JDK-8226543 : Reduce GC pressure during message digest calculations in password-based encryption
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 8,11,13,14
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2019-06-21
  • Updated: 2022-06-27
  • Resolved: 2019-06-26
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 14 JDK 8 Other
11.0.5-oracleFixed 13.0.1Fixed 14 b03Fixed 8u221Fixed openjdk8u232Fixed
Description
In PBES1Core.deriveCipherKey() there are loops that look like following:

            for (int i = 0; i < iCount; i++) {
                md.update(toBeHashed);
                toBeHashed = md.digest(); // this resets the digest
            }
Calling md.digest() each time allocates a new byte[] array.
It would be more GC friendly, if the same array were reused.
Comments
Fix Request (8u, 11u) Resolves the performance trouble and matches codebases (I see 11.0.5-oracle and 8u231). Patch applies cleanly to 11u and with reshuffling to 8u. Passes jdk_security and tier1 tests.
26-07-2019
Fix Request for JDK 13u - Justification: Reducing GC pressure in this area helps avoid creating copies of objects with sensitive information. - Risk Analysis: Low risk, no changes in behavior - Webrev : http://cr.openjdk.java.net/~igerasim/8226543/00/webrev/ Apply cleanly on 13u forest, Mach5: tier1, 2, 3, 4 - all green
26-06-2019
URL: http://hg.openjdk.java.net/jdk/jdk/rev/159edfcbc2ce User: igerasim Date: 2019-06-26 00:28:12 +0000
26-06-2019