cleanup: allow building DS directly from CDNSKEY

Relax an assertion in lib/dns/ds.c so that dnssec-cds does
not have to work around it. This will also be useful for
dnssec-dsfromkey.

(cherry picked from commit 2e173bbd24a4227769a388b4e20a34c46a3d0c2f)

diff --git a/bin/dnssec/dnssec-cds.c b/bin/dnssec/dnssec-cds.c
index 863a449c40bf8d554efb1a5af4af6bc153dde138..246f701d755cd149960bf09e9ed5aa9d8d512cc6 100644 (file)
--- a/bin/dnssec/dnssec-cds.c
+++ b/bin/dnssec/dnssec-cds.c
@@ -484,7 +484,6 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness)
                dns_rdata_ds_t ds;
                dns_rdata_t dsrdata = DNS_RDATA_INIT;
                dns_rdata_t newdsrdata = DNS_RDATA_INIT;
-               dns_rdatatype_t keytype;
                bool c;
 
                dns_rdataset_current(dsset, &dsrdata);
@@ -495,12 +494,8 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness)
                        continue;
                }
 
-               /* allow for both DNSKEY and CDNSKEY */
-               keytype = ki->rdata.type;
-               ki->rdata.type = dns_rdatatype_dnskey;
                result = dns_ds_buildrdata(name, &ki->rdata, ds.digest_type,
                                           dsbuf, &newdsrdata);
-               ki->rdata.type = keytype;
                if (result != ISC_R_SUCCESS) {
                        vbprintf(3, "dns_ds_buildrdata("
                                 "keytag=%d, algo=%d, digest=%d): %s\n",
@@ -825,7 +820,6 @@ ds_from_cdnskey(dns_rdatalist_t *dslist, isc_buffer_t *buf,
                                return (ISC_R_NOSPACE);
                        }
 
-                       cdnskey->type = dns_rdatatype_dnskey;
                        rdata = rdata_get();
                        result = dns_ds_buildrdata(name, cdnskey, dtype[i],
                                                   r.base, rdata);

diff --git a/lib/dns/ds.c b/lib/dns/ds.c
index d1a507bcc2f8cfff253eecfc2650ad501316555b..9981a9d304a6705a5ac79551771f6e6dbcbe7105 100644 (file)
--- a/lib/dns/ds.c
+++ b/lib/dns/ds.c
@@ -54,7 +54,8 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
 #endif
 
        REQUIRE(key != NULL);
-       REQUIRE(key->type == dns_rdatatype_dnskey);
+       REQUIRE(key->type == dns_rdatatype_dnskey ||
+               key->type == dns_rdatatype_cdnskey);
 
        if (!dst_ds_digest_supported(digest_type))
                return (ISC_R_NOTIMPLEMENTED);

diff --git a/lib/dns/include/dns/ds.h b/lib/dns/include/dns/ds.h
index 4ea5a0d24df22fa248034ae0db6c9baa9ac1dedb..122d6cd76d917f86d672f17ce13e7291954e6d2c 100644 (file)
--- a/lib/dns/include/dns/ds.h
+++ b/lib/dns/include/dns/ds.h
@@ -37,7 +37,7 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
  * Build the rdata of a DS record.
  *
  * Requires:
- *\li  key     Points to a valid DNS KEY record.
+ *\li  key     Points to a valid DNSKEY or CDNSKEY record.
  *\li  buffer  Points to a temporary buffer of at least
  *             #DNS_DS_BUFFERSIZE bytes.
  *\li  rdata   Points to an initialized dns_rdata_t.