resolved: optimize dnssec_verify_rrset() a bit
Let's determine the source of synthesis once instead of for each RR in the RRset.
This commit is contained in:
parent
eb241cdbee
commit
7715f91dca
|
@ -513,8 +513,9 @@ int dnssec_verify_rrset(
|
||||||
DnsResourceRecord **list, *rr;
|
DnsResourceRecord **list, *rr;
|
||||||
gcry_md_hd_t md = NULL;
|
gcry_md_hd_t md = NULL;
|
||||||
int r, md_algorithm;
|
int r, md_algorithm;
|
||||||
bool wildcard = false;
|
|
||||||
size_t k, n = 0;
|
size_t k, n = 0;
|
||||||
|
bool wildcard;
|
||||||
|
const char *source;
|
||||||
|
|
||||||
assert(key);
|
assert(key);
|
||||||
assert(rrsig);
|
assert(rrsig);
|
||||||
|
@ -543,6 +544,12 @@ int dnssec_verify_rrset(
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Determine the "Source of Synthesis" and whether this is a wildcard RRSIG */
|
||||||
|
r = dns_name_suffix(DNS_RESOURCE_KEY_NAME(key), rrsig->rrsig.labels, &source);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
wildcard = r > 0;
|
||||||
|
|
||||||
/* Collect all relevant RRs in a single array, so that we can look at the RRset */
|
/* Collect all relevant RRs in a single array, so that we can look at the RRset */
|
||||||
list = newa(DnsResourceRecord *, dns_answer_size(a));
|
list = newa(DnsResourceRecord *, dns_answer_size(a));
|
||||||
|
|
||||||
|
@ -593,22 +600,19 @@ int dnssec_verify_rrset(
|
||||||
goto finish;
|
goto finish;
|
||||||
gcry_md_write(md, wire_format_name, r);
|
gcry_md_write(md, wire_format_name, r);
|
||||||
|
|
||||||
|
/* Convert the source of synthesis into wire format */
|
||||||
|
r = dns_name_to_wire_format(source, wire_format_name, sizeof(wire_format_name), true);
|
||||||
|
if (r < 0)
|
||||||
|
goto finish;
|
||||||
|
|
||||||
for (k = 0; k < n; k++) {
|
for (k = 0; k < n; k++) {
|
||||||
const char *suffix;
|
|
||||||
size_t l;
|
size_t l;
|
||||||
|
|
||||||
rr = list[k];
|
rr = list[k];
|
||||||
|
|
||||||
r = dns_name_suffix(DNS_RESOURCE_KEY_NAME(rr->key), rrsig->rrsig.labels, &suffix);
|
/* Hash the source of synthesis. If this is a wildcard, then prefix it with the *. label */
|
||||||
if (r < 0)
|
if (wildcard)
|
||||||
goto finish;
|
|
||||||
if (r > 0) /* This is a wildcard! */ {
|
|
||||||
gcry_md_write(md, (uint8_t[]) { 1, '*'}, 2);
|
gcry_md_write(md, (uint8_t[]) { 1, '*'}, 2);
|
||||||
wildcard = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
r = dns_name_to_wire_format(suffix, wire_format_name, sizeof(wire_format_name), true);
|
|
||||||
if (r < 0)
|
|
||||||
goto finish;
|
|
||||||
gcry_md_write(md, wire_format_name, r);
|
gcry_md_write(md, wire_format_name, r);
|
||||||
|
|
||||||
md_add_uint16(md, rr->key->type);
|
md_add_uint16(md, rr->key->type);
|
||||||
|
|
Loading…
Reference in New Issue