diff options
| author | Werner Koch <[email protected]> | 2024-09-30 16:22:25 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2024-09-30 16:22:25 +0000 |
| commit | ce0580a599ec759ec6e21378193a995b55fce6cf (patch) | |
| tree | 0525c1c6f12662a7745ceda7c21aaff0c9c55831 /sm/gpgsm.c | |
| parent | sm: Optmize clearing of the ephemeral flag. (diff) | |
| download | gnupg-ce0580a599ec759ec6e21378193a995b55fce6cf.tar.gz gnupg-ce0580a599ec759ec6e21378193a995b55fce6cf.zip | |
gpgsm: Use a cache to speed up parent certificate lookup.
* sm/gpgsm.h (COMPAT_NO_CHAIN_CACHE): New.
(struct cert_cache_item_s, cert_cache_item_t): New.
(struct server_control_s): Add parent_cert_cache.
* sm/gpgsm.c (compatibility_flags): Add "no-chain-cache".
(parent_cache_stats): New.
(gpgsm_exit): Print the stats with --debug=memstat.
(gpgsm_deinit_default_ctrl): Release the cache.
* sm/certchain.c (gpgsm_walk_cert_chain): Cache the certificates.
(do_validate_chain): Ditto.
--
This gives another boost of 30% (from 6.5 to 4.0 seconds in the test
environment with ~1000 certs). do_validate_chain actually brings us
the speedup becuase the gpgsm_walk_cert_chain is not used during a key
listing. For the latter we actually cache all certificates because
that was easier.
GnuPG-bug-id: 7308
Diffstat (limited to 'sm/gpgsm.c')
| -rw-r--r-- | sm/gpgsm.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 400479b1b..ac80fadde 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -500,6 +500,7 @@ static struct debug_flags_s debug_flags [] = static struct compatibility_flags_s compatibility_flags [] = { { COMPAT_ALLOW_KA_TO_ENCR, "allow-ka-to-encr" }, + { COMPAT_NO_CHAIN_CACHE, "no-chain-cache" }, { 0, NULL } }; @@ -536,6 +537,9 @@ static int default_include_certs = DEFAULT_INCLUDE_CERTS; /* Whether the chain mode shall be used for validation. */ static int default_validation_model; +/* Counter used to convey data from deinit_ctrl to gpgsm_exit. */ +static unsigned int parent_cache_stats; + /* The default cipher algo. */ #define DEFAULT_CIPHER_ALGO "AES256" @@ -2354,6 +2358,7 @@ gpgsm_exit (int rc) gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE); if (opt.debug & DBG_MEMSTAT_VALUE) { + log_info ("cert_chain_cache: cached=%u\n", parent_cache_stats); gcry_control( GCRYCTL_DUMP_MEMORY_STATS ); gcry_control( GCRYCTL_DUMP_RANDOM_STATS ); } @@ -2381,9 +2386,22 @@ gpgsm_init_default_ctrl (struct server_control_s *ctrl) void gpgsm_deinit_default_ctrl (ctrl_t ctrl) { + unsigned int n; + gpgsm_keydb_deinit_session_data (ctrl); xfree (ctrl->revocation_reason); ctrl->revocation_reason = NULL; + n = 0; + while (ctrl->parent_cert_cache) + { + cert_cache_item_t next = ctrl->parent_cert_cache->next; + ksba_cert_release (ctrl->parent_cert_cache->result); + xfree (ctrl->parent_cert_cache); + ctrl->parent_cert_cache = next; + n++; + } + if (n > parent_cache_stats) + parent_cache_stats = n; } |