dst_key_iszonekey() checks that the key's protocol is DNSSEC or ANY.

Remove this check from the validator, and remove more redundant constants from dst.h
2026-06-29 23:33:48 -04:00 · 2000-04-12 15:52:12 +00:00 · 2000-04-12 15:52:12 +00:00 · 63bf060be4
commit 63bf060be4
parent 7e5f154045
3 changed files with 6 additions and 9 deletions
--- a/lib/dns/sec/dst/dst_api.c
+++ b/lib/dns/sec/dst/dst_api.c
@ -17,7 +17,7 @@

 /*
 * Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.26 2000/04/10 19:48:03 bwelling Exp $
+ * $Id: dst_api.c,v 1.27 2000/04/12 15:52:11 bwelling Exp $
 */

 #include <config.h>
@ -723,6 +723,9 @@ dst_key_iszonekey(const dst_key_t *key) {
 		return (ISC_FALSE);
 	if ((key->key_flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE)
 		return (ISC_FALSE);
+	if (key->key_proto != DNS_KEYPROTO_DNSSEC &&
+	    key->key_proto != DNS_KEYPROTO_ANY)
+		return (ISC_FALSE);
 	return (ISC_TRUE);
 }

--- a/lib/dns/sec/dst/include/dst/dst.h
+++ b/lib/dns/sec/dst/include/dst/dst.h
@ -48,12 +48,6 @@ typedef void *		dst_context_t;
 				 DST_SIGMODE_UPDATE | \
 				 DST_SIGMODE_FINAL)

-/* Key protocol octet values. */
-#define DST_KEYPROTO_TLS	1
-#define DST_KEYPROTO_EMAIL	2
-#define DST_KEYPROTO_DNSSEC	3
-#define DST_KEYPROTO_IPSEC	4
-
 /* A buffer of this size is large enough to hold any key */
 #define DST_KEY_MAXSIZE		1024

--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@ -260,8 +260,8 @@ get_dst_key(dns_validator_t *val, dns_siginfo_t *siginfo,
 		    (dns_secalg_t)dst_key_alg(val->key) &&
 		    siginfo->tag ==
 		    (dns_keytag_t)dst_key_id(val->key) &&
-		    dst_key_iszonekey(val->key) &&
-		    dst_key_proto(val->key) == DST_KEYPROTO_DNSSEC) {
+		    dst_key_iszonekey(val->key))
+		{
 			/*
 			 * This is the key we're looking for.
 			 */