mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
sm: Optmize clearing of the ephemeral flag.
* kbx/keybox-search.c (keybox_get_cert): Store the blob clags in the cert object. * sm/certchain.c (do_validate_chain): Skip clearing of the ephemeral flag if we know that it is not set. -- GnuPG-bug-id: 7308
This commit is contained in:
parent
ca953ae5f7
commit
cb6c506e4e
@ -1363,6 +1363,7 @@ keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *r_cert)
|
|||||||
size_t cert_off, cert_len;
|
size_t cert_off, cert_len;
|
||||||
ksba_reader_t reader = NULL;
|
ksba_reader_t reader = NULL;
|
||||||
ksba_cert_t cert = NULL;
|
ksba_cert_t cert = NULL;
|
||||||
|
unsigned int blobflags;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
if (!hd)
|
if (!hd)
|
||||||
@ -1408,6 +1409,17 @@ keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *r_cert)
|
|||||||
return gpg_error (GPG_ERR_GENERAL);
|
return gpg_error (GPG_ERR_GENERAL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rc = get_flag_from_image (buffer, length, KEYBOX_FLAG_BLOB, &blobflags);
|
||||||
|
if (!rc)
|
||||||
|
rc = ksba_cert_set_user_data (cert, "keydb.blobflags",
|
||||||
|
&blobflags, sizeof blobflags);
|
||||||
|
if (rc)
|
||||||
|
{
|
||||||
|
ksba_cert_release (cert);
|
||||||
|
ksba_reader_release (reader);
|
||||||
|
return gpg_error (rc);
|
||||||
|
}
|
||||||
|
|
||||||
*r_cert = cert;
|
*r_cert = cert;
|
||||||
ksba_reader_release (reader);
|
ksba_reader_release (reader);
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -2085,9 +2085,22 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
|
|||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
chain_item_t ci;
|
chain_item_t ci;
|
||||||
|
unsigned int blobflags;
|
||||||
|
size_t userdatalen;
|
||||||
|
|
||||||
for (ci = chain; ci; ci = ci->next)
|
for (ci = chain; ci; ci = ci->next)
|
||||||
{
|
{
|
||||||
|
/* First do a quick check by looking at the blob flags to
|
||||||
|
* see whether the certificate is flagged ephemeral. This
|
||||||
|
* avoids the overhead of looking up the certificate again
|
||||||
|
* just to decide that there is no need to clear it. */
|
||||||
|
if (!ksba_cert_get_user_data (cert, "keydb.blobflags",
|
||||||
|
&blobflags, sizeof (blobflags),
|
||||||
|
&userdatalen)
|
||||||
|
&& userdatalen == sizeof blobflags
|
||||||
|
&& !(blobflags & KEYBOX_FLAG_BLOB_EPHEMERAL))
|
||||||
|
continue;
|
||||||
|
|
||||||
/* Note that it is possible for the last certificate in the
|
/* Note that it is possible for the last certificate in the
|
||||||
chain (i.e. our target certificate) that it has not yet
|
chain (i.e. our target certificate) that it has not yet
|
||||||
been stored in the keybox and thus the flag can't be set.
|
been stored in the keybox and thus the flag can't be set.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user