gpgsm: Cache the non-existence of the policy file.

* sm/certchain.c (check_cert_policy): Add simple static cache. -- It is quite common that a policy file does not exist. Thus we can avoid the overhead of trying to open it over and over again just to assert that it does not exists.
2024-06-06 23:17:47 +02:00 · 2023-05-03 17:39:37 +02:00 · 2023-05-03 17:39:37 +02:00 · 2a1e933dd7
commit 2a1e933dd7
parent 625bd92410
1 changed files with 17 additions and 2 deletions
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -307,6 +307,7 @@ allowed_ca (ctrl_t ctrl,
 static int
 check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
 {
+  static int no_policy_file;
  gpg_error_t err;
  char *policies;
  estream_t fp;
@ -341,12 +342,24 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
      return 0;
    }

-  fp = es_fopen (opt.policy_file, "r");
+  if (no_policy_file)
+    {
+      /* Avoid trying to open the policy file if we already know that
+       * it does not exist.  */
+      fp = NULL;
+      gpg_err_set_errno (ENOENT);
+    }
+  else
+    fp = es_fopen (opt.policy_file, "r");
  if (!fp)
    {
-      if (opt.verbose || errno != ENOENT)
+      if ((opt.verbose || errno != ENOENT) && !no_policy_file)
        log_info (_("failed to open '%s': %s\n"),
                  opt.policy_file, strerror (errno));
+
+      if (errno == ENOENT)
+        no_policy_file = 1;
+
      xfree (policies);
      /* With no critical policies this is only a warning */
      if (!any_critical)
@ -361,6 +374,8 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
      return gpg_error (GPG_ERR_NO_POLICY_MATCH);
    }

+  /* FIXME: Cache the policy file content.  */
+
  for (;;)
    {
      int c;