From: Remi Gacogne Date: Fri, 11 Dec 2020 11:50:01 +0000 (+0100) Subject: Return a unique_ptr instead of a shared one for DNSCryptoKeyEngine X-Git-Tag: rec-4.5.0-alpha1~47^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a2c6e55476e5ef22ba97e883a98ed6fa7294732b;p=thirdparty%2Fpdns.git Return a unique_ptr instead of a shared one for DNSCryptoKeyEngine We do not always need a shared pointer, and that saves memory barriers when we don't. --- diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc index 68d3a2e9f0..bce257f00e 100644 --- a/pdns/dbdnsseckeeper.cc +++ b/pdns/dbdnsseckeeper.cc @@ -176,7 +176,8 @@ DNSSECPrivateKey DNSSECKeeper::getKeyById(const DNSName& zname, unsigned int id) DNSSECPrivateKey dpk; DNSKEYRecordContent dkrc; - dpk.setKey(shared_ptr(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content))); + auto key = shared_ptr(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content)); + dpk.setKey(key); dpk.d_flags = kd.flags; dpk.d_algorithm = dkrc.d_algorithm; @@ -535,8 +536,8 @@ DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const DNSName& zone, bool useCache) for(const DNSBackend::KeyData &keydata : dbkeyset) { DNSSECPrivateKey dpk; DNSKEYRecordContent dkrc; - - dpk.setKey(shared_ptr(DNSCryptoKeyEngine::makeFromISCString(dkrc, keydata.content))); + auto key = shared_ptr(DNSCryptoKeyEngine::makeFromISCString(dkrc, keydata.content)); + dpk.setKey(key); if(keydata.active) { if(keydata.flags == 257) @@ -552,8 +553,8 @@ DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const DNSName& zone, bool useCache) { DNSSECPrivateKey dpk; DNSKEYRecordContent dkrc; - - dpk.setKey(shared_ptr(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content))); + auto key = shared_ptr(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content)); + dpk.setKey(key); dpk.d_flags = kd.flags; dpk.d_algorithm = dkrc.d_algorithm; @@ -598,7 +599,7 @@ bool DNSSECKeeper::checkKeys(const DNSName& zone, vector* errorMessages) for(const DNSBackend::KeyData &keydata : dbkeyset) { DNSKEYRecordContent dkrc; - shared_ptr dke(DNSCryptoKeyEngine::makeFromISCString(dkrc, keydata.content)); + auto dke = DNSCryptoKeyEngine::makeFromISCString(dkrc, keydata.content); retval = dke->checkKey(errorMessages) && retval; } diff --git a/pdns/decafsigners.cc b/pdns/decafsigners.cc index f39dfa0e85..9063c32deb 100644 --- a/pdns/decafsigners.cc +++ b/pdns/decafsigners.cc @@ -29,9 +29,9 @@ public: void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) override {} - static std::shared_ptr maker(unsigned int algorithm) + static std::unique_ptr maker(unsigned int algorithm) { - return std::make_shared(algorithm); + return make_unique(algorithm); } private: @@ -165,9 +165,9 @@ public: void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) override {} - static std::shared_ptr maker(unsigned int algorithm) + static std::unique_ptr maker(unsigned int algorithm) { - return std::make_shared(algorithm); + return make_unique(algorithm); } private: diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc index a980f3c883..502c10bbc9 100644 --- a/pdns/dnssecinfra.cc +++ b/pdns/dnssecinfra.cc @@ -48,7 +48,7 @@ using namespace boost::assign; -shared_ptr DNSCryptoKeyEngine::makeFromISCFile(DNSKEYRecordContent& drc, const char* fname) +std::unique_ptr DNSCryptoKeyEngine::makeFromISCFile(DNSKEYRecordContent& drc, const char* fname) { string sline, isc; auto fp = std::unique_ptr(fopen(fname, "r"), fclose); @@ -61,7 +61,7 @@ shared_ptr DNSCryptoKeyEngine::makeFromISCFile(DNSKEYRecordC } fp.reset(); - shared_ptr dke = makeFromISCString(drc, isc); + auto dke = makeFromISCString(drc, isc); vector checkKeyErrors; if(!dke->checkKey(&checkKeyErrors)) { @@ -74,7 +74,7 @@ shared_ptr DNSCryptoKeyEngine::makeFromISCFile(DNSKEYRecordC return dke; } -shared_ptr DNSCryptoKeyEngine::makeFromISCString(DNSKEYRecordContent& drc, const std::string& content) +std::unique_ptr DNSCryptoKeyEngine::makeFromISCString(DNSKEYRecordContent& drc, const