Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 7.1.0-rc0, 7.0.0-rc3, 6.0.12, 5.0.23
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
Backport Requested:

v7.0, v6.0, v5.0
Sprint:
Security 2023-05-29
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

In OpenSSL 3.0, the EVP_sha256 function and others like (aes256, etc) are deprecated in favor of the new functions EVP_MD_fetch/EVP_CIPHER_fetch.

MongoDB should call EVP_MD_fetch/EVP_CIPHER_fetch once at startup (like on Windows) when compiled against OpenSSl 3.0. If MongoDB does not call these functions, these are instead called by OpenSSL on each call to EVP_DigestInit_ex which is wasteful. The lookup is time consuming enough to show up on performance tests in MongoDB code which are crypto sensitive.

Reference:
https://www.openssl.org/docs/man3.0/man7/crypto.html

Assignee:: Mark Benvenuto
Reporter:: Mark Benvenuto
Participants:: Githook User, Mark Benvenuto
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Jan 30 2023 12:42:57 AM UTC
Updated:: Dec 14 2023 08:51:00 PM UTC
Resolved:: May 18 2023 03:05:49 PM UTC
Confidence Status Last Update:: 15/May/23 6:12 PM

Details

Description

Attachments

Forms

Activity

People

Dates