From: Matthijs Mekking <matthijs@isc.org>
Date: Wed, 15 Mar 2023 10:51:33 +0000 (+0100)
Subject: Add new dns_rdatatype_iskeymaterial() function
X-Git-Tag: v9.19.14~32^2~1
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=ef58f2444f4bc76891f89ad3344348232994a4df;p=thirdparty%2Fbind9.git

Add new dns_rdatatype_iskeymaterial() function

The following code block repeats quite often:

    if (rdata.type == dns_rdatatype_dnskey ||
        rdata.type == dns_rdatatype_cdnskey ||
        rdata.type == dns_rdatatype_cds)

Introduce a new function to reduce the repetition.
---

diff --git a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h
index 1ff135e697c..36f79c8edd2 100644
--- a/lib/dns/include/dns/rdata.h
+++ b/lib/dns/include/dns/rdata.h
@@ -565,6 +565,13 @@ dns_rdatatype_isdnssec(dns_rdatatype_t type);
  * \li	'type' is a valid rdata type.
  */
 
+bool
+dns_rdatatype_iskeymaterial(dns_rdatatype_t type);
+/*%<
+ * Return true iff the rdata type 'type' is a DNSSEC key
+ * related type, like DNSKEY, CDNSKEY, or CDS.
+ */
+
 bool
 dns_rdatatype_iszonecutauth(dns_rdatatype_t type);
 /*%<
diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
index d90ef212f44..13218d069cb 100644
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -2272,6 +2272,12 @@ dns_rdatatype_isdnssec(dns_rdatatype_t type) {
 	return (false);
 }
 
+bool
+dns_rdatatype_iskeymaterial(dns_rdatatype_t type) {
+	return (type == dns_rdatatype_dnskey || type == dns_rdatatype_cdnskey ||
+		type == dns_rdatatype_cds);
+}
+
 bool
 dns_rdatatype_iszonecutauth(dns_rdatatype_t type) {
 	if ((dns_rdatatype_attributes(type) & DNS_RDATATYPEATTR_ZONECUTAUTH) !=
diff --git a/lib/dns/update.c b/lib/dns/update.c
index c547c041a85..43a30a311fb 100644
--- a/lib/dns/update.c
+++ b/lib/dns/update.c
@@ -1201,10 +1201,7 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
 				}
 			}
 
-			if (type == dns_rdatatype_dnskey ||
-			    type == dns_rdatatype_cdnskey ||
-			    type == dns_rdatatype_cds)
-			{
+			if (dns_rdatatype_iskeymaterial(type)) {
 				/*
 				 * DNSKEY RRset is signed with KSK.
 				 * CDS and CDNSKEY RRsets too (RFC 7344, 4.1).
@@ -1238,10 +1235,7 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
 			/*
 			 * CDS and CDNSKEY are signed with KSK (RFC 7344, 4.1).
 			 */
-			if (type == dns_rdatatype_dnskey ||
-			    type == dns_rdatatype_cdnskey ||
-			    type == dns_rdatatype_cds)
-			{
+			if (dns_rdatatype_iskeymaterial(type)) {
 				if (!KSK(keys[i]) && keyset_kskonly) {
 					continue;
 				}
@@ -1670,10 +1664,7 @@ next_state:
 						    &flag));
 				if (flag) {
 					isc_stdtime_t exp;
-					if (type == dns_rdatatype_dnskey ||
-					    type == dns_rdatatype_cdnskey ||
-					    type == dns_rdatatype_cds)
-					{
+					if (dns_rdatatype_iskeymaterial(type)) {
 						exp = state->keyexpire;
 					} else if (type == dns_rdatatype_soa) {
 						exp = state->soaexpire;
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 40682992fa9..8ea68a65492 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -6384,9 +6384,7 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
 		result = dns_rdata_tostruct(&rdata, &rrsig, NULL);
 		RUNTIME_CHECK(result == ISC_R_SUCCESS);
 
-		if (type != dns_rdatatype_dnskey && type != dns_rdatatype_cds &&
-		    type != dns_rdatatype_cdnskey)
-		{
+		if (!dns_rdatatype_iskeymaterial(type)) {
 			bool warn = false, deleted = false;
 			if (delsig_ok(&rrsig, keys, nkeys, kasp, &warn)) {
 				result = update_one_rr(db, ver, zonediff->diff,
@@ -6703,10 +6701,7 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_zone_t *zone,
 				both = have_ksk && have_zsk;
 			}
 
