com.sun.crypto.provider.GHASH performance fix

Florian Weimer fweimer at
Thu Jan 15 20:26:38 UTC 2015

On 01/15/2015 08:31 PM, Michael StJohns wrote:
> Just for curiosity, what was the improvement in performance?

Tim Whittington posted independent benchmark numbers here:


He could reproduce the 10x improvement quoted in the bug and the 
original submission.

> I'm wondering if it might be worthwhile to see if its possible to add a plugin to use the hardware instructions:

Yes, they are going to help quite a bit as well.  The other thing we 
need to fix for TLS is that AES-GCM is a garbage collector stress test. 
  Last time I looked, for each transferred byte, there were four bytes 
allocated on the heap.

Florian Weimer / Red Hat Product Security

More information about the security-dev mailing list