From 68613a6a9de4020fe921b661b7403b7eb865518d Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 3 May 2023 17:39:37 +0200 Subject: gpgsm: Cache the non-existence of the policy file. * sm/certchain.c (check_cert_policy): Add simple static cache. -- It is quite common that a policy file does not exist. Thus we can avoid the overhead of trying to open it over and over again just to assert that it does not exists. --- sm/certchain.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'sm') diff --git a/sm/certchain.c b/sm/certchain.c index 7b782190b..84dbed696 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -307,6 +307,7 @@ allowed_ca (ctrl_t ctrl, static int check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist) { + static int no_policy_file; gpg_error_t err; char *policies; estream_t fp; @@ -341,12 +342,24 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist) return 0; } - fp = es_fopen (opt.policy_file, "r"); + if (no_policy_file) + { + /* Avoid trying to open the policy file if we already know that + * it does not exist. */ + fp = NULL; + gpg_err_set_errno (ENOENT); + } + else + fp = es_fopen (opt.policy_file, "r"); if (!fp) { - if (opt.verbose || errno != ENOENT) + if ((opt.verbose || errno != ENOENT) && !no_policy_file) log_info (_("failed to open '%s': %s\n"), opt.policy_file, strerror (errno)); + + if (errno == ENOENT) + no_policy_file = 1; + xfree (policies); /* With no critical policies this is only a warning */ if (!any_critical) @@ -361,6 +374,8 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist) return gpg_error (GPG_ERR_NO_POLICY_MATCH); } + /* FIXME: Cache the policy file content. */ + for (;;) { int c; -- cgit v1.2.3 From a7dbf11954873c6c58a36b57028ced4ecd45bdc6 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 4 May 2023 11:55:26 +0200 Subject: kbx: Add extra flags to fopen for use by Windows. * kbx/keybox-search.c (open_file): Use sysopen and sequential. * kbx/keybox-update.c (create_tmp_file): Ditto. (blob_filecopy): Ditto. (keybox_set_flags): Ditto. (keybox_delete): Ditto. (keybox_compress): Ditto. -- Under Windows "sysopen" requests that direct API calls (CreateFile et al.) are used instead of the libc wrappers. This may or may not improve the performance. Using "sequential" is a hint to Windows to assume that a file is in general access in a sequential manner. This will have an affect only with a future libgpg-error. --- sm/keydb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sm') diff --git a/sm/keydb.c b/sm/keydb.c index a12dba19f..38737c96a 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -693,7 +693,7 @@ keydb_release (KEYDB_HANDLE hd) switch (hd->active[i].type) { case KEYDB_RESOURCE_TYPE_NONE: - break; + break; case KEYDB_RESOURCE_TYPE_KEYBOX: keybox_release (hd->active[i].u.kr); break; -- cgit v1.2.3 From 08ff55bd44aea6cd8b25384ee7d127576866ec71 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 8 May 2023 09:16:35 +0200 Subject: kbx: Use custom estream buffering * kbx/keybox-init.c (ll_buffer_size): New var intialized to 128k (stream_buffers): New var. (keybox_set_buffersize): New. (_keybox_ll_open, _keybox_ll_close): Implement buffering. * sm/gpgsm.c (oKbxBufferSize): New. (opts): Add option --kbx-buffer-size. (main): Call keybox_set_buffersize. * g10/gpg.c: Include keybox.h. * (oKbxBufferSize): New. (opts): Add option --kbx-buffer-size. (main): Call keybox_set_buffersize. -- Running a test on Windows using a pubring.kbx with Total number of blobs: 2098 openpgp: 1294 x509: 803 and a size of 42MiB with gpgsm -k --with-validation --disable-dirmngr --kbx-buffer-size N >nul gives these performance figures using procmon | N(k) | file events | time(s) | |------+-------------+---------| | 0 | 4900000 | 86 | | 16 | 2456000 | 58 | | 32 | 1233000 | 43 | | 64 | 622000 | 37 | | 128 | 317000 | 32 | | 256 | 164000 | 31 | | 512 | 88000 | 30 | Using _open instead of CreateFile give the same number of file events but increased the time slight by one second for the measured buffer size of 64k and 128k. Benchmarks for gpg have not been conducted. --- sm/gpgsm.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'sm') diff --git a/sm/gpgsm.c b/sm/gpgsm.c index aeb6ad7a9..55173f8a2 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -213,6 +213,7 @@ enum cmd_and_opt_values { oKeyboxdProgram, oRequireCompliance, oCompatibilityFlags, + oKbxBufferSize, oNoAutostart }; @@ -447,6 +448,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oXauthority, "xauthority", "@"), ARGPARSE_s_s (oChUid, "chuid", "@"), ARGPARSE_s_s (oCompatibilityFlags, "compatibility-flags", "@"), + ARGPARSE_p_u (oKbxBufferSize, "kbx-buffer-size", "@"), ARGPARSE_header (NULL, ""), /* Stop the header group. */ @@ -1492,6 +1494,10 @@ main ( int argc, char **argv) case oRequireCompliance: opt.require_compliance = 1; break; + case oKbxBufferSize: + keybox_set_buffersize (pargs.r.ret_ulong, 0); + break; + default: if (configname) pargs.err = ARGPARSE_PRINT_WARNING; -- cgit v1.2.3