JDK-8133781 : TLShandshake causes high cpu usage in BigInteger.montReduce
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 7u51
  • Priority: P3
  • Status: Closed
  • Resolution: Not an Issue
  • Submitted: 2015-08-18
  • Updated: 2019-02-22
  • Resolved: 2019-02-22
Related Reports
Relates :  
JDK-8130150 - Implement BigInteger.montgomeryMultiply intrinsic
Relates :  
JDK-8081778 - Use Intel x64 CPU instructions for RSA acceleration
Description
High CPU utilization for RSA handshakes. JFR stack capture stats : 

Stack Trace	Sample Count	Percentage(%)
java.math.BigInteger.montReduce(int[], int[], int, int)	498	7.366
java.math.BigInteger.oddModPow(BigInteger, BigInteger)	498	7.366
java.math.BigInteger.modPow(BigInteger, BigInteger)	498	7.366
sun.security.rsa.RSACore.crtCrypt(byte[], RSAPrivateCrtKey)	491	7.262
sun.security.rsa.RSACore.rsa(byte[], RSAPrivateKey)	491	7.262
com.sun.crypto.provider.RSACipher.doFinal()	473	6.996
com.sun.crypto.provider.RSACipher.engineUnwrap(byte[], String, int)	459	6.789
javax.crypto.Cipher.unwrap(byte[], String, int)	459	6.789
sun.security.ssl.RSAClientKeyExchange.<init>(ProtocolVersion, ProtocolVersion, SecureRandom, HandshakeInStream, int, PrivateKey)	459	6.789
sun.security.ssl.ServerHandshaker.processMessage(byte, int)	459	6.789
sun.security.ssl.Handshaker.processLoop()	459	6.789
sun.security.ssl.Handshaker$1.run()	459	6.789
sun.security.ssl.Handshaker$1.run()	459	6.789
java.security.AccessController.doPrivileged(PrivilegedExceptionAction, AccessControlContext)	459	6.789
sun.security.ssl.Handshaker$DelegatedTask.run()	459	6.789
weblogic.socket.JSSEFilterImpl.doTasks()	459	6.789
weblogic.socket.JSSEFilterImpl.doHandshake(ByteBuffer, MuxableSocket, boolean)	459	6.789
Comments
Changes made in 7u131 mean that this should no longer be a problem. Performance was improved in the montgomery square and montgomery multiply code (via hotspot intrinsics) See JDK-8154945
22-02-2019
JDK-8130150 BigInteger.montgomeryMultiply intrinsics enhancement will also help in this area
15-02-2016
java.math.BigInteger.montReduce(int[], int[], int, int) 498 7.366 java.math.BigInteger.oddModPow(BigInteger, BigInteger) 498 7.366 java.math.BigInteger.modPow(BigInteger, BigInteger) 498 7.366 sun.security.rsa.RSACore.crtCrypt(byte[], RSAPrivateCrtKey) 491 7.262 sun.security.rsa.RSACore.rsa(byte[], RSAPrivateKey) 491 7.262 Such a call stack is common for TLS servers busy handling TLS connections associated with RSA certificates. Recent trends have been for increased RSA key lengths to be used when issuing RSA certificates. 2048 bit certs are more common now. This places extra load on CPUs. The JDK-8081778 intrinsics enhancement optimizes instructions at the hotspot compiler level in some of the BigInteger calculations which are heavily used in TLS. Interesting blog on the subject can be found here : https://certsimple.com/blog/measuring-ssl-rsa-keys
15-02-2016
Closing this issue. No updates were received from submitter. We'll look at backporting the JDK 9 JEP enhancement to the JDK 8 Updates release in any case (JDK-8081778)
14-12-2015
One suggestion is to backport JDK-8081778 : "Use Intel x64 CPU instructions for RSA acceleration"
18-08-2015