RFR: 8132330: Ineffective SecureRandom usage in RSA encoding with PKCS1Padding

Sergey Kuksenko sergey.kuksenko at oracle.com
Wed Aug 5 12:09:15 UTC 2015

Hi All,

Please review changes to the following performance improvement:


Webrev: http://cr.openjdk.java.net/~skuksenko/crypto/8132330/webrev.02/

Sponsorship is required.

Currently sun.security.rsa.RSAPadding::padV15 uses fixed size (64 bytes) 
buffer for obtaining random bytes from SecureRandom.
Here we got two sources of inefficiency:
- when length of required padding is greater than 64 -> several calls of 
SecureRandom.nextBytes are required that increases contention blocking 
on SecureRandom
- when length of required padding is less than 64 it causes unnecessary 
overhead (e.g. nextBytes for 16 bytes is 4x times faster than for 64 bytes)

Suggested performance improvement shows RSA encoding (public key) speedup:
- 10%-18% when NativePRNG SecureRandom is used,
- 5%-7% when SHA1PRNG is used.

Best regards,
Sergey Kuksenko

More information about the security-dev mailing list