[openssl/openssl] e568d6: Convert the ENGINE struct_ref field to be an atomic

Matt Caswell noreply at github.com
Tue Jun 6 15:11:05 UTC 2023 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: e568d64f9fd3505454704f333bc1e58286f3419d
      https://github.com/openssl/openssl/commit/e568d64f9fd3505454704f333bc1e58286f3419d
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-06-06 (Tue, 06 Jun 2023)

  Changed paths:
    M crypto/engine/eng_ctrl.c
    M crypto/engine/eng_init.c
    M crypto/engine/eng_lib.c
    M crypto/engine/eng_list.c
    M crypto/engine/eng_local.h
    M crypto/engine/tb_asnmth.c

  Log Message:
  -----------
  Convert the ENGINE struct_ref field to be an atomic

We use atomic primitives to up ref and down the struct_ref field rather
than relying on the global lock for this.

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20950)


  Commit: b8fa5be5506e43b405c9a3ecc3d65c77044777be
      https://github.com/openssl/openssl/commit/b8fa5be5506e43b405c9a3ecc3d65c77044777be
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-06-06 (Tue, 06 Jun 2023)

  Changed paths:
    M crypto/engine/tb_asnmth.c

  Log Message:
  -----------
  Modify ENGINE_pkey_asn1_find_str() to use a read lock instead of a write

ENGINE_pkey_asn1_find_str() does not make any modifications to fields
controlled by the global_engine_lock. The only change made is the struct_ref
field which is controlled separately. Therefore we can afford to only take
a read lock. This also impacts EVP_PKEY_asn1_find_str().

This lock ends up being obtained indirectly from numerous public API
functions including EVP_PKEY_key_gen(), EVP_PKEY_new_raw_public_key_ex(),
EVP_PKEY_copy_parameters() etc. This occurs even if no engines are actually
in use.

Some tests showed this lock being obtained 6 times after a "warmed up"
s_server instance with default configuration processed a handshake from a
default s_client. When processing a resumption handshake from s_client it
was obtained 8 times.

Partially fixes #20286

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20950)


Compare: https://github.com/openssl/openssl/compare/68668243b176...b8fa5be5506e

More information about the openssl-commits mailing list