diff options
| author | Werner Koch <[email protected]> | 2024-09-30 16:22:25 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2024-09-30 16:22:25 +0000 |
| commit | ce0580a599ec759ec6e21378193a995b55fce6cf (patch) | |
| tree | 0525c1c6f12662a7745ceda7c21aaff0c9c55831 /sm/gpgsm.h | |
| parent | sm: Optmize clearing of the ephemeral flag. (diff) | |
| download | gnupg-ce0580a599ec759ec6e21378193a995b55fce6cf.tar.gz gnupg-ce0580a599ec759ec6e21378193a995b55fce6cf.zip | |
gpgsm: Use a cache to speed up parent certificate lookup.
* sm/gpgsm.h (COMPAT_NO_CHAIN_CACHE): New.
(struct cert_cache_item_s, cert_cache_item_t): New.
(struct server_control_s): Add parent_cert_cache.
* sm/gpgsm.c (compatibility_flags): Add "no-chain-cache".
(parent_cache_stats): New.
(gpgsm_exit): Print the stats with --debug=memstat.
(gpgsm_deinit_default_ctrl): Release the cache.
* sm/certchain.c (gpgsm_walk_cert_chain): Cache the certificates.
(do_validate_chain): Ditto.
--
This gives another boost of 30% (from 6.5 to 4.0 seconds in the test
environment with ~1000 certs). do_validate_chain actually brings us
the speedup becuase the gpgsm_walk_cert_chain is not used during a key
listing. For the latter we actually cache all certificates because
that was easier.
GnuPG-bug-id: 7308
Diffstat (limited to '')
| -rw-r--r-- | sm/gpgsm.h | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 5f69db0e3..36d2fdc9a 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -220,7 +220,9 @@ struct * policies: 1.3.6.1.4.1.7924.1.1:N: */ #define COMPAT_ALLOW_KA_TO_ENCR 1 - +/* Not actually a compatibiliy flag but useful to limit the + * required memory for a validated key listing. */ +#define COMPAT_NO_CHAIN_CACHE 2 /* Forward declaration for an object defined in server.c */ struct server_local_s; @@ -230,6 +232,16 @@ struct keydb_local_s; typedef struct keydb_local_s *keydb_local_t; +/* On object used to keep a track of already known certificates. */ +struct cert_cache_item_s +{ + struct cert_cache_item_s *next; + unsigned char fpr[20]; /* The certificate's fingerprint. */ + ksba_cert_t result; /* The resulting certificate (ie. the issuer). */ +}; +typedef struct cert_cache_item_s *cert_cache_item_t; + + /* Session control object. This object is passed down to most functions. Note that the default values for it are set by gpgsm_init_default_ctrl(). */ @@ -284,6 +296,9 @@ struct server_control_s /* The revocation info. Used as a helper inc ertchain.c */ gnupg_isotime_t revoked_at; char *revocation_reason; + + /* The cache used to find the parent cert. */ + cert_cache_item_t parent_cert_cache; }; |