[SERVER-73430] Improve Hash, HMAC, and Crypto algo lookup for OpenSSL 3.0 Created: 30/Jan/23  Updated: 14/Dec/23  Resolved: 18/May/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.1.0-rc0, 7.0.0-rc3, 6.0.12, 5.0.23

Type: Task Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
Assigned Teams:
Server Security
Backwards Compatibility: Fully Compatible
Backport Requested:
v7.0, v6.0, v5.0
Sprint: Security 2023-05-29
Participants:

 Description   

In OpenSSL 3.0, the EVP_sha256 function and others like (aes256, etc) are deprecated in favor of the new functions EVP_MD_fetch/EVP_CIPHER_fetch.

MongoDB should call EVP_MD_fetch/EVP_CIPHER_fetch once at startup (like on Windows) when compiled against OpenSSl 3.0. If MongoDB does not call these functions, these are instead called by OpenSSL on each call to EVP_DigestInit_ex which is wasteful. The lookup is time consuming enough to show up on performance tests in MongoDB code which are crypto sensitive.

Reference:
https://www.openssl.org/docs/man3.0/man7/crypto.html



 Comments   
Comment by Githook User [ 01/Nov/23 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-73430 Improve Hash, HMAC, and Crypto algo lookup for OpenSSL 3.0

(cherry picked from commit 66fd15f186862220273ccb093e0551aa49ca8ac6)
Branch: v5.0
https://github.com/mongodb/mongo/commit/048555e822208c28ee3460e0f6389cbc437e1cb7

Comment by Githook User [ 24/Oct/23 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-73430 Improve Hash, HMAC, and Crypto algo lookup for OpenSSL 3.0

(cherry picked from commit 66fd15f186862220273ccb093e0551aa49ca8ac6)
Branch: v6.0
https://github.com/mongodb/mongo/commit/613bc82f4e602a3b850715b1acc91196ef0c23c0

Comment by Githook User [ 06/Jun/23 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-73430 Improve Hash, HMAC, and Crypto algo lookup for OpenSSL 3.0

(cherry picked from commit 66fd15f186862220273ccb093e0551aa49ca8ac6)
Branch: v7.0
https://github.com/mongodb/mongo/commit/b3c020710283787cc55f8a6505f55994061a748a

Comment by Githook User [ 18/May/23 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-73430 Improve Hash, HMAC, and Crypto algo lookup for OpenSSL 3.0
Branch: master
https://github.com/mongodb/mongo/commit/66fd15f186862220273ccb093e0551aa49ca8ac6

Generated at Thu Feb 08 06:24:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.