From 81cb18b8a230441d0b5fe5e34bad728cad4e4e9b Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Fri, 3 Mar 2023 14:15:59 +0100
Subject: [PATCH] Make make_dnskey() a public funcion

It can be used to compare DNSKEY, CDNSKEY, and CDS records with
signing keys.
---
 lib/dns/dnssec.c             | 18 +++++++++---------
 lib/dns/include/dns/dnssec.h | 17 +++++++++++++++++
 2 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c
index 034d697eec..ca0bf413f4 100644
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -1835,9 +1835,9 @@ failure:
 	return (result);
 }
 
-static isc_result_t
-make_dnskey(dst_key_t *key, unsigned char *buf, int bufsize,
-	    dns_rdata_t *target) {
+isc_result_t
+dns_dnssec_make_dnskey(dst_key_t *key, unsigned char *buf, int bufsize,
+		       dns_rdata_t *target) {
 	isc_result_t result;
 	isc_buffer_t b;
 	isc_region_t r;
@@ -1893,7 +1893,7 @@ publish_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
 	dns_rdata_t dnskey = DNS_RDATA_INIT;
 
 	dns_rdata_reset(&dnskey);
-	RETERR(make_dnskey(key->key, buf, sizeof(buf), &dnskey));
+	RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
 	dst_key_format(key->key, keystr, sizeof(keystr));
 
 	report("Fetching %s (%s) from key %s.", keystr,
@@ -1933,7 +1933,7 @@ remove_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin,
 	report("Removing %s key %s/%d/%s from DNSKEY RRset.", reason, namebuf,
 	       dst_key_id(key->key), alg);
 
-	RETERR(make_dnskey(key->key, buf, sizeof(buf), &dnskey));
+	RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey));
 	result = delrdata(&dnskey, diff, origin, ttl, mctx);
 
 failure:
@@ -2045,8 +2045,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
 		dns_rdata_t cdnskeyrdata = DNS_RDATA_INIT;
 		dns_name_t *origin = dst_key_name(key->key);
 
-		RETERR(make_dnskey(key->key, keybuf, sizeof(keybuf),
-				   &cdnskeyrdata));
+		RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
+					      &cdnskeyrdata));
 		cdnskeyrdata.type = dns_rdatatype_cdnskey;
 
 		if (syncpublish(key->key, now)) {
@@ -2127,8 +2127,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys,
 		char keystr[DST_KEY_FORMATSIZE];
 		dst_key_format(key->key, keystr, sizeof(keystr));
 
-		RETERR(make_dnskey(key->key, keybuf, sizeof(keybuf),
-				   &cdnskeyrdata));
+		RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf),
+					      &cdnskeyrdata));
 
 		if (dns_rdataset_isassociated(cds)) {
 			delete_cds(key, &cdnskeyrdata, (const char *)keystr,
diff --git a/lib/dns/include/dns/dnssec.h b/lib/dns/include/dns/dnssec.h
index eb754bf459..903d40c4f7 100644
--- a/lib/dns/include/dns/dnssec.h
+++ b/lib/dns/include/dns/dnssec.h
@@ -95,6 +95,23 @@ dns_dnssec_keyfromrdata(const dns_name_t *name, const dns_rdata_t *rdata,
  *\li		various errors from dns_name_totext
  */
 
+isc_result_t
+dns_dnssec_make_dnskey(dst_key_t *key, unsigned char *buf, int bufsize,
+		       dns_rdata_t *target);
+/*%<
+ *	Convert a DST key into a DNS record.
+ *
+ *	Requires:
+ *\li		'key' is not NULL
+ *\li		'buf' is not NULL
+ *\li		'bufsize' equals DST_KEY_MAXSIZE
+ *\li		'target' is not NULL
+ *
+ *	Returns:
+ *\li		#ISC_R_SUCCESS
+ *\li		various errors from dst_key_todns
+ */
+
 isc_result_t
 dns_dnssec_sign(const dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 		isc_stdtime_t *inception, isc_stdtime_t *expire,