std::string& content) { bool pkcs11=false; int algorithm = 0; @@ -112,7 +112,7 @@ shared_ptr DNSCryptoKeyEngine::makeFromISCString(DNSKEYRecor B64Decode(value, raw); stormap[toLower(key)]=raw; } - shared_ptr dpk; + std::unique_ptr dpk; if (pkcs11) { #ifdef HAVE_P11KIT1 @@ -125,7 +125,7 @@ shared_ptr DNSCryptoKeyEngine::makeFromISCString(DNSKEYRecor throw PDNSException("Cannot load PKCS#11 key without support for it"); #endif } else { - dpk=make(algorithm); + dpk = make(algorithm); } dpk->fromISCMap(drc, stormap); return dpk; @@ -147,11 +147,11 @@ std::string DNSCryptoKeyEngine::convertToISC() const return ret.str(); } -shared_ptr DNSCryptoKeyEngine::make(unsigned int algo) +std::unique_ptr DNSCryptoKeyEngine::make(unsigned int algo) { const makers_t& makers = getMakers(); makers_t::const_iterator iter = makers.find(algo); - if(iter != makers.cend()) + if (iter != makers.cend()) return (iter->second)(algo); else { throw runtime_error("Request to create key object for unknown algorithm number "+std::to_string(algo)); @@ -167,7 +167,7 @@ vector> DNSCryptoKeyEngine::listAllAlgosWithBackend() { vector> ret; for (auto const& value : getMakers()) { - shared_ptr dcke(value.second(value.first)); + auto dcke = value.second(value.first); ret.push_back(make_pair(value.first, dcke->getName())); } return ret; @@ -235,9 +235,9 @@ bool DNSCryptoKeyEngine::testOne(int algo) void DNSCryptoKeyEngine::testMakers(unsigned int algo, maker_t* creator, maker_t* signer, maker_t* verifier) { - shared_ptr dckeCreate(creator(algo)); - shared_ptr dckeSign(signer(algo)); - shared_ptr dckeVerify(verifier(algo)); + auto dckeCreate = creator(algo); + auto dckeSign = signer(algo); + auto dckeVerify = verifier(algo); cerr<<"Testing algorithm "<getName()<<"' ->'"<getName()<<"' -> '"<getName()<<"' "; unsigned int bits; @@ -324,20 +324,20 @@ void DNSCryptoKeyEngine::testMakers(unsigned int algo, maker_t* creator, maker_t } } -shared_ptr DNSCryptoKeyEngine::makeFromPublicKeyString(unsigned int algorithm, const std::string& content) +std::unique_ptr DNSCryptoKeyEngine::makeFromPublicKeyString(unsigned int algorithm, const std::string& content) { - shared_ptr dpk=make(algorithm); + auto dpk = make(algorithm); dpk->fromPublicKeyString(content); return dpk; } -shared_ptr DNSCryptoKeyEngine::makeFromPEMString(DNSKEYRecordContent& drc, const std::string& raw) +std::unique_ptr DNSCryptoKeyEngine::makeFromPEMString(DNSKEYRecordContent& drc, const std::string& raw) { - for(const makers_t::value_type& val : getMakers()) + for (const makers_t::value_type& val : getMakers()) { - shared_ptr ret=nullptr; + std::unique_ptr ret=nullptr; try { ret = val.second(val.first); ret->fromPEMString(drc, raw); @@ -449,7 +449,7 @@ DSRecordContent makeDSFromDNSKey(const DNSName& qname, const DNSKEYRecordContent DSRecordContent dsrc; try { unsigned int algo = digestToAlgorithmNumber(digest); - shared_ptr dpk(DNSCryptoKeyEngine::make(algo)); + auto dpk = DNSCryptoKeyEngine::make(algo); dsrc.d_digest = dpk->hash(toHash); } catch(const std::exception& e) { diff --git a/pdns/dnssecinfra.hh b/pdns/dnssecinfra.hh index f8ff86e75c..00f3befc06 100644 --- a/pdns/dnssecinfra.hh +++ b/pdns/dnssecinfra.hh @@ -69,15 +69,15 @@ class DNSCryptoKeyEngine { return true; } - static shared_ptr makeFromISCFile(DNSKEYRecordContent& drc, const char* fname); - static shared_ptr makeFromISCString(DNSKEYRecordContent& drc, const std::string& content); - static shared_ptr makeFromPEMString(DNSKEYRecordContent& drc, const std::string& raw); - static shared_ptr makeFromPublicKeyString(unsigned int algorithm, const std::string& raw); - static shared_ptr make(unsigned int algorithm); + static std::unique_ptr makeFromISCFile(DNSKEYRecordContent& drc, const char* fname); + static std::unique_ptr makeFromISCString(DNSKEYRecordContent& drc, const std::string& content); + static std::unique_ptr makeFromPEMString(DNSKEYRecordContent& drc, const std::string& raw); + static std::unique_ptr makeFromPublicKeyString(unsigned