diff options
author | Matt Caswell <matt@openssl.org> | 2023-07-10 17:41:06 +0100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-07-17 08:12:06 +1000 |
commit | 32d3c3abf3b74df1d9ebe562ba90f4dc3bdf2d4f (patch) | |
tree | 5949bc935f8b7b7500e9ed543c89ebdf0c3571ac /crypto/provider_core.c | |
parent | 1e398bec538978b9957e69bf9e12b3c626290bea (diff) |
Optimise PKEY decoders
The most expensive part of using a PKEY decoder is the
OSSL_DECODER_CTX_new_for_pkey() call. This builds up all of the decoder
chains, which is a complex and time consuming operation. However, if no
new providers have been loaded/unloaded since the last time it was called
we can expect the same results for the same parameters. Note that this
operation takes place *before* we event parse the data for decoding so it
is not dependent on the parsed data at all.
We introduce a cache for OSSL_DECODER_CTX objects. If we have been called
with the same parameters then we just duplicate an existing
OSSL_DECODER_CTX. This should be significantly faster than creating a new
one every time.
Partially addressed the issue in #15199
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21426)
Diffstat (limited to 'crypto/provider_core.c')
-rw-r--r-- | crypto/provider_core.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 49a0eb8c46..39b11629fc 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -28,6 +28,7 @@ #include "internal/refcount.h" #include "internal/bio.h" #include "internal/core.h" +#include "internal/decoder.h" #include "provider_local.h" #include "crypto/context.h" #ifndef FIPS_MODULE @@ -657,6 +658,15 @@ int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov, ossl_provider_deactivate(prov, 0); ossl_provider_free(prov); } +#ifndef FIPS_MODULE + else { + /* + * This can be done outside the lock. We tolerate other threads getting + * the wrong result briefly when creating OSSL_DECODER_CTXs. + */ + ossl_decoder_cache_flush(prov->libctx); + } +#endif return 1; @@ -1103,6 +1113,14 @@ static int provider_deactivate(OSSL_PROVIDER *prov, int upcalls, if (lock) { CRYPTO_THREAD_unlock(prov->flag_lock); CRYPTO_THREAD_unlock(store->lock); + /* + * This can be done outside the lock. We tolerate other threads getting + * the wrong result briefly when creating OSSL_DECODER_CTXs. + */ +#ifndef FIPS_MODULE + if (count < 1) + ossl_decoder_cache_flush(prov->libctx); +#endif } #ifndef FIPS_MODULE if (freeparent) @@ -1165,6 +1183,14 @@ static int provider_activate(OSSL_PROVIDER *prov, int lock, int upcalls) if (lock) { CRYPTO_THREAD_unlock(prov->flag_lock); CRYPTO_THREAD_unlock(store->lock); + /* + * This can be done outside the lock. We tolerate other threads getting + * the wrong result briefly when creating OSSL_DECODER_CTXs. + */ +#ifndef FIPS_MODULE + if (count == 1) + ossl_decoder_cache_flush(prov->libctx); +#endif } if (!ret) |