From: Daniel Salzman <daniel.salzman@nic.cz>
Date: Tue, 21 Oct 2025 08:17:02 +0000 (+0200)
Subject: Replace DNSSEC_INVALID_KEY_ALGORITHM with KNOT_INVALID_KEY_ALGORITHM
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96475b8b1fa831013574d0bdbf86d6854b028f44;p=thirdparty%2Fknot-dns.git

Replace DNSSEC_INVALID_KEY_ALGORITHM with KNOT_INVALID_KEY_ALGORITHM
---

diff --git a/src/libknot/dnssec/error.c b/src/libknot/dnssec/error.c
index 12adcd6e01..53ee9d9e42 100644
--- a/src/libknot/dnssec/error.c
+++ b/src/libknot/dnssec/error.c
@@ -32,7 +32,7 @@ static const error_message_t ERROR_MESSAGES[] = {
 
 	{ KNOT_INVALID_PUBLIC_KEY,	"invalid public key" },
 	{ DNSSEC_INVALID_PRIVATE_KEY,	"invalid private key" },
-	{ DNSSEC_INVALID_KEY_ALGORITHM,	"invalid key algorithm" },
+	{ KNOT_INVALID_KEY_ALGORITHM,	"invalid key algorithm" },
 	{ DNSSEC_INVALID_KEY_SIZE,	"invalid key size" },
 	{ DNSSEC_INVALID_KEY_ID,	"invalid key ID" },
 	{ DNSSEC_INVALID_KEY_NAME,	"invalid key name" },
diff --git a/src/libknot/dnssec/error.h b/src/libknot/dnssec/error.h
index f8d91b5bce..2f8c939943 100644
--- a/src/libknot/dnssec/error.h
+++ b/src/libknot/dnssec/error.h
@@ -44,7 +44,7 @@ enum dnssec_error {
 
 	KNOT_INVALID_PUBLIC_KEY,
 	DNSSEC_INVALID_PRIVATE_KEY,
-	DNSSEC_INVALID_KEY_ALGORITHM,
+	KNOT_INVALID_KEY_ALGORITHM,
 	DNSSEC_INVALID_KEY_SIZE,
 	DNSSEC_INVALID_KEY_ID,
 	DNSSEC_INVALID_KEY_NAME,
diff --git a/src/libknot/dnssec/key/algorithm.c b/src/libknot/dnssec/key/algorithm.c
index 9cc08e9890..871b5df960 100644
--- a/src/libknot/dnssec/key/algorithm.c
+++ b/src/libknot/dnssec/key/algorithm.c
@@ -122,7 +122,7 @@ int dnssec_algorithm_key_size_range(dnssec_key_algorithm_t algorithm,
 
 	const struct limits *limits = get_limits(algorithm);
 	if (!limits) {
-		return DNSSEC_INVALID_KEY_ALGORITHM;
+		return KNOT_INVALID_KEY_ALGORITHM;
 	}
 
 	if (min_ptr) {
diff --git a/src/libknot/dnssec/key/convert.c b/src/libknot/dnssec/key/convert.c
index 0bb8b6560e..b5352b10b3 100644
--- a/src/libknot/dnssec/key/convert.c
+++ b/src/libknot/dnssec/key/convert.c
@@ -321,7 +321,7 @@ int convert_pubkey_to_dnskey(gnutls_pubkey_t key, dnssec_binary_t *rdata)
 #ifdef HAVE_ED448
 	case GNUTLS_PK_EDDSA_ED448: return eddsa_pubkey_to_rdata(key, rdata);
 #endif
-	default: return DNSSEC_INVALID_KEY_ALGORITHM;
+	default: return KNOT_INVALID_KEY_ALGORITHM;
 	}
 }
 
@@ -343,6 +343,6 @@ int convert_dnskey_to_pubkey(uint8_t algorithm, const dnssec_binary_t *rdata,
 #ifdef HAVE_ED448
 	case GNUTLS_PK_EDDSA_ED448: return eddsa_rdata_to_pubkey(rdata, key);
 #endif
-	default: return DNSSEC_INVALID_KEY_ALGORITHM;
+	default: return KNOT_INVALID_KEY_ALGORITHM;
 	}
 }
diff --git a/src/libknot/dnssec/key/key.c b/src/libknot/dnssec/key/key.c
index 81952dd003..c94fedceb9 100644
--- a/src/libknot/dnssec/key/key.c
+++ b/src/libknot/dnssec/key/key.c
@@ -298,7 +298,7 @@ int dnssec_key_set_algorithm(dnssec_key_t *key, uint8_t algorithm)
 	}
 
 	if (!can_change_algorithm(key, algorithm)) {
-		return DNSSEC_INVALID_KEY_ALGORITHM;
+		return KNOT_INVALID_KEY_ALGORITHM;
 	}
 
 	wire_ctx_t wire = binary_init(&key->rdata);
@@ -334,7 +334,7 @@ int dnssec_key_set_pubkey(dnssec_key_t *key, const dnssec_binary_t *pubkey)
 	}
 
 	if (dnssec_key_get_algorithm(key) == 0) {
-		return DNSSEC_INVALID_KEY_ALGORITHM;
+		return KNOT_INVALID_KEY_ALGORITHM;
 	}
 
 	int result = dnskey_rdata_set_pubkey(&key->rdata, pubkey);
diff --git a/src/libknot/dnssec/key/privkey.c b/src/libknot/dnssec/key/privkey.c
index 25a1c68d5b..55f9d44448 100644
--- a/src/libknot/dnssec/key/privkey.c
+++ b/src/libknot/dnssec/key/privkey.c
@@ -113,7 +113,7 @@ int key_set_private_key(dnssec_key_t *key, gnutls_privkey_t privkey)
 	assert(key->private_key == NULL);
 
