com.sun.crypto.provider.GHASH performance fix

Florian Weimer fweimer at redhat.com
Thu Jan 15 20:26:38 UTC 2015


On 01/15/2015 08:31 PM, Michael StJohns wrote:
> Just for curiosity, what was the improvement in performance?

Tim Whittington posted independent benchmark numbers here:

<http://mail.openjdk.java.net/pipermail/security-dev/2014-November/011458.html>

He could reproduce the 10x improvement quoted in the bug and the 
original submission.

> I'm wondering if it might be worthwhile to see if its possible to add a plugin to use the hardware instructions:
>
> http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/communications-ia-galois-counter-mode-paper.pdf

Yes, they are going to help quite a bit as well.  The other thing we 
need to fix for TLS is that AES-GCM is a garbage collector stress test. 
  Last time I looked, for each transferred byte, there were four bytes 
allocated on the heap.


-- 
Florian Weimer / Red Hat Product Security


More information about the security-dev mailing list