Home GnuPG
Diffusion GnuPG dcee2db36ba4

gpgsm: Use a cache to speed up parent certificate lookup.

Description

gpgsm: Use a cache to speed up parent certificate lookup.

* sm/gpgsm.h (COMPAT_NO_CHAIN_CACHE): New.
(struct cert_cache_item_s, cert_cache_item_t): New.
(struct server_control_s): Add parent_cert_cache.
* sm/gpgsm.c (compatibility_flags): Add "no-chain-cache".
(parent_cache_stats): New.
(gpgsm_exit): Print the stats with --debug=memstat.
(gpgsm_deinit_default_ctrl): Release the cache.
* sm/certchain.c (gpgsm_walk_cert_chain): Cache the certificates.
(do_validate_chain): Ditto.

This gives another boost of 30% (from 6.5 to 4.0 seconds in the test
environment with ~1000 certs). do_validate_chain actually brings us
the speedup becuase the gpgsm_walk_cert_chain is not used during a key
listing. For the latter we actually cache all certificates because
that was easier.

Adjusted for 2.2:

  • Add gpgsm_deinit_default_ctrl
  • Remove ctrl arg from keydb_new

Details

Provenance
wernerAuthored on Sep 30 2024, 6:22 PM
Parents
rG9543b3567b04: sm: Optmize clearing of the ephemeral flag.
Branches
Unknown
Tags
Unknown
Tasks
T7308: Speed up the X.509 key listings