Lots of allocations in CipherCore
Sebastian Stenzel
sebastian.stenzel at gmail.com
Tue Jan 25 20:06:16 UTC 2022
Hi all,
while playing around with JFR today, I stumbled upon a piece of code that causes a thousands of byte[] allocations. In fact it is responsible for 90% of the memory allocations in my application and causes GC to run without pause during decryption of large files.
The line in question can be found here [1]. The behaviour can be triggered with a simple AES-CTR cipher as in this minimal example [2].
As you can see, the comments in [1] even say that this byte[] _should_ only be allocated if there is insufficient space in the provided output buffer. However some kind of conditional statement is missing.
There used to be a `if (getMode() != GCM_MODE || outputCapacity < estOutSize)`, before GCM has been decoupled from CipherCore. But this line seems wrong to me either.
I guess this should be fixed, as I'm probably not the only one affected by those allocations. I'd be volunteering, unless the behaviour is intended.
Cheers!
Sebastian
[1] https://github.com/openjdk/jdk/blob/76fe03fe01a7c824e2e9263de95b8bcbb4b9d752/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java#L815-L818 <https://github.com/openjdk/jdk/blob/76fe03fe01a7c824e2e9263de95b8bcbb4b9d752/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java#L815-L818>
[2] https://gist.github.com/overheadhunter/f3969950c0fdbaecaa77c857b2246cc5 <https://gist.github.com/overheadhunter/f3969950c0fdbaecaa77c857b2246cc5>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20220125/f9f0ba7f/attachment.htm>
More information about the security-dev
mailing list