From 00bea959ab580c78e00eb56780fec8d53dab054d Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 12 May 2023 15:52:07 +0100
Subject: [PATCH] Avoid an unneccessary lock if we didn't add anything to the
 store

Partially fixes #20286

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20952)

(cherry picked from commit 50001e0e15d4a96213c2eea7c56f80087afa89fd)
---
 crypto/x509/by_dir.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 1bc397a847..97e6ea0ee1 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -348,12 +348,16 @@ static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
         /*
          * we have added it to the cache so now pull it out again
          */
-        if (!X509_STORE_lock(xl->store_ctx))
-            goto finish;
-        j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
-        tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
-        X509_STORE_unlock(xl->store_ctx);
-
+        if (k > 0) {
+            if (!X509_STORE_lock(xl->store_ctx))
+                goto finish;
+            j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
+            tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
+            X509_STORE_unlock(xl->store_ctx);
+        } else {
+            j = -1;
+            tmp = NULL;
+        }
         /*
          * If a CRL, update the last file suffix added for this.
          * We don't need to add an entry if k is 0 as this is the initial value.
-- 
2.33.0