RFR: Remove map synchronization from SignatureAndHashAlgorithm

Steven Davidovitz steved at squareup.com
Wed Apr 26 17:52:48 UTC 2017


Thanks! I'm working on the OCA right now, I made a mistake when I submitted
it before so I'll follow up when it's done.

Anything else I need to do? Could this also be backported to version 8?

On Tue, Apr 25, 2017 at 7:05 AM, Sean Mullan <sean.mullan at oracle.com> wrote:

> Hi Steven,
>
> Thanks, I filed an issue on your behalf for tracking purposes:
> https://bugs.openjdk.java.net/browse/JDK-8179275
>
> Also, have you signed the OCA? See http://www.oracle.com/technetw
> ork/community/oca-486395.html for more information.
>
> --Sean
>
>
> On 4/15/17 3:25 PM, Steven Davidovitz wrote:
>
>> With the removal of the synchronization on priorityMap inside
>> 'SignatureAndHashAlgorithm.getSupportedAlgorithms' in rev daaace32c979
>> [1], it seems unnecessary to use a synchronizedSortedMap.
>> Benchmarking, I see a 2x performance increase by using the bare
>> TreeMap.
>>
>> measureModified   sample  11336330 11949.506 ± 1775.776  ns/op
>> measureOriginal    sample  10855026 23003.654 ± 2286.571  ns/op
>>
>> Thanks,
>> Steven Davidovitz
>>
>> 1: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/daaace32c979
>>
>> diff --git a/src/java.base/share/classes/sun/security/ssl/SignatureAndH
>> ashAlgorithm.java
>> b/src/java.base/share/classes/sun/security/ssl/SignatureAndH
>> ashAlgorithm.java
>> --- a/src/java.base/share/classes/sun/security/ssl/SignatureAndH
>> ashAlgorithm.java
>> +++ b/src/java.base/share/classes/sun/security/ssl/SignatureAndH
>> ashAlgorithm.java
>> @@ -396,46 +396,42 @@
>>      }
>>
>>      static {
>> -        supportedMap = Collections.synchronizedSortedMap(
>> -            new TreeMap<Integer, SignatureAndHashAlgorithm>());
>> -        priorityMap = Collections.synchronizedSortedMap(
>> -            new TreeMap<Integer, SignatureAndHashAlgorithm>());
>> -
>> -        synchronized (supportedMap) {
>> -            int p = SUPPORTED_ALG_PRIORITY_MAX_NUM;
>> -            supports(HashAlgorithm.MD5,         SignatureAlgorithm.RSA,
>> -                    "MD5withRSA",           --p);
>> -            supports(HashAlgorithm.SHA1,        SignatureAlgorithm.DSA,
>> -                    "SHA1withDSA",          --p);
>> -            supports(HashAlgorithm.SHA1,        SignatureAlgorithm.RSA,
>> -                    "SHA1withRSA",          --p);
>> -            supports(HashAlgorithm.SHA1,        SignatureAlgorithm.ECDSA,
>> -                    "SHA1withECDSA",        --p);
>> +        supportedMap = new TreeMap<Integer, SignatureAndHashAlgorithm>();
>> +        priorityMap = new TreeMap<Integer, SignatureAndHashAlgorithm>();
>>
>> -            if (Security.getProvider("SunMSCAPI") == null) {
>> -                supports(HashAlgorithm.SHA224,
>> SignatureAlgorithm.DSA,
>> -                        "SHA224withDSA",        --p);
>> -                supports(HashAlgorithm.SHA224,
>> SignatureAlgorithm.RSA,
>> -                        "SHA224withRSA",        --p);
>> -                supports(HashAlgorithm.SHA224,
>> SignatureAlgorithm.ECDSA,
>> -                        "SHA224withECDSA",      --p);
>> -            }
>> +        int p = SUPPORTED_ALG_PRIORITY_MAX_NUM;
>> +        supports(HashAlgorithm.MD5,         SignatureAlgorithm.RSA,
>> +                "MD5withRSA",           --p);
>> +        supports(HashAlgorithm.SHA1,        SignatureAlgorithm.DSA,
>> +                "SHA1withDSA",          --p);
>> +        supports(HashAlgorithm.SHA1,        SignatureAlgorithm.RSA,
>> +                "SHA1withRSA",          --p);
>> +        supports(HashAlgorithm.SHA1,        SignatureAlgorithm.ECDSA,
>> +                "SHA1withECDSA",        --p);
>>
>> -            supports(HashAlgorithm.SHA256,      SignatureAlgorithm.DSA,
>> -                    "SHA256withDSA",        --p);
>> -            supports(HashAlgorithm.SHA256,      SignatureAlgorithm.RSA,
>> -                    "SHA256withRSA",        --p);
>> -            supports(HashAlgorithm.SHA256,
>> SignatureAlgorithm.ECDSA,
>> -                    "SHA256withECDSA",      --p);
>> -            supports(HashAlgorithm.SHA384,      SignatureAlgorithm.RSA,
>> -                    "SHA384withRSA",        --p);
>> -            supports(HashAlgorithm.SHA384,
>> SignatureAlgorithm.ECDSA,
>> -                    "SHA384withECDSA",      --p);
>> -            supports(HashAlgorithm.SHA512,      SignatureAlgorithm.RSA,
>> -                    "SHA512withRSA",        --p);
>> -            supports(HashAlgorithm.SHA512,
>> SignatureAlgorithm.ECDSA,
>> -                    "SHA512withECDSA",      --p);
>> +        if (Security.getProvider("SunMSCAPI") == null) {
>> +            supports(HashAlgorithm.SHA224,      SignatureAlgorithm.DSA,
>> +                    "SHA224withDSA",        --p);
>> +            supports(HashAlgorithm.SHA224,      SignatureAlgorithm.RSA,
>> +                    "SHA224withRSA",        --p);
>> +            supports(HashAlgorithm.SHA224,
>> SignatureAlgorithm.ECDSA,
>> +                    "SHA224withECDSA",      --p);
>>          }
>> +
>> +        supports(HashAlgorithm.SHA256,      SignatureAlgorithm.DSA,
>> +                "SHA256withDSA",        --p);
>> +        supports(HashAlgorithm.SHA256,      SignatureAlgorithm.RSA,
>> +                "SHA256withRSA",        --p);
>> +        supports(HashAlgorithm.SHA256,      SignatureAlgorithm.ECDSA,
>> +                "SHA256withECDSA",      --p);
>> +        supports(HashAlgorithm.SHA384,      SignatureAlgorithm.RSA,
>> +                "SHA384withRSA",        --p);
>> +        supports(HashAlgorithm.SHA384,      SignatureAlgorithm.ECDSA,
>> +                "SHA384withECDSA",      --p);
>> +        supports(HashAlgorithm.SHA512,      SignatureAlgorithm.RSA,
>> +                "SHA512withRSA",        --p);
>> +        supports(HashAlgorithm.SHA512,      SignatureAlgorithm.ECDSA,
>> +                "SHA512withECDSA",      --p);
>>      }
>>  }
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20170426/851f6c56/attachment.html>


More information about the security-dev mailing list