mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

Add dst_key_role function

Browse Source 
Change the static function 'get_ksk_zsk' to a library function that
can be used to determine the role of a dst_key. Add checks if the
boolean parameters to store the role are not NULL. Rename to
'dst_key_role'.
This commit is contained in:
Matthijs Mekking
2021-05-12 11:09:33 +02:00
parent 6f92d4b9a5
commit c9b7f62767
2 changed files with 32 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
lib/dns/dst_api.c
View File

@@ -2372,20 +2372,31 @@ dst_key_is_unused(dst_key_t *key) {
return (true); return (true);
} }
static void isc_result_t
get_ksk_zsk(dst_key_t *key, bool *ksk, bool *zsk) { dst_key_role(dst_key_t *key, bool *ksk, bool *zsk) {
bool k = false, z = false; bool k = false, z = false;
isc_result_t result, ret = ISC_R_SUCCESS;
if (dst_key_getbool(key, DST_BOOL_KSK, &k) == ISC_R_SUCCESS) { if (ksk != NULL) {
*ksk = k; result = dst_key_getbool(key, DST_BOOL_KSK, &k);
} else { if (result == ISC_R_SUCCESS) {
*ksk = ((dst_key_flags(key) & DNS_KEYFLAG_KSK) != 0); *ksk = k;
} else {
*ksk = ((dst_key_flags(key) & DNS_KEYFLAG_KSK) != 0);
ret = result;
}
} }
if (dst_key_getbool(key, DST_BOOL_ZSK, &z) == ISC_R_SUCCESS) {
*zsk = z; if (zsk != NULL) {
} else { result = dst_key_getbool(key, DST_BOOL_ZSK, &z);
*zsk = ((dst_key_flags(key) & DNS_KEYFLAG_KSK) == 0); if (result == ISC_R_SUCCESS) {
*zsk = z;
} else {
*zsk = ((dst_key_flags(key) & DNS_KEYFLAG_KSK) == 0);
ret = result;
}
} }
return (ret);
} }
/* Hints on key whether it can be published and/or used for signing. */ /* Hints on key whether it can be published and/or used for signing. */
@@ -2444,7 +2455,7 @@ dst_key_is_active(dst_key_t *key, isc_stdtime_t now) {
time_ok = (when <= now); time_ok = (when <= now);
} }
get_ksk_zsk(key, &ksk, &zsk); (void)dst_key_role(key, &ksk, &zsk);
/* Check key states: /* Check key states:
* KSK: If the DS is RUMOURED or OMNIPRESENT the key is considered * KSK: If the DS is RUMOURED or OMNIPRESENT the key is considered
@@ -2505,7 +2516,7 @@ dst_key_is_signing(dst_key_t *key, int role, isc_stdtime_t now,
time_ok = (when <= now); time_ok = (when <= now);
} }
get_ksk_zsk(key, &ksk, &zsk); (void)dst_key_role(key, &ksk, &zsk);
/* Check key states: /* Check key states:
* If the RRSIG state is RUMOURED or OMNIPRESENT, it means the key * If the RRSIG state is RUMOURED or OMNIPRESENT, it means the key

9
lib/dns/include/dst/dst.h
View File

@@ -1180,6 +1180,15 @@ dst_key_goal(dst_key_t *key);
* 'key' to be valid. * 'key' to be valid.
*/ */
isc_result_t
dst_key_role(dst_key_t *key, bool *ksk, bool *zsk);
/*%<
* Get the key role. A key can have the KSK or the ZSK role, or both.
*
* Requires:
* 'key' to be valid.
*/
void void
dst_key_copy_metadata(dst_key_t *to, dst_key_t *from); dst_key_copy_metadata(dst_key_t *to, dst_key_t *from);
/*%< /*%<