mirror of
git://git.gnupg.org/gnupg.git
synced 2024-10-29 19:48:43 +01:00
sm: Optmize clearing of the ephemeral flag.
* kbx/keybox-search.c (keybox_get_cert): Store the blob clags in the cert object. * sm/certchain.c (do_validate_chain): Skip clearing of the ephemeral flag if we know that it is not set. -- GnuPG-bug-id: 7308
This commit is contained in:
parent
ca953ae5f7
commit
cb6c506e4e
@ -1363,6 +1363,7 @@ keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *r_cert)
|
||||
size_t cert_off, cert_len;
|
||||
ksba_reader_t reader = NULL;
|
||||
ksba_cert_t cert = NULL;
|
||||
unsigned int blobflags;
|
||||
int rc;
|
||||
|
||||
if (!hd)
|
||||
@ -1408,6 +1409,17 @@ keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *r_cert)
|
||||
return gpg_error (GPG_ERR_GENERAL);
|
||||
}
|
||||
|
||||
rc = get_flag_from_image (buffer, length, KEYBOX_FLAG_BLOB, &blobflags);
|
||||
if (!rc)
|
||||
rc = ksba_cert_set_user_data (cert, "keydb.blobflags",
|
||||
&blobflags, sizeof blobflags);
|
||||
if (rc)
|
||||
{
|
||||
ksba_cert_release (cert);
|
||||
ksba_reader_release (reader);
|
||||
return gpg_error (rc);
|
||||
}
|
||||
|
||||
*r_cert = cert;
|
||||
ksba_reader_release (reader);
|
||||
return 0;
|
||||
|
@ -2085,9 +2085,22 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
|
||||
{
|
||||
gpg_error_t err;
|
||||
chain_item_t ci;
|
||||
unsigned int blobflags;
|
||||
size_t userdatalen;
|
||||
|
||||
for (ci = chain; ci; ci = ci->next)
|
||||
{
|
||||
/* First do a quick check by looking at the blob flags to
|
||||
* see whether the certificate is flagged ephemeral. This
|
||||
* avoids the overhead of looking up the certificate again
|
||||
* just to decide that there is no need to clear it. */
|
||||
if (!ksba_cert_get_user_data (cert, "keydb.blobflags",
|
||||
&blobflags, sizeof (blobflags),
|
||||
&userdatalen)
|
||||
&& userdatalen == sizeof blobflags
|
||||
&& !(blobflags & KEYBOX_FLAG_BLOB_EPHEMERAL))
|
||||
continue;
|
||||
|
||||
/* Note that it is possible for the last certificate in the
|
||||
chain (i.e. our target certificate) that it has not yet
|
||||
been stored in the keybox and thus the flag can't be set.
|
||||
|
Loading…
Reference in New Issue
Block a user