Make make_dnskey() a public funcion

It can be used to compare DNSKEY, CDNSKEY, and CDS records with
signing keys.

diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c
index 034d697eec3cf46ad3072f88e03a4a7fb1ae0a32..ca0bf413f4450cc132b8f3be7aa9dc5f2093a989 100644 (file)
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -1835,9 +1835,9 @@ failure:
        return (result);
 }
 
-static isc_result_t
-make_dnskey(dst_key_t *key, unsigned char *buf, int bufsize,
-           dns_rdata_t *target) {
+isc_result_t
+dns_dnssec_make_dnskey(dst_key_t *key, unsigned char *buf, int bufsize,
+                      dns_rdata_t *target) {
        isc_result_t result;
        isc_buffer_t b;
        isc_region_t r;
@@ -1893,7 +1893,7 @@ publish_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
        dns_rdata_t dnskey = DNS_RDATA_INIT;
 
        dns_rdata_reset(&dnskey);
-       RETERR(make_dnskey(key->key, buf, sizeof(buf), &dnskey));
+       RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
        dst_key_format(key->key, keystr, sizeof(keystr));
 
        report("Fetching %s (%s) from key %s.", keystr,
@@ -1933,7 +1933,7 @@ remove_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
        report("Removing %s key %s/%d/%s from DNSKEY RRset.", reason, namebuf,
               dst_key_id(key->key), alg);
 
-       RETERR(make_dnskey(key->key, buf, sizeof(buf), &dnskey));
+       RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
        result = delrdata(&dnskey, diff, origin, ttl, mctx);
 
 failure:
@@ -2045,8 +2045,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
                dns_rdata_t cdnskeyrdata = DNS_RDATA_INIT;
                dns_name_t *origin = dst_key_name(key->key);
 
-               RETERR(make_dnskey(key->key, keybuf, sizeof(keybuf),
-                                  &cdnskeyrdata));
+               RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
+                                             &cdnskeyrdata));
                cdnskeyrdata.type = dns_rdatatype_cdnskey;
 
                if (syncpublish(key->key, now)) {
@@ -2127,8 +2127,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
                char keystr[DST_KEY_FORMATSIZE];
                dst_key_format(key->key, keystr, sizeof(keystr));
 
-               RETERR(make_dnskey(key->key, keybuf, sizeof(keybuf),
-                                  &cdnskeyrdata));
+               RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
+                                             &cdnskeyrdata));
 
                if (dns_rdataset_isassociated(cds)) {
                        delete_cds(key, &cdnskeyrdata, (const char *)keystr,

diff --git a/lib/dns/include/dns/dnssec.h b/lib/dns/include/dns/dnssec.h
index eb754bf4596d49c701be72956306bb2d75be2e7d..903d40c4f71ad1ce5ab453a88792a21079b1cc8f 100644 (file)
--- a/lib/dns/include/dns/dnssec.h
+++ b/lib/dns/include/dns/dnssec.h
@@ -95,6 +95,23 @@ dns_dnssec_keyfromrdata(const dns_name_t *name, const dns_rdata_t *rdata,
  *\li          various errors from dns_name_totext
  */
 
+isc_result_t
+dns_dnssec_make_dnskey(dst_key_t *key, unsigned char *buf, int bufsize,
+                      dns_rdata_t *target);
+/*%<
+ *     Convert a DST key into a DNS record.
+ *
+ *     Requires:
+ *\li          'key' is not NULL
+ *\li          'buf' is not NULL
+ *\li          'bufsize' equals DST_KEY_MAXSIZE
+ *\li          'target' is not NULL
+ *
+ *     Returns:
+ *\li          #ISC_R_SUCCESS
+ *\li          various errors from dst_key_todns
+ */
+
 isc_result_t
 dns_dnssec_sign(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
                isc_stdtime_t *inception, isc_stdtime_t *expire,