md5_mb (multibuffer) using isa-l_crypto #6037
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
liranmauda
approved these changes
May 27, 2020
| @@ -0,0 +1,34 @@ | |||
| FROM centos:8 | |||
There was a problem hiding this comment.
- What is the use case for this Docker file?
- Can we add an entry in the Makefile?
- We can Update the https://github.com/noobaa/noobaa-core/wiki/Building-and-Testing
There was a problem hiding this comment.
I am ignoring this for now. Will get back to it later.
guymguym
force-pushed
the
guy-md5
branch
2 times, most recently
from
13923c0
to
6baa16a
Compare
guymguym
changed the title
liranmauda
reviewed
Jun 3, 2020
|
Don't forget in object_server |
@nimrod-becker no need anymore, monkey-patching works for that as well. |
nimrod-becker
approved these changes
Jun 3, 2020
TypeError: Cannot read property 'unwrap' of undefined Co-Authored-By: liranmauda <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Explain the changes
All mains now import
src/util/fipsmodule on startup which auto detects if running in fips mode based on/proc/crypto/fips. This can also be forced using the FIPS=1 env.In fips mode in order to allow md5 for non cryptographic use cases needed for the S3 protocol, we use md5_mb from isa-l_crypto. Since crypto.createHash is called from our code and also node modules, we monkey-patch the crypto library and replace the createHash('md5'), and also use it natively in the upload pipeline (ChunkSplitter).
NOTE: Using md5_mb with a single stream provides lower performance compared to openssl MD5. See this issue on single buffer performance - intel/isa-l_crypto#45. We try to leverage the multibuffer capability by sharing a thread_local ctx mgr and deferring the flushing of contexes so that if multiple streams are processed concurrently it will be flushed together. The single CPU core performance gain can be very significant - see the performance report here - https://github.com/intel/isa-l/wiki/Documentation.
Issues: Fixed #xxx / Gap #xxx
Testing Instructions: