From: Matthijs Mekking Date: Thu, 3 Dec 2020 09:19:38 +0000 (+0100) Subject: Add function to see if dst key uses kasp X-Git-Tag: v9.16.11~11^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6ff69ee8ba44c89b728aadfa807532f5f320971e;p=thirdparty%2Fbind9.git Add function to see if dst key uses kasp For purposes of zones transitioning back to insecure mode, it is practical to see if related keys have a state file associated. (cherry picked from commit 8f2c5e45da47394c812f5499b2766b13387c7bbc) --- diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c index aaa6479661d..8bd0605e837 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -649,12 +649,14 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type, filename, ".state"); INSIST(result == ISC_R_SUCCESS); + key->kasp = false; result = dst_key_read_state(newfilename, mctx, &key); - if (result == ISC_R_FILENOTFOUND) { + if (result == ISC_R_SUCCESS) { + key->kasp = true; + } else if (result == ISC_R_FILENOTFOUND) { /* Having no state is valid. */ result = ISC_R_SUCCESS; } - isc_mem_put(mctx, newfilename, newfilenamelen); newfilename = NULL; RETERR(result); @@ -2600,6 +2602,8 @@ dst_key_goal(dst_key_t *key) { dst_key_state_t state; isc_result_t result; + REQUIRE(VALID_KEY(key)); + result = dst_key_getstate(key, DST_KEY_GOAL, &state); if (result == ISC_R_SUCCESS) { return (state); @@ -2607,6 +2611,13 @@ dst_key_goal(dst_key_t *key) { return (DST_KEY_STATE_HIDDEN); } +bool +dst_key_haskasp(dst_key_t *key) { + REQUIRE(VALID_KEY(key)); + + return (key->kasp); +} + void dst_key_copy_metadata(dst_key_t *to, dst_key_t *from) { dst_key_state_t state; diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h index ffccd92880f..62526328515 100644 --- a/lib/dns/dst_internal.h +++ b/lib/dns/dst_internal.h @@ -123,6 +123,7 @@ struct dst_key { bool keystateset[DST_MAX_KEYSTATES + 1]; /*%< data * set? */ + bool kasp; /*%< key has kasp state */ bool inactive; /*%< private key not present as it is * inactive */ bool external; /*%< external key */ diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h index 5ae0f87be91..010bc99a395 100644 --- a/lib/dns/include/dst/dst.h +++ b/lib/dns/include/dst/dst.h @@ -1103,6 +1103,15 @@ dst_key_isexternal(dst_key_t *key); * 'key' to be valid. */ +bool +dst_key_haskasp(dst_key_t *key); +/*%< + * Check if this key has state (and thus uses KASP). + * + * Requires: + * 'key' to be valid. + */ + bool dst_key_is_unused(dst_key_t *key); /*%< diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in index 9c0e93201a0..3a169309cd1 100644 --- a/lib/dns/win32/libdns.def.in +++ b/lib/dns/win32/libdns.def.in @@ -1469,6 +1469,7 @@ dst_key_getstate dst_key_gettime dst_key_getttl dst_key_goal +dst_key_haskasp dst_key_id dst_key_is_active dst_key_is_published