Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: reconcile oneshot sign/verify sync and async implementations #37816

Closed
wants to merge 1 commit into from

Conversation

panva
Copy link
Member

@panva panva commented Mar 19, 2021

This reconciles the crypto.sign and crypto.verify C++ implementation when running with or without a callback.

@panva panva added wip Issues and PRs that are still a work in progress. semver-major PRs that contain breaking changes and should be released in the next major version. labels Mar 19, 2021
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Mar 19, 2021
@panva panva force-pushed the reconsile-oneshot branch from a1de71c to bbc1058 Compare March 19, 2021 20:59
@panva panva removed the wip Issues and PRs that are still a work in progress. label Mar 19, 2021
@panva panva marked this pull request as ready for review March 19, 2021 21:02
@panva panva force-pushed the reconsile-oneshot branch from bbc1058 to e82cbd1 Compare March 19, 2021 21:03
@nodejs-github-bot

This comment has been minimized.

@panva panva requested a review from jasnell March 19, 2021 21:04
@panva panva removed the needs-ci PRs that need a full CI run. label Mar 19, 2021
@panva
Copy link
Member Author

panva commented Mar 19, 2021

cc @nodejs/crypto

@panva panva requested a review from tniessen March 19, 2021 21:12
@panva panva removed the semver-major PRs that contain breaking changes and should be released in the next major version. label Mar 19, 2021
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 20, 2021

@mscdex

This comment has been minimized.

@panva

This comment has been minimized.

@mscdex

This comment has been minimized.

@panva panva force-pushed the reconsile-oneshot branch from 9655b0f to b2f8ba7 Compare March 20, 2021 21:00
@panva panva marked this pull request as draft March 20, 2021 21:37
@panva panva removed request for jasnell and tniessen March 20, 2021 21:37
@panva panva added the wip Issues and PRs that are still a work in progress. label Mar 20, 2021
@panva panva force-pushed the reconsile-oneshot branch 2 times, most recently from 145ce72 to c1b1f4d Compare March 21, 2021 10:04
@panva

This comment has been minimized.

@panva

This comment has been minimized.

@panva

This comment has been minimized.

@panva panva force-pushed the reconsile-oneshot branch from 96c63ed to dfdf742 Compare March 22, 2021 14:09
@nodejs-github-bot

This comment has been minimized.

@panva panva force-pushed the reconsile-oneshot branch from dfdf742 to 20ee199 Compare March 22, 2021 15:20
@tniessen
Copy link
Member

@panva @danbev Re thread-safety:

Thinking further...

  • If there really is no way to use EVP_PKEYs from multiple threads, then why do they implement thread-safe reference counters?
  • Assuming there really is no way to use EVP_PKEYs from multiple threads, then we should be able to clone EVP_PKEY instances before using them to prevent mutexes from negatively affecting performance.

@danbev
Copy link
Contributor

danbev commented Mar 24, 2021

I'm aware of these and I saw that evp_pkey_downgrade was recently replaced. But even with it gone I think we might put ourselves in the same situation we have now where we are using objects that are not guaranteed to be thread safe.

I think the suggestions here are good and worth pursuing. What I would like is we get the OpenSSL 3.0 CI job in place before we start this work. It was time consuming to get all the tests to pass against OpenSSL 3.0 and the threading issue was only one of them. At the moment any changes to crypto could break the tests and I have to go chasing them down afterwards.

@panva
Copy link
Member Author

panva commented Mar 24, 2021

@danbev are you tracking the places where parallel performance may have been affected by these openssl3 related changes?

If not we have to look at all crypto async APIs (that's for sure this one here and all of webcrypto) and bench them with the same keyobject vs unique keyobjects, before and after the changes were put in place and figure out a way forward if performance was impacted like this API here.

Ideally this would've been done before the changes landed in a release.

@danbev
Copy link
Contributor

danbev commented Mar 24, 2021

are you tracking the places where parallel performance may have been affected by these openssl3 related changes?

Anywhere an EVP_PKEY is used from multiple threads. There was an assumption that this was not required with versions prior to OpenSSL 3.0, but there was never such a guarantee from OpenSSL about this as far as I understand it.

@nodejs-github-bot

This comment has been minimized.

@nodejs-github-bot

This comment has been minimized.

@panva panva force-pushed the reconsile-oneshot branch from fa72887 to bbad5ba Compare April 7, 2021 16:15
@nodejs-github-bot

This comment has been minimized.

@panva
Copy link
Member Author

panva commented Apr 7, 2021

@danbev @tniessen I've added a parallel libuv threaded test and the only failure with openssl3 is the one from #38136. Can I assume the lock is therefore not necessary and this can proceed?

@nodejs-github-bot

This comment has been minimized.

@nodejs-github-bot
Copy link
Collaborator

Copy link
Member

@jasnell jasnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent work

@panva panva added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 8, 2021
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mcollina
Copy link
Member

mcollina commented Apr 8, 2021

Why is this identified as semver-major?

@panva
Copy link
Member Author

panva commented Apr 8, 2021

Why is this identified as semver-major?

It isn't anymore. At first it looked like there were going to be minor differences.

panva added a commit that referenced this pull request Apr 8, 2021
PR-URL: #37816
Reviewed-By: Daniel Bevenius <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
@panva
Copy link
Member Author

panva commented Apr 8, 2021

Landed in e8cb644

@panva panva closed this Apr 8, 2021
@panva panva deleted the reconsile-oneshot branch April 8, 2021 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants