dnssec-keygen: Change flag options into booleans

We now have ctx.kskflag, ctx.zskflag, and ctx.revflag, but zskflag is not quite like the other two, as it doesn't have a special bit in the DNS packet, and is used as a boolean. This patch changes so that we use booleans for all three, and construct the flags based on which ones are set. patch by @aram
2026-05-28 04:34:54 -04:00 · 2024-04-17 15:27:39 +02:00 · 2024-04-17 15:27:39 +02:00 · afda87cb08
commit afda87cb08
parent 7007025302
1 changed files with 16 additions and 25 deletions
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@ -96,9 +96,9 @@ struct keygen_ctx {
 	int options;
 	int dbits;
 	dns_ttl_t ttl;
-	uint16_t zskflag;
-	uint16_t kskflag;
-	uint16_t revflag;
+	bool wantzsk;
+	bool wantksk;
+	bool wantrev;
 	dns_secalg_t alg;
 	/* timing data */
 	int prepub;
@ -263,7 +263,6 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
 	isc_result_t ret;
 	dst_key_t *key = NULL;
 	dst_key_t *prevkey = NULL;
-	uint16_t kskflag;

 	UNUSED(argc);

@ -553,17 +552,15 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
 		ctx->directory = ".";
 	}

-	if (ctx->ksk) {
-		kskflag = DNS_KEYFLAG_KSK;
-	} else {
-		kskflag = ctx->kskflag;
-	}
-
 	if ((ctx->options & DST_TYPE_KEY) != 0) { /* KEY */
 		flags |= ctx->signatory;
 	} else if ((flags & DNS_KEYOWNER_ZONE) != 0) { /* DNSKEY */
-		flags |= kskflag;
-		flags |= ctx->revflag;
+		if (ctx->ksk || ctx->wantksk) {
+			flags |= DNS_KEYFLAG_KSK;
+		}
+		if (ctx->wantrev) {
+			flags |= DNS_KEYFLAG_REVOKE;
+		}
 	}

 	if (ctx->protocol == -1) {
@ -686,7 +683,7 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
 			}

 			if (ctx->setrev) {
-				if (ctx->kskflag == 0) {
+				if (!ctx->wantksk) {
 					fprintf(stderr,
 						"%s: warning: Key is "
 						"not flagged as a KSK, but -R "
@ -930,11 +927,11 @@ main(int argc, char **argv) {
 		case 'f':
 			c = (unsigned char)(isc_commandline_argument[0]);
 			if (toupper(c) == 'K') {
-				ctx.kskflag = DNS_KEYFLAG_KSK;
+				ctx.wantksk = true;
 			} else if (toupper(c) == 'Z') {
-				ctx.zskflag = 1;
+				ctx.wantzsk = true;
 			} else if (toupper(c) == 'R') {
-				ctx.revflag = DNS_KEYFLAG_REVOKE;
+				ctx.wantrev = true;
 			} else {
 				fatal("unknown flag '%s'",
 				      isc_commandline_argument);
@ -1208,7 +1205,7 @@ main(int argc, char **argv) {
 		if (ctx.size != -1) {
 			fatal("-k and -b cannot be used together");
 		}
-		if (ctx.revflag) {
+		if (ctx.wantrev) {
 			fatal("-k and -fR cannot be used together");
 		}
 		if (ctx.options & DST_TYPE_KEY) {
@ -1226,7 +1223,6 @@ main(int argc, char **argv) {
 			ctx.size = 0;
 			ctx.ttl = 3600;
 			ctx.setttl = true;
-			ctx.kskflag = DNS_KEYFLAG_KSK;
 			ctx.ksk = true;
 			ctx.zsk = true;
 			ctx.lifetime = 0;
@ -1278,13 +1274,8 @@ main(int argc, char **argv) {
 				if (ctx.keystore != NULL) {
 					check_keystore_options(&ctx);
 				}
-				if (ctx.ksk && ctx.kskflag == 0 &&
-				    ctx.zskflag != 0)
-				{
-					continue;
-				}
-				if (ctx.zsk && ctx.zskflag == 0 &&
-				    ctx.kskflag != 0)
+				if ((ctx.ksk && !ctx.wantksk && ctx.wantzsk) ||
+				    (ctx.zsk && !ctx.wantzsk && ctx.wantksk))
 				{
 					continue;
 				}