now.
*
* Returns ISC_TRUE iff.
* Returns true iff.
* - SyncPublish is set and in the past, AND
* - SyncDelete is unset or in the future
*/
static isc_boolean_t
static bool
syncpublish(dst_key_t *key, isc_stdtime_t now) {
isc_result_t result;
isc_stdtime_t when;
@@ -658,27 +659,27 @@ syncpublish(dst_key_t *key, isc_stdtime_t now) {
* Smart signing started with key format 1.3
*/
if (major == 1 && minor <= 2)
return (ISC_FALSE);
return (false);
result = dst_key_gettime(key, DST_TIME_SYNCPUBLISH, &when);
if (result != ISC_R_SUCCESS)
return (ISC_FALSE);
return (false);
result = dst_key_gettime(key, DST_TIME_SYNCDELETE, &when);
if (result != ISC_R_SUCCESS)
return (ISC_TRUE);
return (true);
if (when <= now)
return (ISC_FALSE);
return (ISC_TRUE);
return (false);
return (true);
}
/*%<
* Indicate whether a key is scheduled to to have CDS/CDNSKEY records
* deleted now.
*
* Returns ISC_TRUE iff. SyncDelete is set and in the past.
* Returns true iff. SyncDelete is set and in the past.
*/
static isc_boolean_t
static bool
syncdelete(dst_key_t *key, isc_stdtime_t now) {
isc_result_t result;
isc_stdtime_t when;
@@ -694,14 +695,14 @@ syncdelete(dst_key_t *key, isc_stdtime_t now) {
* Smart signing started with key format 1.3.
*/
if (major == 1 && minor <= 2)
return (ISC_FALSE);
return (false);
result = dst_key_gettime(key, DST_TIME_SYNCDELETE, &when);
if (result != ISC_R_SUCCESS)
return (ISC_FALSE);
return (false);
if (when <= now)
return (ISC_TRUE);
return (ISC_FALSE);
return (true);
return (false);
}
#define is_zone_key(key) ((dst_key_flags(key) & DNS_KEYFLAG_OWNERMASK) \
@@ -769,7 +770,7 @@ dns_dnssec_findzonekeys(dns_db_t *db, dns_dbversion_t *ver,
mctx, &keys[count]);
if (result == ISC_R_SUCCESS &&
dst_key_pubcompare(pubkey, keys[count],
ISC_FALSE)) {
false)) {
dst_key_setflags(keys[count], flags);
}
dst_key_setflags(pubkey, flags);
@@ -825,7 +826,7 @@ dns_dnssec_findzonekeys(dns_db_t *db, dns_dbversion_t *ver,
* If a key is marked inactive, skip it
*/
if (!dns_dnssec_keyactive(keys[count], now)) {
dst_key_setinactive(pubkey, ISC_TRUE);
dst_key_setinactive(pubkey, true);
dst_key_free(&keys[count]);
keys[count] = pubkey;
pubkey = NULL;
@@ -886,7 +887,7 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
dst_context_t *ctx = NULL;
isc_mem_t *mctx;
isc_result_t result;
isc_boolean_t signeedsfree = ISC_TRUE;
bool signeedsfree = true;
REQUIRE(msg != NULL);
REQUIRE(key != NULL);
@@ -923,7 +924,7 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
isc_buffer_init(&databuf, data, sizeof(data));
RETERR(dst_context_create(key, mctx,
DNS_LOGCATEGORY_DNSSEC, ISC_TRUE, 0, &ctx));
DNS_LOGCATEGORY_DNSSEC, true, 0, &ctx));
/*
* Digest the fields of the SIG - we can cheat and use
@@ -977,7 +978,7 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
&sig, dynbuf));
isc_mem_put(mctx, sig.signature, sig.siglen);
signeedsfree = ISC_FALSE;
signeedsfree = false;
dns_message_takebuffer(msg, &dynbuf);
@@ -1017,7 +1018,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
isc_mem_t *mctx;
isc_result_t result;
uint16_t addcount, addcount_n;
isc_boolean_t signeedsfree = ISC_FALSE;
bool signeedsfree = false;
REQUIRE(source != NULL);
REQUIRE(msg != NULL);
@@ -1040,7 +1041,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
dns_rdataset_current(msg->sig0, &rdata);
RETERR(dns_rdata_tostruct(&rdata, &sig, NULL));
signeedsfree = ISC_TRUE;
signeedsfree = true;
if (sig.labels != 0) {
result = DNS_R_SIGINVALID;
@@ -1072,7 +1073,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
}
RETERR(dst_context_create(key, mctx,
DNS_LOGCATEGORY_DNSSEC, ISC_FALSE, 0, &ctx));
DNS_LOGCATEGORY_DNSSEC, false, 0, &ctx));
/*
* Digest the SIG(0) record, except for the signature.
