Change dnssec-ksr key sorting

author Matthijs Mekking <matthijs@isc.org>

Mon, 2 Sep 2024 15:48:22 +0000 (17:48 +0200)

committer Matthijs Mekking <matthijs@isc.org>

Wed, 16 Oct 2024 15:16:02 +0000 (17:16 +0200)
author Matthijs Mekking <matthijs@isc.org>
Mon, 2 Sep 2024 15:48:22 +0000 (17:48 +0200)
committer Matthijs Mekking <matthijs@isc.org>
Wed, 16 Oct 2024 15:16:02 +0000 (17:16 +0200)
diff --git a/bin/dnssec/dnssec-ksr.c b/bin/dnssec/dnssec-ksr.c

index ea4d3e729ed9a73a7f50b2d248bb2c3df32f7ad0..9919fd42105f38473bf37182f0aecba49d5a982d 100644 (file)
--- a/bin/dnssec/dnssec-ksr.c
+++ b/bin/dnssec/dnssec-ksr.c
@@ -182,10 +182,14 @@ getkasp(ksr_ctx_t *ksr, dns_kasp_t **kasp) {
  }
  
  static int
-keytag_cmp(const void *k1, const void *k2) {
+keyalgtag_cmp(const void *k1, const void *k2) {
         dns_dnsseckey_t **key1 = (dns_dnsseckey_t **)k1;
         dns_dnsseckey_t **key2 = (dns_dnsseckey_t **)k2;
-       if (dst_key_id((*key1)->key) < dst_key_id((*key2)->key)) {
+       if (dst_key_alg((*key1)->key) < dst_key_alg((*key2)->key)) {
+               return (-1);
+       } else if (dst_key_alg((*key1)->key) > dst_key_alg((*key2)->key)) {
+               return (1);
+       } else if (dst_key_id((*key1)->key) < dst_key_id((*key2)->key)) {
                 return (-1);
         } else if (dst_key_id((*key1)->key) > dst_key_id((*key2)->key)) {
                 return (1);
@@ -220,7 +224,7 @@ get_dnskeys(ksr_ctx_t *ksr, dns_dnsseckeylist_t *keys) {
         {
                 keys_sorted[i] = dk;
         }
-       qsort(keys_sorted, n, sizeof(dns_dnsseckey_t *), keytag_cmp);
+       qsort(keys_sorted, n, sizeof(dns_dnsseckey_t *), keyalgtag_cmp);
         while (!ISC_LIST_EMPTY(keys_read)) {
                 dns_dnsseckey_t *key = ISC_LIST_HEAD(keys_read);
                 ISC_LIST_UNLINK(keys_read, key, link);
diff --git a/bin/tests/system/ksr/ns1/named.conf.in b/bin/tests/system/ksr/ns1/named.conf.in

index 9cd4ed672534886b9fa38bacc1875fb36036e903..75710b42dc6290685b51e9a2667543b08356c463 100644 (file)
--- a/bin/tests/system/ksr/ns1/named.conf.in
+++ b/bin/tests/system/ksr/ns1/named.conf.in
@@ -79,9 +79,9 @@ dnssec-policy "no-cds" {
  dnssec-policy "two-tone" {
         offline-ksk yes;
         keys {
-               ksk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
                 ksk lifetime unlimited algorithm @ALTERNATIVE_ALGORITHM@;
-               zsk lifetime P3M algorithm @DEFAULT_ALGORITHM@;
                 zsk lifetime P5M algorithm @ALTERNATIVE_ALGORITHM@;
+               ksk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+               zsk lifetime P3M algorithm @DEFAULT_ALGORITHM@;
         };
  };
author	Matthijs Mekking <matthijs@isc.org>
	Mon, 2 Sep 2024 15:48:22 +0000 (17:48 +0200)
committer	Matthijs Mekking <matthijs@isc.org>
	Wed, 16 Oct 2024 15:16:02 +0000 (17:16 +0200)
bin/dnssec/dnssec-ksr.c		patch \| blob \| blame \| history
bin/tests/system/ksr/ns1/named.conf.in		patch \| blob \| blame \| history