Use optimised OpenSSL SHA256 function for Merkle Tree hashing (#5621)

(cherry picked from commit d473d75)
microsoft · Sep 11, 2023 · a5e7828 · a5e7828
1 parent 04e6024
commit a5e7828
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 5 deletions.
diff --git a/.daily_canary b/.daily_canary
@@ -1,4 +1,4 @@
    -^-     ___           ___
   (- -)   (= =)   |     Y   &  +--???
  (  V  ) /  .  \  O    +---=---'
-/--x-m- /--n-n---xXx--/--yY------
+/--x-m- /--n-n---xXx--/--yY--------
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -1065,7 +1065,8 @@ if(BUILD_TESTS)
     add_executable(merkle_mem src/node/test/merkle_mem.cpp)
     target_compile_options(merkle_mem PRIVATE ${COMPILE_LIBCXX})
     target_link_libraries(
-      merkle_mem PRIVATE ${CMAKE_THREAD_LIBS_INIT} ${LINK_LIBCXX} crypto
+      merkle_mem PRIVATE ${CMAKE_THREAD_LIBS_INIT} ${LINK_LIBCXX}
+                         ccfcrypto.host
     )
 
     # Raft driver and scenario test

diff --git a/src/node/history.h b/src/node/history.h
@@ -5,6 +5,7 @@
 #include "ccf/ds/logger.h"
 #include "ccf/pal/locking.h"
 #include "ccf/service/tables/nodes.h"
+#include "crypto/openssl/hash.h"
 #include "ds/thread_messaging.h"
 #include "endian.h"
 #include "kv/kv_types.h"
@@ -221,7 +222,23 @@ namespace ccf
     void set_endorsed_certificate(const crypto::Pem& cert) override {}
   };
 
-  using HistoryTree = merkle::TreeT<32, merkle::sha256_openssl>;
+  // Use optimised CCF openssl_sha256 function to avoid performance regression
+  // on OpenSSL 3.x
+  static constexpr size_t sha256_byte_size = 32;
+  static inline void sha256_history(
+    const merkle::HashT<sha256_byte_size>& l,
+    const merkle::HashT<sha256_byte_size>& r,
+    merkle::HashT<sha256_byte_size>& out)
+
+  {
+    uint8_t block[sha256_byte_size * 2];
+    memcpy(&block[0], l.bytes, sha256_byte_size);
+    memcpy(&block[sha256_byte_size], r.bytes, sha256_byte_size);
+
+    crypto::openssl_sha256(block, out.bytes);
+  }
+
+  using HistoryTree = merkle::TreeT<sha256_byte_size, ccf::sha256_history>;
 
   class Proof
   {

diff --git a/src/node/test/historical_queries.cpp b/src/node/test/historical_queries.cpp
@@ -1293,13 +1293,15 @@ TEST_CASE("StateCache concurrent access")
                                      size_t handle,
                                      const auto& error_printer) {
     std::vector<ccf::historical::StatePtr> states;
+    crypto::openssl_sha256_init();
     auto fetch_result = [&]() {
       states = cache.get_state_range(handle, range_start, range_end);
     };
     auto check_result = [&]() { return !states.empty(); };
     REQUIRE(fetch_until_timeout(fetch_result, check_result, error_printer));
     REQUIRE(states.size() == range_end - range_start + 1);
     validate_all_states(states);
+    crypto::openssl_sha256_shutdown();
   };
 
   auto query_random_sparse_set_stores = [&](
@@ -1321,13 +1323,15 @@ TEST_CASE("StateCache concurrent access")
                                           size_t handle,
                                           const auto& error_printer) {
     std::vector<ccf::historical::StatePtr> states;
+    crypto::openssl_sha256_init();
     auto fetch_result = [&]() {
       states = cache.get_states_for(handle, seqnos);
     };
     auto check_result = [&]() { return !states.empty(); };
     REQUIRE(fetch_until_timeout(fetch_result, check_result, error_printer));
     REQUIRE(states.size() == seqnos.size());
     validate_all_states(states);
+    crypto::openssl_sha256_shutdown();
   };
 
   auto run_n_queries = [&](size_t handle) {
@@ -1585,6 +1589,7 @@ TEST_CASE("StateCache concurrent access")
 
 TEST_CASE("Recover historical ledger secrets")
 {
+  crypto::openssl_sha256_init();
   auto state = create_and_init_state();
   auto& kv_store = *state.kv_store;
 
@@ -1701,6 +1706,7 @@ TEST_CASE("Recover historical ledger secrets")
 
     validate_business_transaction(historical_state, first_seqno);
   }
+  crypto::openssl_sha256_shutdown();
 }
 
 int main(int argc, char** argv)

diff --git a/src/node/test/merkle_bench.cpp b/src/node/test/merkle_bench.cpp
@@ -219,6 +219,9 @@ PICOBENCH(serialised_size)
 int main(int argc, char* argv[])
 {
   picobench::runner runner;
+  crypto::openssl_sha256_init();
   runner.parse_cmd_line(argc, argv);
-  return runner.run();
+  auto ret = runner.run();
+  crypto::openssl_sha256_shutdown();
+  return ret;
 }
diff --git a/src/node/test/merkle_test.cpp b/src/node/test/merkle_test.cpp
@@ -3,7 +3,7 @@
 
 #include "node/history.h"
 
-#define DOCTEST_CONFIG_IMPLEMENT_WITH_MAIN
+#define DOCTEST_CONFIG_IMPLEMENT
 #include <doctest/doctest.h>
 
 crypto::Sha256Hash rand_hash()
@@ -178,3 +178,13 @@ TEST_CASE("First root")
     REQUIRE(tree.get_leaf(0) == single_root);
   }
 }
+
+int main(int argc, char** argv)
+{
+  crypto::openssl_sha256_init();
+  doctest::Context context;
+  context.applyCommandLine(argc, argv);
+  int res = context.run();
+  crypto::openssl_sha256_shutdown();
+  return res;
+}
diff --git a/src/node/test/receipt.cpp b/src/node/test/receipt.cpp
@@ -5,6 +5,7 @@
 
 #include "ccf/crypto/key_pair.h"
 #include "ccf/service/tables/nodes.h"
+#include "crypto/openssl/hash.h"
 #include "ds/x509_time_fmt.h"
 
 #include <doctest/doctest.h>
@@ -168,6 +169,7 @@ TEST_CASE("JSON parsing" * doctest::test_suite("receipt"))
 
 TEST_CASE("JSON roundtrip" * doctest::test_suite("receipt"))
 {
+  crypto::openssl_sha256_init();
   {
     std::shared_ptr<ccf::Receipt> r = nullptr;
     nlohmann::json j;
@@ -192,4 +194,5 @@ TEST_CASE("JSON roundtrip" * doctest::test_suite("receipt"))
       compare_receipts(p_receipt, parsed);
     }
   }
+  crypto::openssl_sha256_shutdown();
 }