From 32d3c3abf3b74df1d9ebe562ba90f4dc3bdf2d4f Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 10 Jul 2023 17:41:06 +0100 Subject: Optimise PKEY decoders The most expensive part of using a PKEY decoder is the OSSL_DECODER_CTX_new_for_pkey() call. This builds up all of the decoder chains, which is a complex and time consuming operation. However, if no new providers have been loaded/unloaded since the last time it was called we can expect the same results for the same parameters. Note that this operation takes place *before* we event parse the data for decoding so it is not dependent on the parsed data at all. We introduce a cache for OSSL_DECODER_CTX objects. If we have been called with the same parameters then we just duplicate an existing OSSL_DECODER_CTX. This should be significantly faster than creating a new one every time. Partially addressed the issue in #15199 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/21426) --- crypto/evp/evp_fetch.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'crypto/evp') diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 9e4f80d218..b21c6f283b 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -17,6 +17,7 @@ #include "internal/core.h" #include "internal/provider.h" #include "internal/namemap.h" +#include "internal/decoder.h" #include "crypto/evp.h" /* evp_local.h needs it */ #include "evp_local.h" @@ -422,6 +423,7 @@ static int evp_set_parsed_default_properties(OSSL_LIB_CTX *libctx, OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, loadconfig); if (plp != NULL && store != NULL) { + int ret; #ifndef FIPS_MODULE char *propstr = NULL; size_t strsz; @@ -455,8 +457,12 @@ static int evp_set_parsed_default_properties(OSSL_LIB_CTX *libctx, #endif ossl_property_free(*plp); *plp = def_prop; - if (store != NULL) - return ossl_method_store_cache_flush_all(store); + + ret = ossl_method_store_cache_flush_all(store); +#ifndef FIPS_MODULE + ossl_decoder_cache_flush(libctx); +#endif + return ret; } ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); return 0; -- cgit v1.2.3