@@ -1142,10 +1143,10 @@ failure:
/*%
* Does this key ('rdata') self sign the rrset ('rdataset')?
*/
isc_boolean_t
bool
dns_dnssec_selfsigns(dns_rdata_t *rdata, const dns_name_t *name,
dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
isc_boolean_t ignoretime, isc_mem_t *mctx)
bool ignoretime, isc_mem_t *mctx)
{
INSIST(rdataset->type == dns_rdatatype_key ||
rdataset->type == dns_rdatatype_dnskey);
@@ -1162,10 +1163,10 @@ dns_dnssec_selfsigns(dns_rdata_t *rdata, const dns_name_t *name,
}
isc_boolean_t
bool
dns_dnssec_signs(dns_rdata_t *rdata, const dns_name_t *name,
dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset,
isc_boolean_t ignoretime, isc_mem_t *mctx)
bool ignoretime, isc_mem_t *mctx)
{
dst_key_t *dstkey = NULL;
dns_keytag_t keytag;
@@ -1176,11 +1177,11 @@ dns_dnssec_signs(dns_rdata_t *rdata, const dns_name_t *name,
INSIST(sigrdataset->type == dns_rdatatype_rrsig);
if (sigrdataset->covers != rdataset->type)
return (ISC_FALSE);
return (false);
result = dns_dnssec_keyfromrdata(name, rdata, mctx, &dstkey);
if (result != ISC_R_SUCCESS)
return (ISC_FALSE);
return (false);
result = dns_rdata_tostruct(rdata, &key, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
@@ -1201,12 +1202,12 @@ dns_dnssec_signs(dns_rdata_t *rdata, const dns_name_t *name,
&sigrdata, NULL);
if (result == ISC_R_SUCCESS) {
dst_key_free(&dstkey);
return (ISC_TRUE);
return (true);
}
}
}
dst_key_free(&dstkey);
return (ISC_FALSE);
return (false);
}
isc_result_t
@@ -1224,26 +1225,26 @@ dns_dnsseckey_create(isc_mem_t *mctx, dst_key_t **dstkey,
dk->key = *dstkey;
*dstkey = NULL;
dk->force_publish = ISC_FALSE;
dk->force_sign = ISC_FALSE;
dk->hint_publish = ISC_FALSE;
dk->hint_sign = ISC_FALSE;
dk->hint_remove = ISC_FALSE;
dk->first_sign = ISC_FALSE;
dk->is_active = ISC_FALSE;
dk->force_publish = false;
dk->force_sign = false;
dk->hint_publish = false;
dk->hint_sign = false;
dk->hint_remove = false;
dk->first_sign = false;
dk->is_active = false;
dk->prepublish = 0;
dk->source = dns_keysource_unknown;
dk->index = 0;
/* KSK or ZSK? */
dk->ksk = ISC_TF((dst_key_flags(dk->key) & DNS_KEYFLAG_KSK) != 0);
dk->ksk = (dst_key_flags(dk->key) & DNS_KEYFLAG_KSK);
/* Is this an old-style key? */
result = dst_key_getprivateformat(dk->key, &major, &minor);
INSIST(result == ISC_R_SUCCESS);
/* Smart signing started with key format 1.3 */
dk->legacy = ISC_TF(major == 1 && minor <= 2);
dk->legacy = (major == 1 && minor <= 2);
ISC_LINK_INIT(dk, link);
*dkp = dk;
@@ -1266,43 +1267,43 @@ static void
get_hints(dns_dnsseckey_t *key, isc_stdtime_t now) {
isc_result_t result;
isc_stdtime_t publish, active, revoke, inactive, deltime;
isc_boolean_t pubset = ISC_FALSE, actset = ISC_FALSE;
isc_boolean_t revset = ISC_FALSE, inactset = ISC_FALSE;
isc_boolean_t delset = ISC_FALSE;
bool pubset = false, actset = false;
bool revset = false, inactset = false;
bool delset = false;
REQUIRE(key != NULL && key->key != NULL);
result = dst_key_gettime(key->key, DST_TIME_PUBLISH, &publish);
if (result == ISC_R_SUCCESS)
pubset = ISC_TRUE;
pubset = true;
result = dst_key_gettime(key->key, DST_TIME_ACTIVATE, &active);
if (result == ISC_R_SUCCESS)
actset = ISC_TRUE;
actset = true;
result = dst_key_gettime(key->key, DST_TIME_REVOKE, &revoke);
if (result == ISC_R_SUCCESS)
revset = ISC_TRUE;
revset = true;
result = dst_key_gettime(key->key, DST_TIME_INACTIVE, &inactive);
if (result == ISC_R_SUCCESS)
inactset = ISC_TRUE;
inactset = true;
result = dst_key_gettime(key->key, DST_TIME_DELETE, &deltime);
if (result == ISC_R_SUCCESS)
delset = ISC_TRUE;
delset = true;
/* Metadata says publish (but possibly not activate) */
if (pubset && publish <= now)
key->hint_publish = ISC_TRUE;
key->hint_publish = true;
/* Metadata says activate (so we must also publish) */
if (actset && active <= now) {
key->hint_sign = ISC_TRUE;
key->hint_sign = true;
/* Only publish if publish time has already passed. */
if (pubset && publish <= now)
key->hint_publish = ISC_TRUE;
key->hint_publish = true;
}
/*
@@ -1311,7 +1312,7 @@ get_hints(dns_dnsseckey_t *key, isc_stdtime_t now) {
* publish now and activate later.
