RFR: 8270317: Large Allocation in CipherSuite [v3]

Clive Verghese cverghese at openjdk.java.net
Thu Jul 22 18:37:53 UTC 2021 

> ### Benchmark results 
> 
> I have benchmarked 3 cases.
> 
> 1. The current situation. 
> 
> Benchmark                                                        (cipherSuite)  Mode  Cnt    Score   Error  Units
> CipherSuiteBench.benchmarkCipherSuite                   TLS_AES_256_GCM_SHA384  avgt   25  124.783 ? 2.050  ns/op
> CipherSuiteBench.benchmarkCipherSuite  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  avgt   25  125.403 ? 0.554  ns/op
> CipherSuiteBench.benchmarkCipherSuite      TLS_DHE_DSS_WITH_AES_128_CBC_SHA256  avgt   25  127.117 ? 0.789  ns/op
> CipherSuiteBench.benchmarkCipherSuite         TLS_DHE_RSA_WITH_AES_256_CBC_SHA  avgt   25  127.869 ? 1.112  ns/op
> 
> 
> 2. Use `static final array` instead of calling `CipherSuite.values` each time. 
> 
> Benchmark                                                        (cipherSuite)  Mode  Cnt   Score   Error  Units
> CipherSuiteBench.benchmarkCipherSuite                   TLS_AES_256_GCM_SHA384  avgt   25  10.146 ? 0.252  ns/op
> CipherSuiteBench.benchmarkCipherSuite  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  avgt   25  30.501 ? 0.207  ns/op
> CipherSuiteBench.benchmarkCipherSuite      TLS_DHE_DSS_WITH_AES_128_CBC_SHA256  avgt   25  47.375 ? 0.150  ns/op
> CipherSuiteBench.benchmarkCipherSuite         TLS_DHE_RSA_WITH_AES_256_CBC_SHA  avgt   25  55.887 ? 3.786  ns/op
> 
> 
> 3. Using Hashmap for lookup instead of iterating through the array each time. (Method in this PR)
> 
> Benchmark                                                        (cipherSuite)  Mode  Cnt   Score   Error  Units
> CipherSuiteBench.benchmarkCipherSuite                   TLS_AES_256_GCM_SHA384  avgt   25  13.533 ? 0.148  ns/op
> CipherSuiteBench.benchmarkCipherSuite  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  avgt   25  11.269 ? 0.147  ns/op
> CipherSuiteBench.benchmarkCipherSuite      TLS_DHE_DSS_WITH_AES_128_CBC_SHA256  avgt   25  11.507 ? 0.107  ns/op
> CipherSuiteBench.benchmarkCipherSuite         TLS_DHE_RSA_WITH_AES_256_CBC_SHA  avgt   25  10.932 ? 0.146  ns/op
> 
> 
> I have picked 4 cipher suite from the start of the list and are roughly 10 positions apart. I have opted to go with HashMap for name and id lookup as they provide a more consistent times and benchmarks are similar for the first few cipher suits in the enum as well.

Clive Verghese has updated the pull request incrementally with one additional commit since the last revision:

  Add allowed and default lists

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/4783/files
  - new: https://git.openjdk.java.net/jdk/pull/4783/files/aec4f54c..c0a21c5d

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=4783&range=02
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=4783&range=01-02

  Stats: 57 lines in 1 file changed: 12 ins; 26 del; 19 mod
  Patch: https://git.openjdk.java.net/jdk/pull/4783.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/4783/head:pull/4783

PR: https://git.openjdk.java.net/jdk/pull/4783

More information about the security-dev mailing list