ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

keygen/settime: Write out successor/predecessor

Browse Source 
When creating a successor key, or calculating time for a successor
key, write out the successor and predecessor metadata to the
related files.
This commit is contained in:
Matthijs Mekking
2019-10-16 17:43:30 +02:00
parent da0ae5299f
commit dcf79ce61f
3 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
bin/dnssec/dnssec-keygen.c
View File

@@ -767,6 +767,19 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv)
fatal("cannot generate a null key due to possible key ID "
"collision");
if (ctx->predecessor != NULL && prevkey != NULL) {
dst_key_setnum(prevkey, DST_NUM_SUCCESSOR, dst_key_id(key));
dst_key_setnum(key, DST_NUM_PREDECESSOR, dst_key_id(prevkey));
ret = dst_key_tofile(prevkey, ctx->options, ctx->directory);
if (ret != ISC_R_SUCCESS) {
char keystr[DST_KEY_FORMATSIZE];
dst_key_format(prevkey, keystr, sizeof(keystr));
fatal("failed to update predecessor %s: %s\n", keystr,
isc_result_totext(ret));
}
}
ret = dst_key_tofile(key, ctx->options, ctx->directory);
if (ret != ISC_R_SUCCESS) {
char keystr[DST_KEY_FORMATSIZE];

8
bin/dnssec/dnssec-settime.c
View File

@@ -715,6 +715,11 @@ main(int argc, char **argv) {
if (setttl)
dst_key_setttl(key, ttl);
if (predecessor != NULL && prevkey != NULL) {
dst_key_setnum(prevkey, DST_NUM_SUCCESSOR, dst_key_id(key));
dst_key_setnum(key, DST_NUM_PREDECESSOR, dst_key_id(prevkey));
}
/*
* No metadata changes were made but we're forcing an upgrade
* to the new format anyway: use "-P now -A now" as the default
@@ -816,6 +821,9 @@ main(int argc, char **argv) {
if (changed) {
writekey(key, directory, write_state);
if (predecessor != NULL && prevkey != NULL) {
writekey(prevkey, directory, write_state);
}
}
if (prevkey != NULL)

2
lib/dns/dst_api.c
View File

@@ -1997,6 +1997,8 @@ write_key_state(const dst_key_t *key, int type, const char *directory) {
fprintf(fp, "Length: %u\n", key->key_size);
printnum(key, DST_NUM_LIFETIME, "Lifetime", fp);
printnum(key, DST_NUM_PREDECESSOR, "Predecessor", fp);
printnum(key, DST_NUM_SUCCESSOR, "Successor", fp);
printbool(key, DST_BOOL_KSK, "KSK", fp);
printbool(key, DST_BOOL_ZSK, "ZSK", fp);