int algorithm, const std::string& raw); + static std::unique_ptr make(unsigned int algorithm); static bool isAlgorithmSupported(unsigned int algo); static bool isDigestSupported(uint8_t digest); - typedef shared_ptr maker_t(unsigned int algorithm); + typedef std::unique_ptr maker_t(unsigned int algorithm); static void report(unsigned int algorithm, maker_t* maker, bool fallback=false); static void testMakers(unsigned int algorithm, maker_t* creator, maker_t* signer, maker_t* verifier); @@ -109,23 +109,30 @@ struct DNSSECPrivateKey return getDNSKEY().getTag(); } - const shared_ptr getKey() const + const std::shared_ptr& getKey() const { return d_key; } - void setKey(const shared_ptr key) + void setKey(std::shared_ptr& key) { d_key = key; - d_algorithm = key->getAlgorithm(); + d_algorithm = d_key->getAlgorithm(); } + + void setKey(std::unique_ptr&& key) + { + d_key = std::move(key); + d_algorithm = d_key->getAlgorithm(); + } + DNSKEYRecordContent getDNSKEY() const; uint16_t d_flags; uint8_t d_algorithm; private: - shared_ptr d_key; + std::shared_ptr d_key; }; diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc index 7a9e5b742e..f2e319a9a7 100644 --- a/pdns/opensslsigners.cc +++ b/pdns/opensslsigners.cc @@ -199,9 +199,9 @@ public: void fromPublicKeyString(const std::string& content) override; bool checkKey(vector *errorMessages) const override; - static std::shared_ptr maker(unsigned int algorithm) + static std::unique_ptr maker(unsigned int algorithm) { - return std::make_shared(algorithm); + return make_unique(algorithm); } private: @@ -598,9 +598,9 @@ public: void fromPublicKeyString(const std::string& content) override; bool checkKey(vector *errorMessages) const override; - static std::shared_ptr maker(unsigned int algorithm) + static std::unique_ptr maker(unsigned int algorithm) { - return std::make_shared(algorithm); + return make_unique(algorithm); } private: @@ -883,9 +883,9 @@ public: void fromPublicKeyString(const std::string& content) override; bool checkKey(vector *errorMessages) const override; - static std::shared_ptr maker(unsigned int algorithm) + static std::unique_ptr maker(unsigned int algorithm) { - return std::make_shared(algorithm); + return make_unique(algorithm); } private: diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc index a8b1ffc577..a7a1161669 100644 --- a/pdns/pdnsutil.cc +++ b/pdns/pdnsutil.cc @@ -282,9 +282,9 @@ static int checkZone(DNSSECKeeper &dk, UeberBackend &B, const DNSName& zone, con vector dbkeyset; B.getDomainKeys(zone, dbkeyset); - for(DNSBackend::KeyData& kd : dbkeyset) { + for (DNSBackend::KeyData& kd : dbkeyset) { DNSKEYRecordContent dkrc; - shared_ptr(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content)); + DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content); if(dkrc.d_algorithm == DNSSECKeeper::RSASHA1) { cout<<"[Error] zone '"< engine(DNSCryptoKeyEngine::makeFromPublicKeyString(key.d_algorithm, key.d_key)); // throws on unknown algo or bad key + auto engine = DNSCryptoKeyEngine::makeFromPublicKeyString(key.d_algorithm, key.d_key); // throws on unknown algo or bad key bits=engine->getBits(); } - catch(std::exception& e) { + catch (const std::exception& e) { cerr<<"Could not process key to extract metadata: "< dke = nullptr; + std::unique_ptr dke = nullptr; // lookup correct key for(DNSBackend::KeyData &kd : keys) { if (kd.id == id) { diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc index d6073b865b..d74bb66e4d 100644 --- a/pdns/pkcs11signers.cc +++ b/pdns/pkcs11signers.cc @@ -3,7 +3,6 @@ #endif #include // for 'operator+=()' #include -#include #include #include @@ -1025,9 +1024,9 @@ void PKCS11DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, stormap_t& s throw PDNSException("Could not log in to token (PIN wrong?)"); }; -std::shared_ptr PKCS11DNSCryptoKeyEngine::maker(unsigned int algorithm) +std::unique_ptr PKCS11DNSCryptoKeyEngine::maker(unsigned int algorithm) { - return std::make_shared(algorithm); + return