mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-03 22:56:33 +02:00
gpgsm: Use a cache to speed up parent certificate lookup.
* sm/gpgsm.h (COMPAT_NO_CHAIN_CACHE): New. (struct cert_cache_item_s, cert_cache_item_t): New. (struct server_control_s): Add parent_cert_cache. * sm/gpgsm.c (compatibility_flags): Add "no-chain-cache". (parent_cache_stats): New. (gpgsm_exit): Print the stats with --debug=memstat. (gpgsm_deinit_default_ctrl): Release the cache. * sm/certchain.c (gpgsm_walk_cert_chain): Cache the certificates. (do_validate_chain): Ditto. -- This gives another boost of 30% (from 6.5 to 4.0 seconds in the test environment with ~1000 certs). do_validate_chain actually brings us the speedup becuase the gpgsm_walk_cert_chain is not used during a key listing. For the latter we actually cache all certificates because that was easier. GnuPG-bug-id: 7308 Adjusted for 2.2: - Add gpgsm_deinit_default_ctrl - Remove ctrl arg from keydb_new
This commit is contained in:
Werner Koch
parent
9543b3567b
commit
dcee2db36b
4 changed files with 125 additions and 8 deletions
27
sm/gpgsm.c
27
sm/gpgsm.c
|
|
@ -469,6 +469,7 @@ static struct debug_flags_s debug_flags [] =
|
|||
static struct compatibility_flags_s compatibility_flags [] =
|
||||
{
|
||||
{ COMPAT_ALLOW_KA_TO_ENCR, "allow-ka-to-encr" },
|
||||
{ COMPAT_NO_CHAIN_CACHE, "no-chain-cache" },
|
||||
{ 0, NULL }
|
||||
};
|
||||
|
||||
|
|
@ -499,6 +500,9 @@ static int default_include_certs = DEFAULT_INCLUDE_CERTS;
|
|||
/* Whether the chain mode shall be used for validation. */
|
||||
static int default_validation_model;
|
||||
|
||||
/* Counter used to convey data from deinit_ctrl to gpgsm_exit. */
|
||||
static unsigned int parent_cache_stats;
|
||||
|
||||
/* The default cipher algo. */
|
||||
#define DEFAULT_CIPHER_ALGO "AES256"
|
||||
|
||||
|
|
@ -2111,6 +2115,7 @@ main ( int argc, char **argv)
|
|||
}
|
||||
|
||||
/* cleanup */
|
||||
gpgsm_deinit_default_ctrl (&ctrl);
|
||||
free_strlist (opt.keyserver);
|
||||
opt.keyserver = NULL;
|
||||
gpgsm_release_certlist (recplist);
|
||||
|
|
@ -2135,6 +2140,7 @@ gpgsm_exit (int rc)
|
|||
gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
|
||||
if (opt.debug & DBG_MEMSTAT_VALUE)
|
||||
{
|
||||
log_info ("cert_chain_cache: cached=%u\n", parent_cache_stats);
|
||||
gcry_control( GCRYCTL_DUMP_MEMORY_STATS );
|
||||
gcry_control( GCRYCTL_DUMP_RANDOM_STATS );
|
||||
}
|
||||
|
|
@ -2156,6 +2162,27 @@ gpgsm_init_default_ctrl (struct server_control_s *ctrl)
|
|||
}
|
||||
|
||||
|
||||
/* This function is called to deinitialize a control object. The
|
||||
* control object is is not released, though. */
|
||||
void
|
||||
gpgsm_deinit_default_ctrl (ctrl_t ctrl)
|
||||
{
|
||||
unsigned int n;
|
||||
|
||||
n = 0;
|
||||
while (ctrl->parent_cert_cache)
|
||||
{
|
||||
cert_cache_item_t next = ctrl->parent_cert_cache->next;
|
||||
ksba_cert_release (ctrl->parent_cert_cache->result);
|
||||
xfree (ctrl->parent_cert_cache);
|
||||
ctrl->parent_cert_cache = next;
|
||||
n++;
|
||||
}
|
||||
if (n > parent_cache_stats)
|
||||
parent_cache_stats = n;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
gpgsm_parse_validation_model (const char *model)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue