Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Load cert related files in binary mode on Windows #818

Closed
wants to merge 1 commit into from
+48 −0
Closed

Load cert related files in binary mode on Windows #818

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions configs/components/openssl-3.0.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,9 @@
# Remove this in 3.0.14 or later
pkg.apply_patch 'resources/patches/openssl/openssl-3.0.13-crypto-providers.patch'

# Remove this once openssl no longer calls "setvbuf((FILE *)ptr, NULL, _IONBF, 0)"
pkg.apply_patch 'resources/patches/openssl/openssl-3.0-windows-textmode-perf.patch'

target = platform.architecture == 'x64' ? 'mingw64' : 'mingw'
# elsif platform.is_cross_compiled_linux?
# pkg.environment 'PATH', "/opt/pl-build-tools/bin:$(PATH)"
Expand Down
45 changes: 45 additions & 0 deletions resources/patches/openssl/openssl-3.0-windows-textmode-perf.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
commit bb409da3f379b7d23c3e95e83fb07997cebb0309
Author: Josh Cooper <[email protected]>
Date: Fri Apr 5 11:06:44 2024 -0700

Load cert related files in binary mode on Windows

There's a bug in Windows UCRT when using ftell and text mode. OpenSSL
works around it by disabling all file buffering when using text mode:

crypto/bio/bss_file.c: setvbuf((FILE *)ptr, NULL, _IONBF, 0);

This results in 116k calls to ReadFile on Windows, each of which reads
2 bytes.

For now, open files in binary mode. One non-Windows, this is a noop,
since binary and text mode are the same. On Windows, it results in a 10%
faster load time when running `puppet help`:

Before:

PS C:\Program Files\Puppet Labs\Puppet\puppet\bin> Measure-Command { cmd /c puppet help }
...
TotalMilliseconds : 2734.6002

After:

PS C:\Program Files\Puppet Labs\Puppet\puppet\bin> Measure-Command { cmd /c puppet help }
...
TotalMilliseconds : 2520.6233

The one downside is `cert.pem` and `crl.pem` must contain `\n` line endings.

diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 37d73ca84c..67a0074b6b 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -223,7 +223,7 @@ int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type,

if (type != X509_FILETYPE_PEM)
return X509_load_cert_file_ex(ctx, file, type, libctx, propq);
- in = BIO_new_file(file, "r");
+ in = BIO_new_file(file, "rb");
if (!in) {
ERR_raise(ERR_LIB_X509, ERR_R_SYS_LIB);
return 0;
Loading