From 224bb3928de048b13a96ee0377b6d279ce84ac0a Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Tue, 27 Jan 2015 09:17:28 -0800
Subject: [PATCH] auth: optimize crypto++ key context

The cbc appears to be stateful, but the key is not.

Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit 7762f1886cab7f7b941851b0be4ec904723cb0e3)
---
 src/auth/Crypto.cc | 36 +++++++++++++++++++++++-------------
 1 file changed, 23 insertions(+), 13 deletions(-)

diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc
index b3898bfe23add..cd53fbe8cd885 100644
--- a/src/auth/Crypto.cc
+++ b/src/auth/Crypto.cc
@@ -117,21 +117,35 @@ class CryptoAES : public CryptoHandler {
 
 class CryptoAESKeyHandler : public CryptoKeyHandler {
 public:
+  CryptoPP::AES::Encryption *enc_key;
+  CryptoPP::AES::Decryption *dec_key;
+
+  CryptoAESKeyHandler()
+    : enc_key(NULL),
+      dec_key(NULL) {}
+  ~CryptoAESKeyHandler() {
+    delete enc_key;
+    delete dec_key;
+  }
+
   int init(const bufferptr& s, ostringstream& err) {
     secret = s;
+
+    enc_key = new CryptoPP::AES::Encryption(
+      (byte*)secret.c_str(), CryptoPP::AES::DEFAULT_KEYLENGTH);
+    dec_key = new CryptoPP::AES::Decryption(
+      (byte*)secret.c_str(), CryptoPP::AES::DEFAULT_KEYLENGTH);
+
     return 0;
   }
 
   void encrypt(const bufferlist& in,
 	       bufferlist& out, std::string &error) const {
-    const unsigned char *key = (const unsigned char *)secret.c_str();
-
     string ciphertext;
-    CryptoPP::AES::Encryption aesEncryption(key, CryptoPP::AES::DEFAULT_KEYLENGTH);
-    CryptoPP::CBC_Mode_ExternalCipher::Encryption cbcEncryption(
-      aesEncryption, (const byte*)CEPH_AES_IV);
     CryptoPP::StringSink *sink = new CryptoPP::StringSink(ciphertext);
-    CryptoPP::StreamTransformationFilter stfEncryptor(cbcEncryption, sink);
+    CryptoPP::CBC_Mode_ExternalCipher::Encryption cbc(
+      *enc_key, (const byte*)CEPH_AES_IV);
+    CryptoPP::StreamTransformationFilter stfEncryptor(cbc, sink);
 
     for (std::list<bufferptr>::const_iterator it = in.buffers().begin();
 	 it != in.buffers().end(); ++it) {
@@ -151,15 +165,11 @@ class CryptoAESKeyHandler : public CryptoKeyHandler {
 
   void decrypt(const bufferlist& in,
 	       bufferlist& out, std::string &error) const {
-    const unsigned char *key = (const unsigned char *)secret.c_str();
-
-    CryptoPP::AES::Decryption aesDecryption(key, CryptoPP::AES::DEFAULT_KEYLENGTH);
-    CryptoPP::CBC_Mode_ExternalCipher::Decryption cbcDecryption(
-      aesDecryption, (const byte*)CEPH_AES_IV );
-
     string decryptedtext;
     CryptoPP::StringSink *sink = new CryptoPP::StringSink(decryptedtext);
-    CryptoPP::StreamTransformationFilter stfDecryptor(cbcDecryption, sink);
+    CryptoPP::CBC_Mode_ExternalCipher::Decryption cbc(
+      *dec_key, (const byte*)CEPH_AES_IV );
+    CryptoPP::StreamTransformationFilter stfDecryptor(cbc, sink);
     for (std::list<bufferptr>::const_iterator it = in.buffers().begin();
 	 it != in.buffers().end(); ++it) {
       const unsigned char *in_buf = (const unsigned char *)it->c_str();