*/
if (actset && !pubset)
key->hint_publish = ISC_TRUE;
key->hint_publish = true;
/*
* If activation date is in the future, make note of how far off
@@ -1325,7 +1326,7 @@ get_hints(dns_dnsseckey_t *key, isc_stdtime_t now) {
* but don't sign.
*/
if (key->hint_publish && inactset && inactive <= now) {
key->hint_sign = ISC_FALSE;
key->hint_sign = false;
}
/*
@@ -1337,7 +1338,7 @@ get_hints(dns_dnsseckey_t *key, isc_stdtime_t now) {
*/
if (key->hint_publish && (revset && revoke <= now)) {
uint32_t flags;
key->hint_sign = ISC_TRUE;
key->hint_sign = true;
flags = dst_key_flags(key->key);
if ((flags & DNS_KEYFLAG_REVOKE) == 0) {
flags |= DNS_KEYFLAG_REVOKE;
@@ -1349,9 +1350,9 @@ get_hints(dns_dnsseckey_t *key, isc_stdtime_t now) {
* Metadata says delete, so don't publish this key or sign with it.
*/
if (delset && deltime <= now) {
key->hint_publish = ISC_FALSE;
key->hint_sign = ISC_FALSE;
key->hint_remove = ISC_TRUE;
key->hint_publish = false;
key->hint_sign = false;
key->hint_remove = true;
}
}
@@ -1364,7 +1365,7 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, const char *directory,
dns_dnsseckeylist_t *keylist)
{
isc_result_t result = ISC_R_SUCCESS;
isc_boolean_t dir_open = ISC_FALSE;
bool dir_open = false;
dns_dnsseckeylist_t list;
isc_dir_t dir;
dns_dnsseckey_t *key = NULL;
@@ -1378,14 +1379,14 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, const char *directory,
isc_dir_init(&dir);
isc_buffer_init(&b, namebuf, sizeof(namebuf) - 1);
RETERR(dns_name_tofilenametext(origin, ISC_FALSE, &b));
RETERR(dns_name_tofilenametext(origin, false, &b));
len = isc_buffer_usedlength(&b);
namebuf[len] = '\0';
if (directory == NULL)
directory = ".";
RETERR(isc_dir_open(&dir, directory));
dir_open = ISC_TRUE;
dir_open = true;
while (isc_dir_read(&dir) == ISC_R_SUCCESS) {
if (dir.entry.name[0] != 'K' ||
@@ -1490,13 +1491,13 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, const char *directory,
/*%
* Add 'newkey' to 'keylist' if it's not already there.
*
* If 'savekeys' is ISC_TRUE, then we need to preserve all
* If 'savekeys' is true, then we need to preserve all
* the keys in the keyset, regardless of whether they have
* metadata indicating they should be deactivated or removed.
