Style: some curly brackets

(cherry picked from commit 2e83e3255a9c0096e1d386839ff2b72ea0185ac5)
(cherry picked from commit 42b0bf4d3bab180876d4803fe2ec1f6e93064b28)

diff --git a/lib/dns/update.c b/lib/dns/update.c
index 47cc4cf4ef9baccbb38b8f405c9d9715e692e8d5..7c9afc24e83d35b688c8b00a5d2e2584b3cc6285 100644 (file)
--- a/lib/dns/update.c
+++ b/lib/dns/update.c
@@ -1105,10 +1105,13 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
        for (i = 0; i < nkeys; i++) {
                bool both = false;
 
-               if (!dst_key_isprivate(keys[i]))
+               /* Don't add signatures for offline or inactive keys */
+               if (!dst_key_isprivate(keys[i])) {
                        continue;
-               if (dst_key_inactive(keys[i]))  /* Should be redundant. */
+               }
+               if (dst_key_inactive(keys[i])) {
                        continue;
+               }
 
                if (check_ksk && !REVOKE(keys[i])) {
                        bool have_ksk, have_nonksk;
@@ -1120,21 +1123,31 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
                                have_nonksk = true;
                        }
                        for (j = 0; j < nkeys; j++) {
-                               if (j == i || ALG(keys[i]) != ALG(keys[j]))
-                                       continue;
-                               if (!dst_key_isprivate(keys[j]))
+                               if (j == i || ALG(keys[i]) != ALG(keys[j])) {
                                        continue;
-                               if (dst_key_inactive(keys[j]))  /* SBR */
+                               }
+
+                               /* Don't consider inactive keys, however
+                                * the key may be temporary offline, so do
+                                * consider keys which private key files are
+                                * unavailable.
+                                */
+                               if (dst_key_inactive(keys[j])) {
                                        continue;
-                               if (REVOKE(keys[j]))
+                               }
+
+                               if (REVOKE(keys[j])) {
                                        continue;
-                               if (KSK(keys[j]))
+                               }
+                               if (KSK(keys[j])) {
                                        have_ksk = true;
-                               else
+                               } else {
                                        have_nonksk = true;
+                               }
                                both = have_ksk && have_nonksk;
-                               if (both)
+                               if (both) {
                                        break;
+                               }
                        }
                }
 

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 3f1bc448c639b8b79975f0cb53b4b4bd82a70c59..57295fc00fb09b10a49426ed04af1e7d79a78d0d 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -6365,10 +6365,11 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
                 * If there is not a matching DNSKEY then
                 * delete the RRSIG.
                 */
-               if (!found)
+               if (!found) {
                        result = update_one_rr(db, ver, zonediff->diff,
                                               DNS_DIFFOP_DELRESIGN, name,
                                               rdataset.ttl, &rdata);
+               }
                if (result != ISC_R_SUCCESS)
                        break;
        }
@@ -6433,10 +6434,13 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
        for (i = 0; i < nkeys; i++) {
                bool both = false;
 
-               if (!dst_key_isprivate(keys[i]))
+               /* Don't add signatures for offline or inactive keys */
+               if (!dst_key_isprivate(keys[i])) {
                        continue;
-               if (dst_key_inactive(keys[i]))  /* Should be redundant. */
+               }
+               if (dst_key_inactive(keys[i])) {
                        continue;
+               }
 
                if (check_ksk && !REVOKE(keys[i])) {
                        bool have_ksk, have_nonksk;
@@ -6447,24 +6451,36 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
                                have_ksk = false;
                                have_nonksk = true;
                        }
+
                        for (j = 0; j < nkeys; j++) {
-                               if (j == i || ALG(keys[i]) != ALG(keys[j]))
+                               if (j == i || ALG(keys[i]) != ALG(keys[j])) {
                                        continue;
-                               if (!dst_key_isprivate(keys[j]))
-                                       continue;
-                               if (dst_key_inactive(keys[j]))  /* SBR */
+                               }
+
+                               /* Don't consider inactive keys, however
+                                * the key may be temporary offline, so do
+                                * consider keys which private key files are
+                                * unavailable.
+                                */
+                               if (dst_key_inactive(keys[j])) {
                                        continue;
-                               if (REVOKE(keys[j]))
+                               }
+
+                               if (REVOKE(keys[j])) {
                                        continue;
-                               if (KSK(keys[j]))
+                               }
+                               if (KSK(keys[j])) {
                                        have_ksk = true;
-                               else
+                               } else {
                                        have_nonksk = true;
+                               }
                                both = have_ksk && have_nonksk;
-                               if (both)
+                               if (both) {
                                        break;
+                               }
                        }
                }
+
                if (both) {
                        if (type == dns_rdatatype_dnskey) {
                                if (!KSK(keys[i]) && keyset_kskonly)
@@ -10220,14 +10236,17 @@ zone_maintenance(dns_zone_t *zone) {
                if (zone->rss_event != NULL)
                        break;
                if (!isc_time_isepoch(&zone->signingtime) &&
-                   isc_time_compare(&now, &zone->signingtime) >= 0)
+                   isc_time_compare(&now, &zone->signingtime) >= 0) {
                        zone_sign(zone);
+               }
                else if (!isc_time_isepoch(&zone->resigntime) &&
-                   isc_time_compare(&now, &zone->resigntime) >= 0)
+                   isc_time_compare(&now, &zone->resigntime) >= 0) {
                        zone_resigninc(zone);
+               }
                else if (!isc_time_isepoch(&zone->nsec3chaintime) &&
-                       isc_time_compare(&now, &zone->nsec3chaintime) >= 0)
+                       isc_time_compare(&now, &zone->nsec3chaintime) >= 0) {
                        zone_nsec3chain(zone);
+               }
                /*
                 * Do we need to issue a key expiry warning?
                 */
@@ -17770,15 +17789,18 @@ add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype,
        for (tuple = ISC_LIST_HEAD(diff->tuples);
             tuple != NULL;
             tuple = ISC_LIST_NEXT(tuple, link)) {
-               if (tuple->rdata.type != dns_rdatatype_dnskey)
+               if (tuple->rdata.type != dns_rdatatype_dnskey) {
                        continue;
+               }
 
                result = dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);
                RUNTIME_CHECK(result == ISC_R_SUCCESS);
                if ((dnskey.flags &
                     (DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH))
                         != DNS_KEYOWNER_ZONE)
+               {
                        continue;
+               }
 
                dns_rdata_toregion(&tuple->rdata, &r);
 
@@ -17796,8 +17818,10 @@ add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype,
 
                if (sign_all || tuple->op == DNS_DIFFOP_DEL) {
                        CHECK(rr_exists(db, ver, name, &rdata, &flag));
-                       if (flag)
+                       if (flag) {
                                continue;
+                       }
+
                        CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD,
                                                   name, 0, &rdata, &newtuple));
                        CHECK(do_one_tuple(&newtuple, db, ver, diff));
@@ -18097,7 +18121,6 @@ zone_rekey(dns_zone_t *zone) {
        } else if (result != ISC_R_NOTFOUND)
                goto failure;
 
-
        /* Get the CDS rdataset */
        result = dns_db_findrdataset(db, node, ver, dns_rdatatype_cds,
                                     dns_rdatatype_none, 0, &cdsset, NULL);
@@ -18121,7 +18144,6 @@ zone_rekey(dns_zone_t *zone) {
        if (result == ISC_R_SUCCESS) {
                bool check_ksk;
                check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK);
-
                result = dns_dnssec_updatekeys(&dnskeys, &keys, &rmkeys,
                                               &zone->origin, ttl, &diff,
                                               !check_ksk,