8270317: Large Allocation in CipherSuite

Reviewed-by: xuelei, simonis
2021-07-24 10:14:53 +00:00 · 2021-07-24 10:14:53 +00:00 · e627caec84
commit e627caec84
parent 0dcfc42f23
2 changed files with 106 additions and 60 deletions
--- a/src/java.base/share/classes/sun/security/ssl/CipherSuite.java
+++ b/src/java.base/share/classes/sun/security/ssl/CipherSuite.java
@ -25,12 +25,8 @@

 package sun.security.ssl;

-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.LinkedList;
-import java.util.List;
+import java.util.*;
+
 import static sun.security.ssl.CipherSuite.HashAlg.*;
 import static sun.security.ssl.CipherSuite.KeyExchange.*;
 import static sun.security.ssl.CipherSuite.MacAlg.*;
@ -857,6 +853,39 @@ enum CipherSuite {

    final boolean exportable;

+    private static final Map<Integer, CipherSuite> cipherSuiteIds;
+    private static final Map<String, CipherSuite> cipherSuiteNames;
+    private static final List<CipherSuite> allowedCipherSuites;
+    private static final List<CipherSuite> defaultCipherSuites;
+
+    static {
+        Map<Integer, CipherSuite> ids = new HashMap<>();
+        Map<String, CipherSuite> names = new HashMap<>();
+        List<CipherSuite> allowedCS = new ArrayList<>();
+        List<CipherSuite> defaultCS = new ArrayList<>();
+
+        for(CipherSuite cs : CipherSuite.values()) {
+            ids.put(cs.id, cs);
+            names.put(cs.name, cs);
+            for (String alias : cs.aliases) {
+                names.put(alias, cs);
+            }
+
+            if (!cs.supportedProtocols.isEmpty()) {
+                allowedCS.add(cs);
+            }
+
+            if (cs.isDefaultEnabled) {
+                defaultCS.add(cs);
+            }
+        }
+
+        cipherSuiteIds = Map.copyOf(ids);
+        cipherSuiteNames = Map.copyOf(names);
+        allowedCipherSuites = List.copyOf(allowedCS);
+        defaultCipherSuites = List.copyOf(defaultCS);
+    }
+
    // known but unsupported cipher suite
    private CipherSuite(String name, int id) {
        this(id, false, name, "",
@ -894,62 +923,29 @@ enum CipherSuite {
    }

    static CipherSuite nameOf(String ciperSuiteName) {
-        for (CipherSuite cs : CipherSuite.values()) {
-            if (cs.name.equals(ciperSuiteName) ||
-                    cs.aliases.contains(ciperSuiteName)) {
-                return cs;
-            }
-        }
-
-        return null;
+        return cipherSuiteNames.get(ciperSuiteName);
    }

    static CipherSuite valueOf(int id) {
-        for (CipherSuite cs : CipherSuite.values()) {
-            if (cs.id == id) {
-                return cs;
-            }
-        }
-
-        return null;
+        return cipherSuiteIds.get(id);
    }

    static String nameOf(int id) {
-        for (CipherSuite cs : CipherSuite.values()) {
-            if (cs.id == id) {
-                return cs.name;
-            }
+        CipherSuite cs = cipherSuiteIds.get(id);
+
+        if (cs != null) {
+            return cs.name;
        }

        return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")";
    }

    static Collection<CipherSuite> allowedCipherSuites() {
-        Collection<CipherSuite> cipherSuites = new LinkedList<>();
-        for (CipherSuite cs : CipherSuite.values()) {
-            if (!cs.supportedProtocols.isEmpty()) {
-                cipherSuites.add(cs);
-            } else {
-                // values() is ordered, remaining cipher suites are
-                // not supported.
-                break;
-            }
-        }
-        return cipherSuites;
+        return allowedCipherSuites;
    }

    static Collection<CipherSuite> defaultCipherSuites() {
-        Collection<CipherSuite> cipherSuites = new LinkedList<>();
-        for (CipherSuite cs : CipherSuite.values()) {
-            if (cs.isDefaultEnabled) {
-                cipherSuites.add(cs);
-            } else {
-                // values() is ordered, remaining cipher suites are
-                // not enabled.
-                break;
-            }
-        }
-        return cipherSuites;
+        return defaultCipherSuites;
    }

    /**
@ -972,19 +968,11 @@ enum CipherSuite {
            }

            boolean found = false;
-            for (CipherSuite cs : CipherSuite.values()) {
-                if (!cs.supportedProtocols.isEmpty()) {
-                    if (cs.name.equals(name) ||
-                            cs.aliases.contains(name)) {
-                        cipherSuites.add(cs);
-                        found = true;
-                        break;
-                    }
-                } else {
-                    // values() is ordered, remaining cipher suites are
-                    // not supported.
-                    break;
-                }
+            CipherSuite cs;
+            if ((cs = cipherSuiteNames.get(name)) != null
+                    && !cs.supportedProtocols.isEmpty()) {
+                cipherSuites.add(cs);
+                found = true;
            }
            if (!found) {
                throw new IllegalArgumentException(
--- a/test/micro/org/openjdk/bench/java/security/CipherSuiteBench.java
+++ b/test/micro/org/openjdk/bench/java/security/CipherSuiteBench.java
@ -0,0 +1,58 @@
+/*
+ * Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+package org.openjdk.bench.java.security;
+
+import org.openjdk.jmh.annotations.*;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.concurrent.TimeUnit;
+
+
+@Fork(jvmArgsAppend = {"--add-exports", "java.base/sun.security.ssl=ALL-UNNAMED", "--add-opens", "java.base/sun.security.ssl=ALL-UNNAMED"})
+@State(Scope.Benchmark)
+@OutputTimeUnit(TimeUnit.MICROSECONDS)
+@BenchmarkMode(Mode.Throughput)
+public class CipherSuiteBench {
+
+    Method nameOf;
+
+    @Param({"TLS_AES_256_GCM_SHA384",
+            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+            "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
+            "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" })
+    String cipherSuite;
+
+    @Setup
+    public void initilizeClass() throws ClassNotFoundException, NoSuchMethodException {
+        Class<?> cs = Class.forName("sun.security.ssl.CipherSuite");
+        nameOf = cs.getDeclaredMethod("nameOf", String.class);
+        nameOf.setAccessible(true);
+    }
+
+    @Benchmark
+    public Object benchmarkCipherSuite() throws InvocationTargetException, IllegalAccessException {
+        return nameOf.invoke(null,cipherSuite);
+    }
+}