[#1626] Fix stuck algorithm rollover

Algorithm rollover was stuck on submitting DS because keymgr thought
it would move to an invalid state.  It did not match the current
key because it checked it against the current key in the next state.
Fixed by when checking the current key, check it against the desired
state, not the existing state.

diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c
index 40d38ff83573fbd3ff3160fe2d26785f1aefdf31..9253c4fd0c2111e96c0db00769e6edfcb6dba6ae 100644 (file)
--- a/lib/dns/keymgr.c
+++ b/lib/dns/keymgr.c
@@ -546,8 +546,15 @@ keymgr_ds_hidden_or_chained(dns_dnsseckeylist_t *keyring, dns_dnsseckey_t *key,
                 * chain of trust (can be this key).
                 */
                dnskey_omnipresent[DST_KEY_DS] = NA;
-               (void)dst_key_getstate(dkey->key, DST_KEY_DS,
-                                      &dnskey_omnipresent[DST_KEY_DS]);
+               if (next_state != NA &&
+                   dst_key_id(dkey->key) == dst_key_id(key->key))
+               {
+                       /* Check next state rather than current state. */
+                       dnskey_omnipresent[DST_KEY_DS] = next_state;
+               } else {
+                       (void)dst_key_getstate(dkey->key, DST_KEY_DS,
+                                              &dnskey_omnipresent[DST_KEY_DS]);
+               }
                if (!keymgr_key_exists_with_state(
                            keyring, key, type, next_state, dnskey_omnipresent,
                            na, false, match_algorithms))