From: Matthijs Mekking Date: Mon, 30 Jan 2023 10:18:42 +0000 (+0100) Subject: Add functions to set CDS digest-type X-Git-Tag: v9.19.11~14^2~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32114afc46a8687274d18e65580a18e55741184a;p=thirdparty%2Fbind9.git Add functions to set CDS digest-type BIND dnssec-policy currently only supports CDS digest-type 2. Add API functions to allow other digest-types. --- diff --git a/lib/dns/include/dns/kasp.h b/lib/dns/include/dns/kasp.h index b429494ca31..fb0af46bca4 100644 --- a/lib/dns/include/dns/kasp.h +++ b/lib/dns/include/dns/kasp.h @@ -82,6 +82,7 @@ struct dns_kasp { /* Configuration: Keys */ dns_kasp_keylist_t keys; dns_ttl_t dnskey_ttl; + unsigned int cds_digesttype; /* Configuration: Denial of existence */ bool nsec3; @@ -309,6 +310,31 @@ dns_kasp_setdnskeyttl(dns_kasp_t *kasp, dns_ttl_t ttl); *\li 'kasp' is a valid, thawed kasp. */ +unsigned int +dns_kasp_cdsdigesttype(dns_kasp_t *kasp); +/*%< + * Get CDS digest-type. + * + * Requires: + * + *\li 'kasp' is a valid, frozen kasp. + * + * Returns: + * + *\li CDS digest-type. + */ + +void +dns_kasp_setcdsdigesttype(dns_kasp_t *kasp, unsigned int digesttype); +/*%< + * Set CDS digest-type. + * If 'digesttype' is not supported, this will not change the digest-type. + * + * Requires: + * + *\li 'kasp' is a valid, thawed kasp. + */ + uint32_t dns_kasp_purgekeys(dns_kasp_t *kasp); /*%< diff --git a/lib/dns/kasp.c b/lib/dns/kasp.c index cdc70fd2d92..c08297c8f25 100644 --- a/lib/dns/kasp.c +++ b/lib/dns/kasp.c @@ -27,6 +27,8 @@ #include #include +#include + isc_result_t dns_kasp_create(isc_mem_t *mctx, const char *name, dns_kasp_t **kaspp) { dns_kasp_t *kasp; @@ -188,6 +190,24 @@ dns_kasp_setdnskeyttl(dns_kasp_t *kasp, dns_ttl_t ttl) { kasp->dnskey_ttl = ttl; } +unsigned int +dns_kasp_cdsdigesttype(dns_kasp_t *kasp) { + REQUIRE(DNS_KASP_VALID(kasp)); + REQUIRE(kasp->frozen); + + return (kasp->cds_digesttype); +} + +void +dns_kasp_setcdsdigesttype(dns_kasp_t *kasp, unsigned int digesttype) { + REQUIRE(DNS_KASP_VALID(kasp)); + REQUIRE(!kasp->frozen); + + if (dst_ds_digest_supported(digesttype)) { + kasp->cds_digesttype = digesttype; + } +} + uint32_t dns_kasp_purgekeys(dns_kasp_t *kasp) { REQUIRE(DNS_KASP_VALID(kasp));