mirror of
https://github.com/qpdf/qpdf.git
synced 2025-01-03 15:17:29 +00:00
Fix major performance bug with openssl crypto (fixes #798)
Lazily load MD5 and RC4 once in the life of the program. Only load the legacy provider if RC4 is actually being used.
This commit is contained in:
parent
b745920961
commit
2bc9121fa1
@ -1,5 +1,10 @@
|
|||||||
2022-10-08 Jay Berkenbilt <ejb@ql.org>
|
2022-10-08 Jay Berkenbilt <ejb@ql.org>
|
||||||
|
|
||||||
|
* Fix major performance bug with the openssl crypto provider when
|
||||||
|
using OpenSSL 3. The legacy loader and rc4 algorithm was being
|
||||||
|
loaded with every call to the crypto provider instead of once in
|
||||||
|
the life of the program. Fixes #798.
|
||||||
|
|
||||||
* performance_check: add --test option to limit which tests are
|
* performance_check: add --test option to limit which tests are
|
||||||
run.
|
run.
|
||||||
|
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
#include <qpdf/QPDFCrypto_openssl.hh>
|
#include <qpdf/QPDFCrypto_openssl.hh>
|
||||||
|
|
||||||
#include <cstring>
|
#include <cstring>
|
||||||
|
#include <memory>
|
||||||
#include <stdexcept>
|
#include <stdexcept>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
@ -18,6 +19,60 @@
|
|||||||
|
|
||||||
#include <qpdf/QIntC.hh>
|
#include <qpdf/QIntC.hh>
|
||||||
|
|
||||||
|
#ifndef QPDF_OPENSSL_1
|
||||||
|
namespace
|
||||||
|
{
|
||||||
|
class RC4Loader
|
||||||
|
{
|
||||||
|
public:
|
||||||
|
static EVP_CIPHER const* getRC4();
|
||||||
|
~RC4Loader();
|
||||||
|
|
||||||
|
private:
|
||||||
|
RC4Loader();
|
||||||
|
OSSL_PROVIDER* legacy;
|
||||||
|
OSSL_LIB_CTX* libctx;
|
||||||
|
EVP_CIPHER* rc4;
|
||||||
|
};
|
||||||
|
} // namespace
|
||||||
|
|
||||||
|
EVP_CIPHER const*
|
||||||
|
RC4Loader::getRC4()
|
||||||
|
{
|
||||||
|
static auto loader = std::shared_ptr<RC4Loader>(new RC4Loader());
|
||||||
|
return loader->rc4;
|
||||||
|
}
|
||||||
|
|
||||||
|
RC4Loader::RC4Loader()
|
||||||
|
{
|
||||||
|
libctx = OSSL_LIB_CTX_new();
|
||||||
|
if (libctx == nullptr) {
|
||||||
|
throw std::runtime_error("unable to create openssl library context");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
legacy = OSSL_PROVIDER_load(libctx, "legacy");
|
||||||
|
if (legacy == nullptr) {
|
||||||
|
OSSL_LIB_CTX_free(libctx);
|
||||||
|
throw std::runtime_error("unable to load openssl legacy provider");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
rc4 = EVP_CIPHER_fetch(libctx, "RC4", nullptr);
|
||||||
|
if (rc4 == nullptr) {
|
||||||
|
OSSL_PROVIDER_unload(legacy);
|
||||||
|
OSSL_LIB_CTX_free(libctx);
|
||||||
|
throw std::runtime_error("unable to load openssl rc4 algorithm");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
RC4Loader::~RC4Loader()
|
||||||
|
{
|
||||||
|
EVP_CIPHER_free(rc4);
|
||||||
|
OSSL_PROVIDER_unload(legacy);
|
||||||
|
OSSL_LIB_CTX_free(libctx);
|
||||||
|
}
|
||||||
|
#endif // not QPDF_OPENSSL_1
|
||||||
|
|
||||||
static void
|
static void
|
||||||
bad_bits(int bits)
|
bad_bits(int bits)
|
||||||
{
|
{
|
||||||
@ -41,32 +96,9 @@ check_openssl(int status)
|
|||||||
}
|
}
|
||||||
|
|
||||||
QPDFCrypto_openssl::QPDFCrypto_openssl() :
|
QPDFCrypto_openssl::QPDFCrypto_openssl() :
|
||||||
#ifdef QPDF_OPENSSL_1
|
|
||||||
rc4(EVP_rc4()),
|
|
||||||
#endif
|
|
||||||
md_ctx(EVP_MD_CTX_new()),
|
md_ctx(EVP_MD_CTX_new()),
|
||||||
cipher_ctx(EVP_CIPHER_CTX_new())
|
cipher_ctx(EVP_CIPHER_CTX_new())
|
||||||
{
|
{
|
||||||
#ifndef QPDF_OPENSSL_1
|
|
||||||
libctx = OSSL_LIB_CTX_new();
|
|
||||||
if (libctx == nullptr) {
|
|
||||||
throw std::runtime_error("unable to create openssl library context");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
