From 2e173bbd24a4227769a388b4e20a34c46a3d0c2f Mon Sep 17 00:00:00 2001
From: Tony Finch <dot@dotat.at>
Date: Thu, 31 Jan 2019 19:34:21 +0000
Subject: [PATCH] cleanup: allow building DS directly from CDNSKEY

Relax an assertion in lib/dns/ds.c so that dnssec-cds does
not have to work around it. This will also be useful for
dnssec-dsfromkey.
---
 bin/dnssec/dnssec-cds.c  | 6 ------
 lib/dns/ds.c             | 3 ++-
 lib/dns/include/dns/ds.h | 2 +-
 3 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/bin/dnssec/dnssec-cds.c b/bin/dnssec/dnssec-cds.c
index 979b141916d..955315f64de 100644
--- a/bin/dnssec/dnssec-cds.c
+++ b/bin/dnssec/dnssec-cds.c
@@ -482,7 +482,6 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness)
 		dns_rdata_ds_t ds;
 		dns_rdata_t dsrdata = DNS_RDATA_INIT;
 		dns_rdata_t newdsrdata = DNS_RDATA_INIT;
-		dns_rdatatype_t keytype;
 		bool c;
 
 		dns_rdataset_current(dsset, &dsrdata);
@@ -493,12 +492,8 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness)
 			continue;
 		}
 
-		/* allow for both DNSKEY and CDNSKEY */
-		keytype = ki->rdata.type;
-		ki->rdata.type = dns_rdatatype_dnskey;
 		result = dns_ds_buildrdata(name, &ki->rdata, ds.digest_type,
 					   dsbuf, &newdsrdata);
-		ki->rdata.type = keytype;
 		if (result != ISC_R_SUCCESS) {
 			vbprintf(3, "dns_ds_buildrdata("
 				 "keytag=%d, algo=%d, digest=%d): %s\n",
@@ -826,7 +821,6 @@ ds_from_cdnskey(dns_rdatalist_t *dslist, isc_buffer_t *buf,
 				return (ISC_R_NOSPACE);
 			}
 
-			cdnskey->type = dns_rdatatype_dnskey;
 			rdata = rdata_get();
 			result = dns_ds_buildrdata(name, cdnskey, dtype[i],
 						   r.base, rdata);
diff --git a/lib/dns/ds.c b/lib/dns/ds.c
index 02d62c4f363..e4d8131084a 100644
--- a/lib/dns/ds.c
+++ b/lib/dns/ds.c
@@ -47,7 +47,8 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
 	isc_result_t ret;
 
 	REQUIRE(key != NULL);
-	REQUIRE(key->type == dns_rdatatype_dnskey);
+	REQUIRE(key->type == dns_rdatatype_dnskey ||
+		key->type == dns_rdatatype_cdnskey);
 
 	if (!dst_ds_digest_supported(digest_type)) {
 		return (ISC_R_NOTIMPLEMENTED);
diff --git a/lib/dns/include/dns/ds.h b/lib/dns/include/dns/ds.h
index 4ea5a0d24df..122d6cd76d9 100644
--- a/lib/dns/include/dns/ds.h
+++ b/lib/dns/include/dns/ds.h
@@ -37,7 +37,7 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
  * Build the rdata of a DS record.
  *
  * Requires:
- *\li	key	Points to a valid DNS KEY record.
+ *\li	key	Points to a valid DNSKEY or CDNSKEY record.
  *\li	buffer	Points to a temporary buffer of at least
  * 		#DNS_DS_BUFFERSIZE bytes.
  *\li	rdata	Points to an initialized dns_rdata_t.
-- 
GitLab