From: Daniel Salzman <daniel.salzman@nic.cz>
Date: Tue, 21 Oct 2025 09:04:20 +0000 (+0200)
Subject: Replace DNSSEC_INVALID_*_ALGORITHM with KNOT_EALGORITHM
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=060b7c361d4f254b54177a6f6f6cb5d2284c50fe;p=thirdparty%2Fknot-dns.git

Replace DNSSEC_INVALID_*_ALGORITHM with KNOT_EALGORITHM
---

diff --git a/src/libknot/dnssec/digest.c b/src/libknot/dnssec/digest.c
index 156dd96473..a8034fe326 100644
--- a/src/libknot/dnssec/digest.c
+++ b/src/libknot/dnssec/digest.c
@@ -34,7 +34,7 @@ int dnssec_digest_init(dnssec_digest_t algorithm, dnssec_digest_ctx_t **out_ctx)
 
 	gnutls_digest_algorithm_t gtalg = lookup_algorithm(algorithm);
 	if (gtalg == GNUTLS_DIG_UNKNOWN) {
-		return DNSSEC_INVALID_DIGEST_ALGORITHM;
+		return KNOT_EALGORITHM;
 	}
 
 	dnssec_digest_ctx_t *res = malloc(sizeof(*res));
diff --git a/src/libknot/dnssec/error.h b/src/libknot/dnssec/error.h
index 38ebbf16b4..2076d677f1 100644
--- a/src/libknot/dnssec/error.h
+++ b/src/libknot/dnssec/error.h
@@ -57,10 +57,10 @@ enum dnssec_error {
 	DNSSEC_SIGN_ERROR,
 	DNSSEC_INVALID_SIGNATURE,
 
-	DNSSEC_INVALID_NSEC3_ALGORITHM,
+	KNOT_EALGORITHM,
 	DNSSEC_NSEC3_HASHING_ERROR,
 
-	DNSSEC_INVALID_DS_ALGORITHM,
+	KNOT_EALGORITHM,
 	DNSSEC_DS_HASHING_ERROR,
 
 	DNSSEC_KEYSTORE_INVALID_CONFIG,
@@ -69,7 +69,7 @@ enum dnssec_error {
 	DNSSEC_P11_TOO_MANY_MODULES,
 	DNSSEC_P11_TOKEN_NOT_AVAILABLE,
 
-	DNSSEC_INVALID_DIGEST_ALGORITHM,
+	KNOT_EALGORITHM,
 	DNSSEC_DIGEST_ERROR,
 
 	DNSSEC_ERROR_MAX = -1001
diff --git a/src/libknot/dnssec/key/ds.c b/src/libknot/dnssec/key/ds.c
index 3a13511363..054aa41bf3 100644
--- a/src/libknot/dnssec/key/ds.c
+++ b/src/libknot/dnssec/key/ds.c
@@ -74,7 +74,7 @@ int dnssec_key_create_ds(const dnssec_key_t *key,
 
 	gnutls_digest_algorithm_t algorithm = lookup_algorithm(ds_algorithm);
 	if (algorithm == GNUTLS_DIG_UNKNOWN) {
-		return DNSSEC_INVALID_DS_ALGORITHM;
+		return KNOT_EALGORITHM;
 	}
 
 	// compute DS hash
diff --git a/src/libknot/dnssec/nsec/hash.c b/src/libknot/dnssec/nsec/hash.c
index 087ff3422d..e40253a4be 100644
--- a/src/libknot/dnssec/nsec/hash.c
+++ b/src/libknot/dnssec/nsec/hash.c
@@ -93,7 +93,7 @@ int dnssec_nsec3_hash(const dnssec_binary_t *data,
 
 	gnutls_digest_algorithm_t algorithm = algorithm_d2g(params->algorithm);
 	if (algorithm == GNUTLS_DIG_UNKNOWN) {
-		return DNSSEC_INVALID_NSEC3_ALGORITHM;
+		return KNOT_EALGORITHM;
 	}
 
 	return nsec3_hash(algorithm, params->iterations, &params->salt, data, hash);
diff --git a/src/libknot/errcode.h b/src/libknot/errcode.h
index 093bb7392e..ed8d0d4da8 100644
--- a/src/libknot/errcode.h
+++ b/src/libknot/errcode.h
@@ -178,6 +178,7 @@ enum knot_error {
 	KNOT_KEY_EIMPORT,
 	KNOT_KEY_EEXPORT,
 	KNOT_KEY_EGENERATE,
+	KNOT_EALGORITHM,
 
 	KNOT_ERROR_MAX = -501
 };
diff --git a/src/libknot/error.c b/src/libknot/error.c
index aaae64924f..5dbc3da0f1 100644
--- a/src/libknot/error.c
+++ b/src/libknot/error.c
@@ -177,6 +177,7 @@ static const struct error errors[] = {
 	{ KNOT_KEY_EIMPORT,            "failed to import key" },
 	{ KNOT_KEY_EEXPORT,            "failed to export key" },
 	{ KNOT_KEY_EGENERATE,          "failed to generate key" },
+	{ KNOT_EALGORITHM,             "invalid hash algorithm" },
 
 	/* Terminator */
 	{ KNOT_ERROR, NULL }
diff --git a/tests/libknot/test_dnssec_key_ds.c b/tests/libknot/test_dnssec_key_ds.c
index 2a9ca4842c..71ef38e2ad 100644
--- a/tests/libknot/test_dnssec_key_ds.c
+++ b/tests/libknot/test_dnssec_key_ds.c
@@ -73,7 +73,7 @@ static void test_errors(const struct key_parameters *params)
 	is_int(KNOT_EINVAL, r, "dnssec_key_create_ds() no RDATA buffer");
 
 	r = dnssec_key_create_ds(key, 3, &ds);
-	is_int(DNSSEC_INVALID_DS_ALGORITHM, r, "dnssec_key_create_ds() unsupported algorithm");
+	is_int(KNOT_EALGORITHM, r, "dnssec_key_create_ds() unsupported algorithm");
 
 	r = dnssec_key_create_ds(key, DNSSEC_KEY_DIGEST_SHA1, &ds);
 	is_int(KNOT_EOK, r, "dnssec_key_create_ds() valid parameters");