From 32d3c3abf3b74df1d9ebe562ba90f4dc3bdf2d4f Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 10 Jul 2023 17:41:06 +0100 Subject: Optimise PKEY decoders The most expensive part of using a PKEY decoder is the OSSL_DECODER_CTX_new_for_pkey() call. This builds up all of the decoder chains, which is a complex and time consuming operation. However, if no new providers have been loaded/unloaded since the last time it was called we can expect the same results for the same parameters. Note that this operation takes place *before* we event parse the data for decoding so it is not dependent on the parsed data at all. We introduce a cache for OSSL_DECODER_CTX objects. If we have been called with the same parameters then we just duplicate an existing OSSL_DECODER_CTX. This should be significantly faster than creating a new one every time. Partially addressed the issue in #15199 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/21426) --- include/crypto/decoder.h | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'include/crypto/decoder.h') diff --git a/include/crypto/decoder.h b/include/crypto/decoder.h index a496f23e49..514190fca2 100644 --- a/include/crypto/decoder.h +++ b/include/crypto/decoder.h @@ -25,14 +25,10 @@ void *ossl_decoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, OSSL_DECODER_INSTANCE * ossl_decoder_instance_new(OSSL_DECODER *decoder, void *decoderctx); void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst); +OSSL_DECODER_INSTANCE *ossl_decoder_instance_dup(const OSSL_DECODER_INSTANCE *src); int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx, OSSL_DECODER_INSTANCE *di); -int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, - EVP_PKEY **pkey, const char *keytype, - OSSL_LIB_CTX *libctx, - const char *propquery); - int ossl_decoder_get_number(const OSSL_DECODER *encoder); int ossl_decoder_store_cache_flush(OSSL_LIB_CTX *libctx); int ossl_decoder_store_remove_all_provided(const OSSL_PROVIDER *prov); -- cgit v1.2.3