diff options
| author | Matt Caswell <matt@openssl.org> | 2023-05-12 11:57:26 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-06-06 17:09:13 +0200 |
| commit | b8fa5be5506e43b405c9a3ecc3d65c77044777be (patch) | |
| tree | 69490590f0cec4bb8f3188ccced4d8f371f733be /crypto/engine | |
| parent | e568d64f9fd3505454704f333bc1e58286f3419d (diff) | |
Modify ENGINE_pkey_asn1_find_str() to use a read lock instead of a write
ENGINE_pkey_asn1_find_str() does not make any modifications to fields
controlled by the global_engine_lock. The only change made is the struct_ref
field which is controlled separately. Therefore we can afford to only take
a read lock. This also impacts EVP_PKEY_asn1_find_str().
This lock ends up being obtained indirectly from numerous public API
functions including EVP_PKEY_key_gen(), EVP_PKEY_new_raw_public_key_ex(),
EVP_PKEY_copy_parameters() etc. This occurs even if no engines are actually
in use.
Some tests showed this lock being obtained 6 times after a "warmed up"
s_server instance with default configuration processed a handshake from a
default s_client. When processing a resumption handshake from s_client it
was obtained 8 times.
Partially fixes #20286
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20950)
Diffstat (limited to 'crypto/engine')
| -rw-r--r-- | crypto/engine/tb_asnmth.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c index fac038356b..c72bf9d22f 100644 --- a/crypto/engine/tb_asnmth.c +++ b/crypto/engine/tb_asnmth.c @@ -201,7 +201,7 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, return NULL; } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) + if (!CRYPTO_THREAD_read_lock(global_engine_lock)) return NULL; engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr); /* If found obtain a structural reference to engine */ |