legacy = OSSL_PROVIDER_load(libctx, "legacy");
|
|
||||||
if (legacy == nullptr) {
|
|
||||||
OSSL_LIB_CTX_free(libctx);
|
|
||||||
throw std::runtime_error("unable to load openssl legacy provider");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
rc4 = EVP_CIPHER_fetch(libctx, "RC4", nullptr);
|
|
||||||
if (rc4 == nullptr) {
|
|
||||||
OSSL_PROVIDER_unload(legacy);
|
|
||||||
OSSL_LIB_CTX_free(libctx);
|
|
||||||
throw std::runtime_error("unable to load openssl rc4 algorithm");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
memset(md_out, 0, sizeof(md_out));
|
memset(md_out, 0, sizeof(md_out));
|
||||||
EVP_MD_CTX_init(md_ctx);
|
EVP_MD_CTX_init(md_ctx);
|
||||||
EVP_CIPHER_CTX_init(cipher_ctx);
|
EVP_CIPHER_CTX_init(cipher_ctx);
|
||||||
@ -77,11 +109,6 @@ QPDFCrypto_openssl::~QPDFCrypto_openssl()
|
|||||||
EVP_MD_CTX_reset(md_ctx);
|
EVP_MD_CTX_reset(md_ctx);
|
||||||
EVP_CIPHER_CTX_reset(cipher_ctx);
|
EVP_CIPHER_CTX_reset(cipher_ctx);
|
||||||
EVP_CIPHER_CTX_free(cipher_ctx);
|
EVP_CIPHER_CTX_free(cipher_ctx);
|
||||||
#ifndef QPDF_OPENSSL_1
|
|
||||||
EVP_CIPHER_free(rc4);
|
|
||||||
OSSL_PROVIDER_unload(legacy);
|
|
||||||
OSSL_LIB_CTX_free(libctx);
|
|
||||||
#endif
|
|
||||||
EVP_MD_CTX_free(md_ctx);
|
EVP_MD_CTX_free(md_ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -101,7 +128,7 @@ QPDFCrypto_openssl::MD5_init()
|
|||||||
void
|
void
|
||||||
QPDFCrypto_openssl::SHA2_init(int bits)
|
QPDFCrypto_openssl::SHA2_init(int bits)
|
||||||
{
|
{
|
||||||
const EVP_MD* md = EVP_sha512();
|
static const EVP_MD* md = EVP_sha512();
|
||||||
switch (bits) {
|
switch (bits) {
|
||||||
case 256:
|
case 256:
|
||||||
md = EVP_sha256();
|
md = EVP_sha256();
|
||||||
@ -174,6 +201,11 @@ QPDFCrypto_openssl::SHA2_digest()
|
|||||||
void
|
void
|
||||||
QPDFCrypto_openssl::RC4_init(unsigned char const* key_data, int key_len)
|
QPDFCrypto_openssl::RC4_init(unsigned char const* key_data, int key_len)
|
||||||
{
|
{
|
||||||
|
#ifdef QPDF_OPENSSL_1
|
||||||
|
static auto const rc4 = EVP_rc4();
|
||||||
|
#else
|
||||||
|
static auto const rc4 = RC4Loader::getRC4();
|
||||||
|
#endif
|
||||||
check_openssl(EVP_CIPHER_CTX_reset(cipher_ctx));
|
check_openssl(EVP_CIPHER_CTX_reset(cipher_ctx));
|
||||||
if (key_len == -1) {
|
if (key_len == -1) {
|
||||||
key_len =
|
key_len =
|
||||||
|
@ -58,13 +58,6 @@ class QPDFCrypto_openssl: public QPDFCryptoImpl
|
|||||||
void rijndael_finalize() override;
|
void rijndael_finalize() override;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
#ifdef QPDF_OPENSSL_1
|
|
||||||
EVP_CIPHER const* rc4;
|
|
||||||
#else
|
|
||||||
OSSL_LIB_CTX* libctx;
|
|
||||||
OSSL_PROVIDER* legacy;
|
|
||||||
EVP_CIPHER* rc4;
|
|
||||||
#endif
|
|
||||||
EVP_MD_CTX* const md_ctx;
|
EVP_MD_CTX* const md_ctx;
|
||||||
EVP_CIPHER_CTX* const cipher_ctx;
|
EVP_CIPHER_CTX* const cipher_ctx;
|
||||||
uint8_t md_out[EVP_MAX_MD_SIZE];
|
uint8_t md_out[EVP_MAX_MD_SIZE];
|
||||||
|
@ -13,6 +13,13 @@ For a detailed list of changes, please see the file
|
|||||||
|
|
||||||
- A C++-17 compiler is now required.
|
- A C++-17 compiler is now required.
|
||||||
|
|
||||||
|
- Bug fixes
|
||||||
|
|
||||||
|
- Fix major performance bug with the OpenSSL crypto provider. This
|
||||||
|
bug was causing a 6x to 12x slowdown for encrypted files when
|
||||||
|
OpenSSL 3 was in use. This includes the default Windows builds
|
||||||
|
distributed with the qpdf release.
|
||||||
|
|
||||||
11.1.1: October 1, 2022
|
11.1.1: October 1, 2022
|
||||||
- Bug fixes
|
- Bug fixes
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user