diff options
author | Matt Caswell <matt@openssl.org> | 2023-07-10 17:41:06 +0100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-07-17 08:12:06 +1000 |
commit | 32d3c3abf3b74df1d9ebe562ba90f4dc3bdf2d4f (patch) | |
tree | 5949bc935f8b7b7500e9ed543c89ebdf0c3571ac /include | |
parent | 1e398bec538978b9957e69bf9e12b3c626290bea (diff) |
Optimise PKEY decoders
The most expensive part of using a PKEY decoder is the
OSSL_DECODER_CTX_new_for_pkey() call. This builds up all of the decoder
chains, which is a complex and time consuming operation. However, if no
new providers have been loaded/unloaded since the last time it was called
we can expect the same results for the same parameters. Note that this
operation takes place *before* we event parse the data for decoding so it
is not dependent on the parsed data at all.
We introduce a cache for OSSL_DECODER_CTX objects. If we have been called
with the same parameters then we just duplicate an existing
OSSL_DECODER_CTX. This should be significantly faster than creating a new
one every time.
Partially addressed the issue in #15199
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21426)
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto/decoder.h | 6 | ||||
-rw-r--r-- | include/internal/cryptlib.h | 1 | ||||
-rw-r--r-- | include/internal/decoder.h | 18 |
3 files changed, 20 insertions, 5 deletions
diff --git a/include/crypto/decoder.h b/include/crypto/decoder.h index a496f23e49..514190fca2 100644 --- a/include/crypto/decoder.h +++ b/include/crypto/decoder.h @@ -25,14 +25,10 @@ void *ossl_decoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, OSSL_DECODER_INSTANCE * ossl_decoder_instance_new(OSSL_DECODER *decoder, void *decoderctx); void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst); +OSSL_DECODER_INSTANCE *ossl_decoder_instance_dup(const OSSL_DECODER_INSTANCE *src); int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx, OSSL_DECODER_INSTANCE *di); -int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, - EVP_PKEY **pkey, const char *keytype, - OSSL_LIB_CTX *libctx, - const char *propquery); - int ossl_decoder_get_number(const OSSL_DECODER *encoder); int ossl_decoder_store_cache_flush(OSSL_LIB_CTX *libctx); int ossl_decoder_store_remove_all_provided(const OSSL_PROVIDER *prov); diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index 5aeb4fe0f2..fd2eb5d56c 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -117,6 +117,7 @@ typedef struct ossl_ex_data_global_st { # define OSSL_LIB_CTX_BIO_CORE_INDEX 17 # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 # define OSSL_LIB_CTX_THREAD_INDEX 19 +# define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20 # define OSSL_LIB_CTX_MAX_INDEXES 20 OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx); diff --git a/include/internal/decoder.h b/include/internal/decoder.h new file mode 100644 index 0000000000..bfe1429ffb --- /dev/null +++ b/include/internal/decoder.h @@ -0,0 +1,18 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_DECODER_H +# define OSSL_INTERNAL_DECODER_H +# pragma once + +void *ossl_decoder_cache_new(OSSL_LIB_CTX *ctx); +void ossl_decoder_cache_free(void *vcache); +int ossl_decoder_cache_flush(OSSL_LIB_CTX *libctx); + +#endif |