From cb6c506e4e41e174411669c880eedc8a8790430c Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 27 Sep 2024 15:50:46 +0200
Subject: sm: Optmize clearing of the ephemeral flag.

* kbx/keybox-search.c (keybox_get_cert): Store the blob clags in the
cert object.
* sm/certchain.c (do_validate_chain): Skip clearing of the ephemeral
flag if we know that it is not set.
--

GnuPG-bug-id: 7308
---
 kbx/keybox-search.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'kbx')

diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
index 303c19b79..ed982cee7 100644
--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@@ -1363,6 +1363,7 @@ keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *r_cert)
   size_t cert_off, cert_len;
   ksba_reader_t reader = NULL;
   ksba_cert_t cert = NULL;
+  unsigned int blobflags;
   int rc;
 
   if (!hd)
@@ -1408,6 +1409,17 @@ keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *r_cert)
       return gpg_error (GPG_ERR_GENERAL);
     }
 
+  rc = get_flag_from_image (buffer, length, KEYBOX_FLAG_BLOB, &blobflags);
+  if (!rc)
+    rc = ksba_cert_set_user_data (cert, "keydb.blobflags",
+                                  &blobflags, sizeof blobflags);
+  if (rc)
+    {
+      ksba_cert_release (cert);
+      ksba_reader_release (reader);
+      return gpg_error (rc);
+    }
+
   *r_cert = cert;
   ksba_reader_release (reader);
   return 0;
-- 
cgit v1.2.3