Followup to #12893: Rewrite and fix verifyOne() loop

Previous version could return true if the first iteration succeeded, but
the second one threw. Spotted by pt01 on IRC.

(cherry picked from commit 891f17371c4e1007f91abb4695c4b0e95c3f2995)

diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
index 04ce29193b0d78b49431d9cd0271bdaec3a6db8f..a07a9f1d8fc57f2c3b788b349c209363480729f5 100644 (file)
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -398,20 +398,28 @@ bool DNSCryptoKeyEngine::testVerify(unsigned int algo, maker_t* verifier)
 
 bool DNSCryptoKeyEngine::verifyOne(unsigned int algo)
 {
-  bool ret = false;
-
-  for (auto* verifier : getAllMakers()[algo]) {
+  const auto& makers = getAllMakers();
+  auto iter = makers.find(algo);
+  // No algo foound
+  if (iter == makers.cend()) {
+    return false;
+  }
+  // Algo found, but maker empty? Should not happen
+  if (iter->second.empty()) {
+    return false;
+  }
+  // Check that all maker->verify return true
+  return std::all_of(iter->second.begin(), iter->second.end(), [algo](maker_t* verifier) {
     try {
-      ret = testVerify(algo, verifier);
+      if (!testVerify(algo, verifier)) {
+        return false;
+      }
     }
     catch (std::exception& e) {
-      // Empty
-    }
-    if (!ret) {
-      break;
+      return false;
     }
-  }
-  return ret;
+    return true;
+  });
 }
 
 void DNSCryptoKeyEngine::testMakers(unsigned int algo, maker_t* creator, maker_t* signer, maker_t* verifier)