RFR: 8261433: Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit
Valerie Peng
valeriep at openjdk.org
Mon Mar 25 20:45:22 UTC 2024
On Mon, 25 Mar 2024 10:55:35 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> Does this PR actually improve the performance of AES/GCM? I'm asking because NSS documentation states that the newer NSS versions actually support both forms of the parameters, so I'd expect no performance penalty for using the old version. Is this on some other provider?
Yes, IIRC, the performance improvement is meant for non-NSS providers which only accepts the normative version. For these providers, the first call would fail due to invalid parameters, thus requiring 2 calls. This is due to earlier NSS impl would crash when given normative version. Thus the ordering of trying non-normative version before normative version.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/18425#issuecomment-2018878840
More information about the security-dev
mailing list