 	if (!valid_algorithm(key, privkey)) {
-		return DNSSEC_INVALID_KEY_ALGORITHM;
+		return KNOT_INVALID_KEY_ALGORITHM;
 	}
 
 	if (!key->public_key) {
diff --git a/src/libknot/dnssec/key/simple.c b/src/libknot/dnssec/key/simple.c
index f8efaa4a6a..0258c00476 100644
--- a/src/libknot/dnssec/key/simple.c
+++ b/src/libknot/dnssec/key/simple.c
@@ -25,7 +25,7 @@ int dnssec_key_load_pkcs8(dnssec_key_t *key, const dnssec_binary_t *pem)
 	}
 
 	if (dnssec_key_get_algorithm(key) == 0) {
-		return DNSSEC_INVALID_KEY_ALGORITHM;
+		return KNOT_INVALID_KEY_ALGORITHM;
 	}
 
 	gnutls_privkey_t privkey = NULL;
diff --git a/src/libknot/dnssec/keystore/keystore.c b/src/libknot/dnssec/keystore/keystore.c
index 0b0b865240..2eaeb84f7f 100644
--- a/src/libknot/dnssec/keystore/keystore.c
+++ b/src/libknot/dnssec/keystore/keystore.c
@@ -102,7 +102,7 @@ int dnssec_keystore_generate(dnssec_keystore_t *store,
 
 	gnutls_pk_algorithm_t algorithm = algorithm_to_gnutls(_algorithm);
 	if (algorithm == GNUTLS_PK_UNKNOWN) {
-		return DNSSEC_INVALID_KEY_ALGORITHM;
+		return KNOT_INVALID_KEY_ALGORITHM;
 	}
 
 	if (!dnssec_algorithm_key_size_check(_algorithm, bits)) {
diff --git a/src/libknot/dnssec/sign/sign.c b/src/libknot/dnssec/sign/sign.c
index 1847008771..0cf74fd84e 100644
--- a/src/libknot/dnssec/sign/sign.c
+++ b/src/libknot/dnssec/sign/sign.c
@@ -239,7 +239,7 @@ int dnssec_sign_new(dnssec_sign_ctx_t **ctx_ptr, const dnssec_key_t *key)
 	ctx->functions = get_functions(key);
 	if (ctx->functions == NULL) {
 		free(ctx);
-		return DNSSEC_INVALID_KEY_ALGORITHM;
+		return KNOT_INVALID_KEY_ALGORITHM;
 	}
 
 	const uint8_t algo_raw = dnssec_key_get_algorithm(key);
diff --git a/src/libknot/dnssec/tsig.c b/src/libknot/dnssec/tsig.c
index 115a1251d5..49a1aed303 100644
--- a/src/libknot/dnssec/tsig.c
+++ b/src/libknot/dnssec/tsig.c
@@ -161,7 +161,7 @@ int dnssec_tsig_new(dnssec_tsig_ctx_t **ctx_ptr,
 	ctx->algorithm = algorithm_to_gnutls(algorithm);
 	if (ctx->algorithm == GNUTLS_MAC_UNKNOWN) {
 		free(ctx);
-		return DNSSEC_INVALID_KEY_ALGORITHM;
+		return KNOT_INVALID_KEY_ALGORITHM;
 	}
 
 	int result = gnutls_hmac_init(&ctx->hash, ctx->algorithm, key->data, key->size);
diff --git a/src/utils/keymgr/bind_privkey.c b/src/utils/keymgr/bind_privkey.c
index 8c86cde068..59d8cc589d 100644
--- a/src/utils/keymgr/bind_privkey.c
+++ b/src/utils/keymgr/bind_privkey.c
@@ -80,7 +80,7 @@ static int parse_algorithm(char *string, void *_algorithm)
 	uint8_t *algorithm = _algorithm;
 	int r = str_to_u8(string, algorithm);
 
-	return (r == KNOT_EOK ? KNOT_EOK : DNSSEC_INVALID_KEY_ALGORITHM);
+	return (r == KNOT_EOK ? KNOT_EOK : KNOT_INVALID_KEY_ALGORITHM);
 }
 
 /*!
@@ -376,7 +376,7 @@ int bind_privkey_to_pem(dnssec_key_t *key, bind_privkey_t *params, dnssec_binary
 #endif
 		return eddsa_params_to_pem(key, params, pem);
 	default:
-		return DNSSEC_INVALID_KEY_ALGORITHM;
+		return KNOT_INVALID_KEY_ALGORITHM;
 	}
 }
 
diff --git a/tests/libknot/test_dnssec_key.c b/tests/libknot/test_dnssec_key.c
index fb9a3336e2..acb77c361f 100644
--- a/tests/libknot/test_dnssec_key.c
+++ b/tests/libknot/test_dnssec_key.c
@@ -50,7 +50,7 @@ static void test_public_key(const key_parameters_t *params)
 	// create from parameters
 
 	r = dnssec_key_set_pubkey(key, &params->public_key);
-	ok(r == DNSSEC_INVALID_KEY_ALGORITHM,
+	ok(r == KNOT_INVALID_KEY_ALGORITHM,
 	   "set public key (fails, no algorithm set)");
 
 	check_attr_scalar(key, uint16_t, flags,     256, params->flags);