From: Ondřej Surý <ondrej@isc.org>
Date: Thu, 11 Jan 2024 12:34:46 +0000 (+0100)
Subject: Don't iterate from start every time we select new signing key
X-Git-Tag: v9.18.24~7^2~2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=21af5c9a97ed73345799dd4dfec493cc6785e40b;p=thirdparty%2Fbind9.git

Don't iterate from start every time we select new signing key

Remember the position in the iterator when selecting the next signing
key.  This should speed up processing for larger DNSKEY RRSets because
we don't have to iterate from start over and over again.
---

diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index e0c35740402..4dd170604e7 100644
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -1104,8 +1104,8 @@ create_validator(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type,
  * 'rdataset'.  If found, build a dst_key_t for it and point val->key at
  * it.
  *
- * If val->key is already non-NULL, locate it in the rdataset and then
- * search past it for the *next* key that could have signed 'siginfo', then
+ * If val->key is already non-NULL, start searching from the next position in
+ * 'rdataset' to find the *next* key that could have signed 'siginfo', then
  * set val->key to that.
  *
  * Returns ISC_R_SUCCESS if a possible matching key has been found,
@@ -1118,19 +1118,18 @@ select_signing_key(dns_validator_t *val, dns_rdataset_t *rdataset) {
 	isc_buffer_t b;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 	dst_key_t *oldkey = val->key;
-	bool foundold;
 
 	if (oldkey == NULL) {
-		foundold = true;
+		result = dns_rdataset_first(rdataset);
 	} else {
-		foundold = false;
+		dst_key_free(&oldkey);
 		val->key = NULL;
+		result = dns_rdataset_next(rdataset);
 	}
-
-	result = dns_rdataset_first(rdataset);
 	if (result != ISC_R_SUCCESS) {
 		goto failure;
 	}
+
 	do {
 		dns_rdataset_current(rdataset, &rdata);
 
@@ -1148,15 +1147,10 @@ select_signing_key(dns_validator_t *val, dns_rdataset_t *rdataset) {
 				    0 &&
 			    dst_key_iszonekey(val->key))
 			{
-				if (foundold) {
-					/*
-					 * This is the key we're looking for.
-					 */
-					return (ISC_R_SUCCESS);
-				} else if (dst_key_compare(oldkey, val->key)) {
-					foundold = true;
-					dst_key_free(&oldkey);
-				}
+				/*
+				 * This is the key we're looking for.
+				 */
+				return (ISC_R_SUCCESS);
 			}
 			dst_key_free(&val->key);
 		}
@@ -1164,15 +1158,11 @@ select_signing_key(dns_validator_t *val, dns_rdataset_t *rdataset) {
 		result = dns_rdataset_next(rdataset);
 	} while (result == ISC_R_SUCCESS);
 
+failure:
 	if (result == ISC_R_NOMORE) {
 		result = ISC_R_NOTFOUND;
 	}
 
-failure:
-	if (oldkey != NULL) {
-		dst_key_free(&oldkey);
-	}
-
 	return (result);
 }