-			if (type == dns_rdatatype_dnskey ||
-			    type == dns_rdatatype_cdnskey ||
-			    type == dns_rdatatype_cds)
-			{
+			if (dns_rdatatype_iskeymaterial(type)) {
 				/*
 				 * DNSKEY RRset is signed with KSK.
 				 * CDS and CDNSKEY RRsets too (RFC 7344, 4.1).
@@ -6746,10 +6741,7 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_zone_t *zone,
 			/*
 			 * CDS and CDNSKEY are signed with KSK (RFC 7344, 4.1).
 			 */
-			if (type == dns_rdatatype_dnskey ||
-			    type == dns_rdatatype_cdnskey ||
-			    type == dns_rdatatype_cds)
-			{
+			if (dns_rdatatype_iskeymaterial(type)) {
 				if (!KSK(keys[i]) && keyset_kskonly) {
 					continue;
 				}
@@ -7150,9 +7142,7 @@ signed_with_good_key(dns_zone_t *zone, dns_db_t *db, dns_dbnode_t *node,
 		}
 		KASP_UNLOCK(kasp);
 
-		if (type == dns_rdatatype_dnskey ||
-		    type == dns_rdatatype_cdnskey || type == dns_rdatatype_cds)
-		{
+		if (dns_rdatatype_iskeymaterial(type)) {
 			/*
 			 * CDS and CDNSKEY are signed with KSK like DNSKEY.
 			 * (RFC 7344, section 4.1 specifies that they must
@@ -7327,10 +7317,7 @@ sign_a_node(dns_db_t *db, dns_zone_t *zone, dns_name_t *name,
 		{
 			goto next_rdataset;
 		}
-		if (rdataset.type == dns_rdatatype_dnskey ||
-		    rdataset.type == dns_rdatatype_cdnskey ||
-		    rdataset.type == dns_rdatatype_cds)
-		{
+		if (dns_rdatatype_iskeymaterial(rdataset.type)) {
 			/*
 			 * CDS and CDNSKEY are signed with KSK like DNSKEY.
 			 * (RFC 7344, section 4.1 specifies that they must
@@ -7944,9 +7931,7 @@ dns__zone_updatesigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version,
 		isc_stdtime_t exp = expire;
 
 		if (keyexpire != 0 &&
-		    (tuple->rdata.type == dns_rdatatype_dnskey ||
-		     tuple->rdata.type == dns_rdatatype_cdnskey ||
-		     tuple->rdata.type == dns_rdatatype_cds))
+		    dns_rdatatype_iskeymaterial(tuple->rdata.type))
 		{
 			exp = keyexpire;
 		}
@@ -16109,10 +16094,7 @@ sync_secure_journal(dns_zone_t *zone, dns_zone_t *raw, dns_journal_t *journal,
 		 * update the zone with these records from a different provider,
 		 * but skip records that are under our control.
 		 */
-		if (rdata->type == dns_rdatatype_dnskey ||
-		    rdata->type == dns_rdatatype_cdnskey ||
-		    rdata->type == dns_rdatatype_cds)
-		{
+		if (dns_rdatatype_iskeymaterial(rdata->type)) {
 			bool inuse = false;
 			isc_result_t r = dns_zone_dnskey_inuse(zone, rdata,
 							       &inuse);
@@ -16183,10 +16165,7 @@ sync_secure_db(dns_zone_t *seczone, dns_zone_t *raw, dns_db_t *secdb,
 		 * update the zone with these records from a different provider,
 		 * but skip records that are under our control.
 		 */
-		if (tuple->rdata.type == dns_rdatatype_dnskey ||
-		    tuple->rdata.type == dns_rdatatype_cdnskey ||
-		    tuple->rdata.type == dns_rdatatype_cds)
-		{
+		if (dns_rdatatype_iskeymaterial(tuple->rdata.type)) {
 			bool inuse = false;
 			isc_result_t r = dns_zone_dnskey_inuse(
 				seczone, &tuple->rdata, &inuse);
diff --git a/lib/ns/query.c b/lib/ns/query.c
index 5d223e54832..99fee3e775b 100644
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -11989,9 +11989,7 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) {
 	/*
 	 * Turn on minimal response for (C)DNSKEY and (C)DS queries.
 	 */
-	if (qtype == dns_rdatatype_dnskey || qtype == dns_rdatatype_ds ||
-	    qtype == dns_rdatatype_cdnskey || qtype == dns_rdatatype_cds)
-	{
+	if (dns_rdatatype_iskeymaterial(qtype) || qtype == dns_rdatatype_ds) {
 		client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
 					     NS_QUERYATTR_NOADDITIONAL);
 	} else if (qtype == dns_rdatatype_ns) {
diff --git a/lib/ns/update.c b/lib/ns/update.c
index efffd4054dc..31032633666 100644
--- a/lib/ns/update.c
+++ b/lib/ns/update.c
@@ -3386,10 +3386,7 @@ update_action(void *arg) {
 				 * Don't remove DNSKEY, CDNSKEY, CDS records
 				 * that are in use (under our control).
 				 */
-				if (rdata.type == dns_rdatatype_dnskey ||
-				    rdata.type == dns_rdatatype_cdnskey ||
-				    rdata.type == dns_rdatatype_cds)
-				{
+				if (dns_rdatatype_iskeymaterial(rdata.type)) {
 					isc_result_t r;
 					bool inuse = false;
 					r = dns_zone_dnskey_inuse(zone, &rdata,