make_unique(algorithm); } // this is called during program startup diff --git a/pdns/pkcs11signers.hh b/pdns/pkcs11signers.hh index ae3648b4d0..992fb228e3 100644 --- a/pdns/pkcs11signers.hh +++ b/pdns/pkcs11signers.hh @@ -62,7 +62,7 @@ class PKCS11DNSCryptoKeyEngine : public DNSCryptoKeyEngine void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) override { throw "Unimplemented"; }; void fromPublicKeyString(const std::string& content) override { throw "Unimplemented"; }; - static std::shared_ptr maker(unsigned int algorithm); + static std::unique_ptr maker(unsigned int algorithm); }; bool PKCS11ModuleSlotLogin(const std::string& module, const string& tokenId, const std::string& pin); diff --git a/pdns/recursordist/test-syncres_cc.cc b/pdns/recursordist/test-syncres_cc.cc index 26adc9762d..ed5876aa6a 100644 --- a/pdns/recursordist/test-syncres_cc.cc +++ b/pdns/recursordist/test-syncres_cc.cc @@ -256,7 +256,7 @@ void computeRRSIG(const DNSSECPrivateKey& dpk, const DNSName& signer, const DNSN now = time(nullptr); } DNSKEYRecordContent drc = dpk.getDNSKEY(); - const std::shared_ptr rc = dpk.getKey(); + const auto& rc = dpk.getKey(); rrc.d_type = signQType; rrc.d_labels = signQName.countLabels() - signQName.isWildcard(); diff --git a/pdns/recursordist/test-syncres_cc4.cc b/pdns/recursordist/test-syncres_cc4.cc index b47f0f879e..1505fc207b 100644 --- a/pdns/recursordist/test-syncres_cc4.cc +++ b/pdns/recursordist/test-syncres_cc4.cc @@ -437,12 +437,12 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig) { initSR(); - auto dcke = std::shared_ptr(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); + auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); dcke->create(dcke->getBits()); // cerr<convertToISC()<(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); + auto dckeZ = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); dckeZ->create(dckeZ->getBits()); DNSSECPrivateKey ksk; ksk.d_flags = 257; - ksk.setKey(dckeZ); + ksk.setKey(std::move(dckeZ)); DSRecordContent kskds = makeDSFromDNSKey(target, ksk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); - auto dckeK = std::shared_ptr(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); + auto dckeK = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); dckeK->create(dckeK->getBits()); DNSSECPrivateKey zsk; zsk.d_flags = 256; - zsk.setKey(dckeK); + zsk.setKey(std::move(dckeK)); DSRecordContent zskds = makeDSFromDNSKey(target, zsk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); kskeys[target] = std::pair(ksk, kskds); @@ -696,11 +696,11 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_without_zone_flag) testkeysset_t keys; /* Generate key material for "." */ - auto dcke = std::shared_ptr(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); + auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey csk; csk.d_flags = 0; - csk.setKey(dcke); + csk.setKey(std::move(dcke)); DSRecordContent ds = makeDSFromDNSKey(target, csk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); keys[target] = std::pair(csk, ds); @@ -773,11 +773,11 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_revoked) testkeysset_t keys; /* Generate key material for "." */ - auto dcke = std::shared_ptr(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); + auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey csk; csk.d_flags = 257 | 128; - csk.setKey(dcke); + csk.setKey(std::move(dcke)); DSRecordContent ds = makeDSFromDNSKey(target, csk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); keys[target] = std::pair(csk, ds); @@ -850,18 +850,18 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_doesnt_match_ds) testkeysset_t keys; /* Generate key material for "." */ - auto dckeDS = std::shared_ptr(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); + auto dckeDS = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); dckeDS->create(dckeDS->getBits()); DNSSECPrivateKey dskey; dskey.d_flags = 257; - dskey.setKey(dckeDS); + dskey.setKey(std::move(dckeDS)); DSRecordContent drc = makeDSFromDNSKey(target, dskey.