From c723d51e779aa361d24796625f502ae634e4bb02 Mon Sep 17 00:00:00 2001
From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Wed, 21 Jun 2023 10:43:26 +0200
Subject: [PATCH] Followup to #12893: Rewrite and fix verifyOne() loop

Previous version could return true if the first iteration succeeded, but
the second one threw. Spotted by pt01 on IRC.

(cherry picked from commit 891f17371c4e1007f91abb4695c4b0e95c3f2995)
---
 pdns/dnssecinfra.cc | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
index 04ce29193b..a07a9f1d8f 100644
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -398,20 +398,28 @@ bool DNSCryptoKeyEngine::testVerify(unsigned int algo, maker_t* verifier)
 
 bool DNSCryptoKeyEngine::verifyOne(unsigned int algo)
 {
-  bool ret = false;
-
-  for (auto* verifier : getAllMakers()[algo]) {
+  const auto& makers = getAllMakers();
+  auto iter = makers.find(algo);
+  // No algo foound
+  if (iter == makers.cend()) {
+    return false;
+  }
+  // Algo found, but maker empty? Should not happen
+  if (iter->second.empty()) {
+    return false;
+  }
+  // Check that all maker->verify return true
+  return std::all_of(iter->second.begin(), iter->second.end(), [algo](maker_t* verifier) {
     try {
-      ret = testVerify(algo, verifier);
+      if (!testVerify(algo, verifier)) {
+        return false;
+      }
     }
     catch (std::exception& e) {
-      // Empty
-    }
-    if (!ret) {
-      break;
+      return false;
     }
-  }
-  return ret;
+    return true;
+  });
 }
 
 void DNSCryptoKeyEngine::testMakers(unsigned int algo, maker_t* creator, maker_t* signer, maker_t* verifier)
-- 
2.47.2