*/
static isc_result_t
addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey,
isc_boolean_t savekeys, isc_mem_t *mctx)
bool savekeys, isc_mem_t *mctx)
{
dns_dnsseckey_t *key;
isc_result_t result;
@@ -1534,7 +1535,7 @@ addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey,
if (result != ISC_R_SUCCESS)
return (result);
if (key->legacy || savekeys) {
key->force_publish = ISC_TRUE;
key->force_publish = true;
key->force_sign = dst_key_isprivate(key->key);
}
key->source = dns_keysource_zoneapex;
@@ -1579,7 +1580,7 @@ mark_active_keys(dns_dnsseckeylist_t *keylist, dns_rdataset_t *rrsigs) {
sigalg = sig.algorithm;
sigid = sig.keyid;
if (keyid == sigid && keyalg == sigalg) {
key->is_active = ISC_TRUE;
key->is_active = true;
break;
}
}
@@ -1600,8 +1601,8 @@ isc_result_t
dns_dnssec_keylistfromrdataset(const dns_name_t *origin,
const char *directory, isc_mem_t *mctx,
dns_rdataset_t *keyset, dns_rdataset_t *keysigs,
dns_rdataset_t *soasigs, isc_boolean_t savekeys,
isc_boolean_t publickey,
dns_rdataset_t *soasigs, bool savekeys,
bool publickey,
dns_dnsseckeylist_t *keylist)
{
dns_rdataset_t keys;
@@ -1661,7 +1662,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin,
mctx, &privkey);
if (result == ISC_R_SUCCESS &&
dst_key_pubcompare(pubkey, privkey,
ISC_FALSE)) {
false)) {
dst_key_setflags(privkey, flags);
}
dst_key_setflags(pubkey, flags);
@@ -1800,7 +1801,7 @@ delrdata(dns_rdata_t *rdata, dns_diff_t *diff, dns_name_t *origin,
static isc_result_t
publish_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
dns_ttl_t ttl, isc_mem_t *mctx, isc_boolean_t allzsk,
dns_ttl_t ttl, isc_mem_t *mctx, bool allzsk,
void (*report)(const char *, ...))
{
isc_result_t result;
@@ -1865,7 +1866,7 @@ remove_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
return (result);
}
static isc_boolean_t
static bool
exists(dns_rdataset_t *rdataset, dns_rdata_t *rdata) {
isc_result_t result;
dns_rdataset_t trdataset;
@@ -1880,11 +1881,11 @@ exists(dns_rdataset_t *rdataset, dns_rdata_t *rdata) {
dns_rdataset_current(&trdataset, &current);
if (dns_rdata_compare(rdata, &current) == 0) {
dns_rdataset_disassociate(&trdataset);
return (ISC_TRUE);
return (true);
}
}
dns_rdataset_disassociate(&trdataset);
return (ISC_FALSE);
return (false);
}
isc_result_t
@@ -2018,12 +2019,12 @@ isc_result_t
dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
dns_dnsseckeylist_t *removed, const dns_name_t *origin,
dns_ttl_t hint_ttl, dns_diff_t *diff,
isc_boolean_t allzsk, isc_mem_t *mctx,
bool allzsk, isc_mem_t *mctx,
void (*report)(const char *, ...))
{
isc_result_t result;
dns_dnsseckey_t *key, *key1, *key2, *next;
isc_boolean_t found_ttl = ISC_FALSE;
bool found_ttl = false;
dns_ttl_t ttl = hint_ttl;
/*
@@ -2044,7 +2045,7 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
}
if (key->source == dns_keysource_zoneapex) {
ttl = dst_key_getttl(key->key);
found_ttl = ISC_TRUE;
found_ttl = true;
}
}
@@ -2073,7 +2074,7 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
* with known keys, and update accordingly.
*/
for (key1 = ISC_LIST_HEAD(*newkeys); key1 != NULL; key1 = next) {
isc_boolean_t key_revoked = ISC_FALSE;
bool key_revoked = false;
next = ISC_LIST_NEXT(key1, link);
@@ -2087,13 +2088,13 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
if (nr1 == nr2 &&
dst_key_alg(key1->key) == dst_key_alg(key2->key) &&
dst_key_pubcompare(key1->key, key2->key,
ISC_TRUE)) {
true)) {
int r1, r2;
r1 = dst_key_flags(key1->key) &
DNS_KEYFLAG_REVOKE;
r2 = dst_key_flags(key2->key) &
DNS_KEYFLAG_REVOKE;
key_revoked = ISC_TF(r1 != r2);
key_revoked = (r1 != r2);
break;
}
}
@@ -2108,7 +2109,7 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
RETERR(publish_key(diff, key1, origin, ttl,
mctx, allzsk, report));
if (key1->hint_sign || key1->force_sign)
key1->first_sign = ISC_TRUE;
key1->first_sign = true;
}
continue;
@@ -2152,12 +2153,12 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys,
* zone, sign the DNSKEY set with it, but not
* sign other records with it.
*/
key1->ksk = ISC_TRUE;
key1->ksk = true;
continue;
} else {
if (!key2->is_active &&
(key1->hint_sign || key1->force_sign))
key2->first_sign = ISC_TRUE;
key2->first_sign = true;
key2->hint_sign = key1->hint_sign;
key2->hint_publish = key1->hint_publish;
}