On Sun, 13 Nov 2022 02:54:10 GMT, Anthony Scarpino <ascarp...@openjdk.org> wrote:
> I would like a review of an update to the GCM code. A recent report showed > that GCM memory usage for TLS was very large. This was a result of in-place > buffers, which TLS uses, and how the code handled the combined intrinsic > method during decryption. A temporary buffer was used because the combined > intrinsic does gctr before ghash which results in a bad tag. The fix is to > not use the combined intrinsic during in-place decryption and depend on the > individual GHASH and CounterMode intrinsics. Direct ByteBuffers are not > affected as they are not used by the intrinsics directly. > > The reduction in the memory usage boosted performance back to where it was > before despite using slower intrinsics (gctr & ghash individually). The > extra memory allocation for the temporary buffer out-weighted the faster > intrinsic. > > > JDK 17: 122913.554 ops/sec > JDK 19: 94885.008 ops/sec > Post fix: 122735.804 ops/sec > > There is no regression test because this is a memory change and test coverage > already existing. Great point, I neglected to add benchmark coverage for the direct buffer case. I've updated my benchmark repository with a server using direct buffers: https://github.com/carterkozak/java-crypto-allocation-performance/blob/develop/java-crypto-allocation-performance/src/main/java/com/palantir/java/crypto/allocations/DirectBufferTransportLayerSecurityBenchmark.java ------------- PR: https://git.openjdk.org/jdk/pull/11121