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); - auto dcke = std::shared_ptr(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); + auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey dpk; dpk.d_flags = 256; - dpk.setKey(dcke); + dpk.setKey(std::move(dcke)); DSRecordContent uselessdrc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); dskeys[target] = std::pair(dskey, drc); @@ -976,11 +976,11 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_rrsig_signed_with_unknown_dnskey) generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); - auto dckeRRSIG = std::shared_ptr(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); + auto dckeRRSIG = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); dckeRRSIG->create(dckeRRSIG->getBits()); DNSSECPrivateKey rrsigkey; rrsigkey.d_flags = 257; - rrsigkey.setKey(dckeRRSIG); + rrsigkey.setKey(std::move(dckeRRSIG)); DSRecordContent rrsigds = makeDSFromDNSKey(target, rrsigkey.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); rrsigkeys[target] = std::pair(rrsigkey, rrsigds); @@ -1123,11 +1123,11 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_unknown_ds_algorithm) testkeysset_t keys; /* Generate key material for "." */ - auto dcke = std::shared_ptr(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); + auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey dpk; dpk.d_flags = 256; - dpk.setKey(dcke); + dpk.setKey(std::move(dcke)); /* Fake algorithm number (private) */ dpk.d_algorithm = 253; @@ -1206,11 +1206,11 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_unknown_ds_digest) testkeysset_t keys; /* Generate key material for "." */ - auto dcke = std::shared_ptr(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); + auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey dpk; dpk.d_flags = 256; - dpk.setKey(dcke); + dpk.setKey(std::move(dcke)); DSRecordContent drc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); /* Fake digest number (reserved) */ drc.d_digesttype = 0; diff --git a/pdns/sodiumsigners.cc b/pdns/sodiumsigners.cc index af194adc80..d33eb20ec3 100644 --- a/pdns/sodiumsigners.cc +++ b/pdns/sodiumsigners.cc @@ -24,9 +24,9 @@ public: void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) override {} - static std::shared_ptr maker(unsigned int algorithm) + static std::unique_ptr maker(unsigned int algorithm) { - return std::make_shared(algorithm); + return make_unique(algorithm); } private: diff --git a/pdns/test-signers.cc b/pdns/test-signers.cc index 135dbf665a..a2f9626d1d 100644 --- a/pdns/test-signers.cc +++ b/pdns/test-signers.cc @@ -106,7 +106,7 @@ static const struct signerParams static void checkRR(const signerParams& signer) { DNSKEYRecordContent drc; - auto dcke = DNSCryptoKeyEngine::makeFromISCString(drc, signer.iscMap); + auto dcke = std::shared_ptr(DNSCryptoKeyEngine::makeFromISCString(drc, signer.iscMap)); DNSSECPrivateKey dpk; dpk.setKey(dcke); dpk.d_flags = signer.rfcFlags; @@ -163,7 +163,7 @@ BOOST_AUTO_TEST_CASE(test_generic_signers) { for (const auto& signer : signers) { DNSKEYRecordContent drc; - auto dcke = DNSCryptoKeyEngine::makeFromISCString(drc, signer.iscMap); + auto dcke = std::shared_ptr(DNSCryptoKeyEngine::makeFromISCString(drc, signer.iscMap)); BOOST_CHECK_EQUAL(dcke->getAlgorithm(), signer.algorithm); BOOST_CHECK_EQUAL(dcke->getBits(), signer.bits); diff --git a/pdns/validate.cc b/pdns/validate.cc index 154d49f274..3f5a251d01 100644 --- a/pdns/validate.cc +++ b/pdns/validate.cc @@ -764,7 +764,7 @@ static bool checkSignatureWithKey(time_t now, const shared_ptr dke = shared_ptr(DNSCryptoKeyEngine::makeFromPublicKeyString(key->d_algorithm, key->d_key)); + auto dke = DNSCryptoKeyEngine::makeFromPublicKeyString(key->d_algorithm, key->d_key); result = dke->verify(msg, sig->d_signature); LOG("signature by key with tag "<d_tag<<" and algorithm "<d_algorithm)<<" was " << (result ? "" : "NOT ")<<"valid"<