diff options
author | Matt Caswell <matt@openssl.org> | 2023-07-10 17:41:06 +0100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-07-17 08:12:06 +1000 |
commit | 32d3c3abf3b74df1d9ebe562ba90f4dc3bdf2d4f (patch) | |
tree | 5949bc935f8b7b7500e9ed543c89ebdf0c3571ac /providers/implementations | |
parent | 1e398bec538978b9957e69bf9e12b3c626290bea (diff) |
Optimise PKEY decoders
The most expensive part of using a PKEY decoder is the
OSSL_DECODER_CTX_new_for_pkey() call. This builds up all of the decoder
chains, which is a complex and time consuming operation. However, if no
new providers have been loaded/unloaded since the last time it was called
we can expect the same results for the same parameters. Note that this
operation takes place *before* we event parse the data for decoding so it
is not dependent on the parsed data at all.
We introduce a cache for OSSL_DECODER_CTX objects. If we have been called
with the same parameters then we just duplicate an existing
OSSL_DECODER_CTX. This should be significantly faster than creating a new
one every time.
Partially addressed the issue in #15199
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21426)
Diffstat (limited to 'providers/implementations')
-rw-r--r-- | providers/implementations/storemgmt/file_store.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c index bcc037c6d4..e7added1a9 100644 --- a/providers/implementations/storemgmt/file_store.c +++ b/providers/implementations/storemgmt/file_store.c @@ -55,9 +55,7 @@ static OSSL_FUNC_store_close_fn file_close; * passes that on to the data callback; this decoder is created with * internal OpenSSL functions, thereby bypassing the need for a surrounding * provider. This is ok, since this is a local decoder, not meant for - * public consumption. It also uses the libcrypto internal decoder - * setup function ossl_decoder_ctx_setup_for_pkey(), to allow the - * last resort decoder to be added first (and thereby be executed last). + * public consumption. * Finally, it sets up its own construct and cleanup functions. * * Essentially, that makes this implementation a kind of glorified decoder. |