Small speedup.

git-svn-id: file:///svn/unbound/trunk@558 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 1e4ce025b798c3b54d4632d3996e43474f9ad231..3d0d1322bfc3a5486df45c5c7f161cd3c79c748a 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -14,6 +14,7 @@
          the same signature.
        - if the rrset is too big (64k exactly + large owner name) the
          canonicalization routine will fail if it does not fit in buffer.
+       - faster verification for large sigsets.
 
 27 August 2007: Wouter
        - do not garble the edns if a cache answer fails.

diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c
index b28578b974561a6d11cdc1d2d71f5e454e596f37..6682af78088ffea3c0d85b36ccea19664e7ec5ae 100644 (file)
--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@@ -423,6 +423,8 @@ dnskey_verify_rrset(struct module_env* env, struct val_env* ve,
        size_t i, num;
        rbtree_t* sortree = NULL;
        int buf_canon = 0;
+       uint16_t tag = dnskey_calc_keytag(dnskey, dnskey_idx);
+       int algo = dnskey_get_algo(dnskey, dnskey_idx);
 
        num = rrset_get_sigcount(rrset);
        if(num == 0) {
@@ -431,6 +433,10 @@ dnskey_verify_rrset(struct module_env* env, struct val_env* ve,
                return sec_status_bogus;
        }
        for(i=0; i<num; i++) {
+               /* see if sig matches keytag and algo */
+               if(algo != rrset_get_sig_algo(rrset, i) ||
+                       tag != rrset_get_sig_keytag(rrset, i))
+                       continue;
                buf_canon = 0;
                sec = dnskey_verify_rrset_sig(env->scratch, 
                        env->scratch_buffer, ve, rrset, dnskey, dnskey_idx, i,