From 27e7d5f698f3eebc5b1ff26737331cef972873e1 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Fri, 26 Feb 2021 09:27:32 +0100 Subject: [PATCH] Fix keymgr key init bug The 'keymgr_key_init()' function initializes key states if they have not been set previously. It looks at the key timing metadata and determines using the given times whether a state should be set to RUMOURED or OMNIPRESENT. However, the DNSKEY and ZRRSIG states were mixed up: When looking at the Activate timing metadata we should set the ZRRSIG state, and when looking at the Published timing metadata we should set the DNSKEY state. --- lib/dns/keymgr.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c index 009c06b195..05ee2e74e4 100644 --- a/lib/dns/keymgr.c +++ b/lib/dns/keymgr.c @@ -1549,23 +1549,23 @@ keymgr_key_init(dns_dnsseckey_t *key, dns_kasp_t *kasp, isc_stdtime_t now) { /* Get time metadata. */ ret = dst_key_gettime(key->key, DST_TIME_ACTIVATE, &active); if (active <= now && ret == ISC_R_SUCCESS) { - dns_ttl_t key_ttl = dst_key_getttl(key->key); - key_ttl += dns_kasp_zonepropagationdelay(kasp); - if ((active + key_ttl) <= now) { - dnskey_state = OMNIPRESENT; + dns_ttl_t zone_ttl = dns_kasp_zonemaxttl(kasp); + zone_ttl += dns_kasp_zonepropagationdelay(kasp); + if ((active + zone_ttl) <= now) { + zrrsig_state = OMNIPRESENT; } else { - dnskey_state = RUMOURED; + zrrsig_state = RUMOURED; } goal_state = OMNIPRESENT; } ret = dst_key_gettime(key->key, DST_TIME_PUBLISH, &pub); if (pub <= now && ret == ISC_R_SUCCESS) { - dns_ttl_t zone_ttl = dns_kasp_zonemaxttl(kasp); - zone_ttl += dns_kasp_zonepropagationdelay(kasp); - if ((pub + zone_ttl) <= now) { - zrrsig_state = OMNIPRESENT; + dns_ttl_t key_ttl = dst_key_getttl(key->key); + key_ttl += dns_kasp_zonepropagationdelay(kasp); + if ((pub + key_ttl) <= now) { + dnskey_state = OMNIPRESENT; } else { - zrrsig_state = RUMOURED; + dnskey_state = RUMOURED; } goal_state = OMNIPRESENT; }