[openssl/openssl] 32d3c3: Optimise PKEY decoders

Matt Caswell noreply at github.com
Sun Jul 16 22:14:05 UTC 2023 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 32d3c3abf3b74df1d9ebe562ba90f4dc3bdf2d4f
      https://github.com/openssl/openssl/commit/32d3c3abf3b74df1d9ebe562ba90f4dc3bdf2d4f
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-07-17 (Mon, 17 Jul 2023)

  Changed paths:
    M crypto/context.c
    M crypto/encode_decode/decoder_lib.c
    M crypto/encode_decode/decoder_pkey.c
    M crypto/evp/evp_fetch.c
    M crypto/provider_core.c
    M include/crypto/decoder.h
    M include/internal/cryptlib.h
    A include/internal/decoder.h
    M providers/implementations/storemgmt/file_store.c

  Log Message:
  -----------
  Optimise PKEY decoders

The most expensive part of using a PKEY decoder is the
OSSL_DECODER_CTX_new_for_pkey() call. This builds up all of the decoder
chains, which is a complex and time consuming operation. However, if no
new providers have been loaded/unloaded since the last time it was called
we can expect the same results for the same parameters. Note that this
operation takes place *before* we event parse the data for decoding so it
is not dependent on the parsed data at all.

We introduce a cache for OSSL_DECODER_CTX objects. If we have been called
with the same parameters then we just duplicate an existing
OSSL_DECODER_CTX. This should be significantly faster than creating a new
one every time.

Partially addressed the issue in #15199

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21426)


  Commit: 29f25a10e505d7b5cabadf457a1be7a5c75a8b80
      https://github.com/openssl/openssl/commit/29f25a10e505d7b5cabadf457a1be7a5c75a8b80
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-07-17 (Mon, 17 Jul 2023)

  Changed paths:
    M test/threadstest.c

  Log Message:
  -----------
  Test loading a PEM file from multiple threads

The new decoder optimisation has some locking involved so we confirm that
reading a PEM file from multiple threads works as expected.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21426)


Compare: https://github.com/openssl/openssl/compare/1e398bec5389...29f25a10e505

More information about the openssl-commits mailing list