Integrated: 8296507: GCM using more memory than necessary with in-place operations

Anthony Scarpino ascarpino at
Tue Dec 6 21:40:15 UTC 2022

On Sun, 13 Nov 2022 02:54:10 GMT, Anthony Scarpino <ascarpino at> wrote:

> I would like a review of an update to the GCM code.  A recent report showed that GCM memory usage for TLS was very large.  This was a result of in-place buffers, which TLS uses, and how the code handled the combined intrinsic method during decryption.  A temporary buffer was used because the combined intrinsic does gctr before ghash which results in a bad tag.  The fix is to not use the combined intrinsic during in-place decryption and depend on the individual GHASH and CounterMode intrinsics.  Direct ByteBuffers are not affected as they are not used by the intrinsics directly.
> The reduction in the memory usage boosted performance back to where it was before despite using slower intrinsics (gctr & ghash individually).  The extra memory allocation for the temporary buffer out-weighted the faster intrinsic.
>     JDK 17:   122913.554 ops/sec
>     JDK 19:    94885.008 ops/sec
>     Post fix: 122735.804 ops/sec 
> There is no regression test because this is a memory change and test coverage already existing.

This pull request has now been integrated.

Changeset: b4da0ee7
Author:    Anthony Scarpino <ascarpino at>
Stats:     81 lines in 1 file changed: 48 ins; 1 del; 32 mod

8296507: GCM using more memory than necessary with in-place operations

Reviewed-by: jnimeh



More information about the security-dev mailing list