[SERVER-73430] Improve Hash, HMAC, and Crypto algo lookup for OpenSSL 3.0 Created: 30/Jan/23 Updated: 14/Dec/23 Resolved: 18/May/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 7.1.0-rc0, 7.0.0-rc3, 6.0.12, 5.0.23 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Mark Benvenuto | Assignee: | Mark Benvenuto |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Assigned Teams: |
Server Security
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Backport Requested: |
v7.0, v6.0, v5.0
|
||||||||
| Sprint: | Security 2023-05-29 | ||||||||
| Participants: | |||||||||
| Description |
|
In OpenSSL 3.0, the EVP_sha256 function and others like (aes256, etc) are deprecated in favor of the new functions EVP_MD_fetch/EVP_CIPHER_fetch. MongoDB should call EVP_MD_fetch/EVP_CIPHER_fetch once at startup (like on Windows) when compiled against OpenSSl 3.0. If MongoDB does not call these functions, these are instead called by OpenSSL on each call to EVP_DigestInit_ex which is wasteful. The lookup is time consuming enough to show up on performance tests in MongoDB code which are crypto sensitive. Reference: |
| Comments |
| Comment by Githook User [ 01/Nov/23 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: (cherry picked from commit 66fd15f186862220273ccb093e0551aa49ca8ac6) |
| Comment by Githook User [ 24/Oct/23 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: (cherry picked from commit 66fd15f186862220273ccb093e0551aa49ca8ac6) |
| Comment by Githook User [ 06/Jun/23 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: (cherry picked from commit 66fd15f186862220273ccb093e0551aa49ca8ac6) |
| Comment by Githook User [ 18/May/23 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: |