On Wed, 16 Nov 2022 17:38:19 GMT, Mark Powers <[email protected]> wrote:
>> I would like a review of an update to the GCM code. A recent report showed
>> that GCM memory usage for TLS was very large. This was a result of in-place
>> buffers, which TLS uses, and how the code handled the combined intrinsic
>> method during decryption. A temporary buffer was used because the combined
>> intrinsic does gctr before ghash which results in a bad tag. The fix is to
>> not use the combined intrinsic during in-place decryption and depend on the
>> individual GHASH and CounterMode intrinsics. Direct ByteBuffers are not
>> affected as they are not used by the intrinsics directly.
>>
>> The reduction in the memory usage boosted performance back to where it was
>> before despite using slower intrinsics (gctr & ghash individually). The
>> extra memory allocation for the temporary buffer out-weighted the faster
>> intrinsic.
>>
>>
>> JDK 17: 122913.554 ops/sec
>> JDK 19: 94885.008 ops/sec
>> Post fix: 122735.804 ops/sec
>>
>> There is no regression test because this is a memory change and test
>> coverage already existing.
>
> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
> line 764:
>
>> 762: byte[] array;
>> 763: if (encryption) {
>> 764: array = dst.array();
>
> You could factor out lines 764 and 770 by changing line 762 to
> `byte[] array = encryption ? dst.array() : src.array();`
That was intentional since 763 checks the encryption boolean, I can define
'array' in that condition instead of having two conditions for the same thing
-------------
PR: https://git.openjdk.org/jdk/pull/11121
