[Pkg-gnupg-commit] [gnupg2] 17/102: gpg: Speed up key listing in Tofu mode.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jun 17 00:14:50 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 78bb08425af5b1edb7f3ef0119013529b3a9e4ba
Author: Werner Koch <wk at gnupg.org>
Date: Sat May 21 20:38:18 2016 +0200
gpg: Speed up key listing in Tofu mode.
* g10/tofu.c (get_trust): Add arg PK. Uses this instead of a an extra
lookup of the public key by fingerrpint.
(tofu_register): Pass PK to get_trust.
(tofu_get_validity): Ditto.
*g10/tofu.c (tofu_register): Remove unused FINGERPRINT_PP.
--
With my test keybox I see a speedup of 10 times (33s to 3.1s). The
reason for this was the extra key lookup which I hacked in at some
point to make the extraction of a keyid correct also for non v4 keys.
However our caller already has the public key and thus can easily pass
it to get_trust along with the fingerprint.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
g10/tofu.c | 68 +++++++++++++++++---------------------------------------------
1 file changed, 18 insertions(+), 50 deletions(-)
diff --git a/g10/tofu.c b/g10/tofu.c
index 78bc02c..043ecb1 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1603,19 +1603,22 @@ get_policy (tofu_dbs_t dbs, const char *fingerprint, const char *email,
}
/* Return the trust level (TRUST_NEVER, etc.) for the binding
- <FINGERPRINT, EMAIL> (email is already normalized). If no policy
- is registered, returns TOFU_POLICY_NONE. If an error occurs,
- returns _tofu_GET_TRUST_ERROR.
-
- USER_ID is the unadultered user id.
-
- If MAY_ASK is set, then we may interact with the user. This is
- necessary if there is a conflict or the binding's policy is
- TOFU_POLICY_ASK. In the case of a conflict, we set the new
- conflicting binding's policy to TOFU_POLICY_ASK. In either case,
- we return TRUST_UNDEFINED. */
+ * <FINGERPRINT, EMAIL> (email is already normalized). If no policy
+ * is registered, returns TOFU_POLICY_NONE. If an error occurs,
+ * returns _tofu_GET_TRUST_ERROR.
+ *
+ * PK is the public key object for FINGERPRINT.
+ *
+ * USER_ID is the unadulterated user id.
+ *
+ * If MAY_ASK is set, then we may interact with the user. This is
+ * necessary if there is a conflict or the binding's policy is
+ * TOFU_POLICY_ASK. In the case of a conflict, we set the new
+ * conflicting binding's policy to TOFU_POLICY_ASK. In either case,
+ * we return TRUST_UNDEFINED. */
static enum tofu_policy
-get_trust (tofu_dbs_t dbs, const char *fingerprint, const char *email,
+get_trust (tofu_dbs_t dbs, PKT_public_key *pk,
+ const char *fingerprint, const char *email,
const char *user_id, int may_ask)
{
char *fingerprint_pp;
@@ -1650,42 +1653,10 @@ get_trust (tofu_dbs_t dbs, const char *fingerprint, const char *email,
policy = get_policy (dbs, fingerprint, email, &conflict);
if (policy == TOFU_POLICY_AUTO || policy == TOFU_POLICY_NONE)
- /* See if the key is ultimately trusted. If so, we're done. */
- {
- PKT_public_key *pk;
+ { /* See if the key is ultimately trusted. If so, we're done. */
u32 kid[2];
- char fpr_bin[MAX_FINGERPRINT_LEN+1];
- size_t fpr_bin_len;
-
- if (!hex2str (fingerprint, fpr_bin, sizeof fpr_bin, &fpr_bin_len))
- {
- log_error ("error converting fingerprint: %s\n",
- gpg_strerror (gpg_error_from_syserror ()));
- return _tofu_GET_TRUST_ERROR;
- }
- /* We need to lookup the key by fingerprint again so that we can
- properly extract the keyid. Extracting direct from the
- fingerprint works only for v4 keys and would assume that
- there is no collision in the low 64 bit. We can't guarantee
- the latter in case the Tofu DB is used with a different
- keyring. In any case the UTK stuff needs to be changed to
- use only fingerprints. */
- pk = xtrycalloc (1, sizeof *pk);
- if (!pk)
- {
- log_error (_("out of core\n"));
- return _tofu_GET_TRUST_ERROR;
- }
- rc = get_pubkey_byfprint_fast (pk, fpr_bin, fpr_bin_len);
- if (rc)
- {
- log_error (_("public key %s not found: %s\n"),
- fingerprint, gpg_strerror (rc));
- return _tofu_GET_TRUST_ERROR;
- }
keyid_from_pk (pk, kid);
- free_public_key (pk);
if (tdb_keyid_is_utk (kid))
{
@@ -2670,7 +2641,6 @@ tofu_register (ctrl_t ctrl, PKT_public_key *pk, const char *user_id,
tofu_dbs_t dbs;
struct db *db;
char *fingerprint = NULL;
- char *fingerprint_pp = NULL;
char *email = NULL;
char *err = NULL;
int rc;
@@ -2690,7 +2660,6 @@ tofu_register (ctrl_t ctrl, PKT_public_key *pk, const char *user_id,
}
fingerprint = hexfingerprint (pk, NULL, 0);
- fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0);
if (! *user_id)
{
@@ -2706,7 +2675,7 @@ tofu_register (ctrl_t ctrl, PKT_public_key *pk, const char *user_id,
/* It's necessary to get the trust so that we are certain that the
binding has been registered. */
- trust_level = get_trust (dbs, fingerprint, email, user_id, may_ask);
+ trust_level = get_trust (dbs, pk, fingerprint, email, user_id, may_ask);
if (trust_level == _tofu_GET_TRUST_ERROR)
/* An error. */
{
@@ -2821,7 +2790,6 @@ tofu_register (ctrl_t ctrl, PKT_public_key *pk, const char *user_id,
already_verified ? NULL : sig_digest);
xfree (email);
- xfree (fingerprint_pp);
xfree (fingerprint);
xfree (sig_digest);
@@ -2929,7 +2897,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, const char *user_id,
email = email_from_user_id (user_id);
- trust_level = get_trust (dbs, fingerprint, email, user_id, may_ask);
+ trust_level = get_trust (dbs, pk, fingerprint, email, user_id, may_ask);
if (trust_level == _tofu_GET_TRUST_ERROR)
/* An error. */
trust_level = TRUST_UNDEFINED;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list