RFR: 8344144: AES/CBC slow at big payloads [v2]
Artur Barashev
abarashev at openjdk.org
Fri Nov 15 17:04:50 UTC 2024
On Fri, 15 Nov 2024 16:55:37 GMT, Volodymyr Paprotski <vpaprotski at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/CipherBlockChaining.java line 63:
>>
>>> 61:
>>> 62: // chunkSize is multiple of block size, but otherwise fairly arbitrary
>>> 63: // Should be large enough to provide intrinsic with optimization
>>
>> Typo: `Should be small enough`
>
> I believe the original wording is correct: the more payload the intrinsic gets the better (eg. the intrinsic parallelizes decryption, at the cost of some initial setup. More payload amortizes the setup cost). But cannot be so large that the intrinsic locks up the VM (preventing GC), encrypting gigabytes.
But it takes a few calls before hotspot switches to the intrinsic, so it can't be too large. I think we should include this logic explanation (the intrinsic parallelizes decryption) in the comment to make it clear what we are doing here.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22086#discussion_r1844182735
More information about the security-dev
mailing list