Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-73430

Improve Hash, HMAC, and Crypto algo lookup for OpenSSL 3.0

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 7.1.0-rc0, 7.0.0-rc3, 6.0.12, 5.0.23
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • Server Security
    • Fully Compatible
    • v7.0, v6.0, v5.0
    • Security 2023-05-29

      In OpenSSL 3.0, the EVP_sha256 function and others like (aes256, etc) are deprecated in favor of the new functions EVP_MD_fetch/EVP_CIPHER_fetch.

      MongoDB should call EVP_MD_fetch/EVP_CIPHER_fetch once at startup (like on Windows) when compiled against OpenSSl 3.0. If MongoDB does not call these functions, these are instead called by OpenSSL on each call to EVP_DigestInit_ex which is wasteful. The lookup is time consuming enough to show up on performance tests in MongoDB code which are crypto sensitive.

      Reference:
      https://www.openssl.org/docs/man3.0/man7/crypto.html

            Assignee:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Reporter:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: