From: Matt Caswell <matt@openssl.org>
Date: Fri, 12 May 2023 14:52:07 +0000 (+0100)
Subject: Avoid an unneccessary lock if we didn't add anything to the store
X-Git-Tag: openssl-3.1.2~77
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00bea959ab580c78e00eb56780fec8d53dab054d;p=thirdparty%2Fopenssl.git

Avoid an unneccessary lock if we didn't add anything to the store

Partially fixes #20286

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20952)

(cherry picked from commit 50001e0e15d4a96213c2eea7c56f80087afa89fd)
---

diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 1bc397a8470..97e6ea0ee18 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -348,11 +348,15 @@ static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
         /*
          * we have added it to the cache so now pull it out again
          */
-        X509_STORE_lock(xl->store_ctx);
-        j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
-        tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
-        X509_STORE_unlock(xl->store_ctx);
-
+        if (k > 0) {
+            X509_STORE_lock(xl->store_ctx);
+            j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
+            tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
+            X509_STORE_unlock(xl->store_ctx);
+        } else {
+            j = -1;
+            tmp = NULL;
+        }
         /*
          * If a CRL, update the last file suffix added for this.
          * We don't need to add an entry if k is 0 as this is the initial value.