From e627caec84c169c99c04e0d355c29b806a0266ed Mon Sep 17 00:00:00 2001 From: Clive Verghese Date: Sat, 24 Jul 2021 10:14:53 +0000 Subject: [PATCH] 8270317: Large Allocation in CipherSuite Reviewed-by: xuelei, simonis --- .../classes/sun/security/ssl/CipherSuite.java | 108 ++++++++---------- .../bench/java/security/CipherSuiteBench.java | 58 ++++++++++ 2 files changed, 106 insertions(+), 60 deletions(-) create mode 100644 test/micro/org/openjdk/bench/java/security/CipherSuiteBench.java diff --git a/src/java.base/share/classes/sun/security/ssl/CipherSuite.java b/src/java.base/share/classes/sun/security/ssl/CipherSuite.java index 95246513a30..8500ae7e188 100644 --- a/src/java.base/share/classes/sun/security/ssl/CipherSuite.java +++ b/src/java.base/share/classes/sun/security/ssl/CipherSuite.java @@ -25,12 +25,8 @@ package sun.security.ssl; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.LinkedList; -import java.util.List; +import java.util.*; + import static sun.security.ssl.CipherSuite.HashAlg.*; import static sun.security.ssl.CipherSuite.KeyExchange.*; import static sun.security.ssl.CipherSuite.MacAlg.*; @@ -857,6 +853,39 @@ enum CipherSuite { final boolean exportable; + private static final Map cipherSuiteIds; + private static final Map cipherSuiteNames; + private static final List allowedCipherSuites; + private static final List defaultCipherSuites; + + static { + Map ids = new HashMap<>(); + Map names = new HashMap<>(); + List allowedCS = new ArrayList<>(); + List defaultCS = new ArrayList<>(); + + for(CipherSuite cs : CipherSuite.values()) { + ids.put(cs.id, cs); + names.put(cs.name, cs); + for (String alias : cs.aliases) { + names.put(alias, cs); + } + + if (!cs.supportedProtocols.isEmpty()) { + allowedCS.add(cs); + } + + if (cs.isDefaultEnabled) { + defaultCS.add(cs); + } + } + + cipherSuiteIds = Map.copyOf(ids); + cipherSuiteNames = Map.copyOf(names); + allowedCipherSuites = List.copyOf(allowedCS); + defaultCipherSuites = List.copyOf(defaultCS); + } + // known but unsupported cipher suite private CipherSuite(String name, int id) { this(id, false, name, "", @@ -894,62 +923,29 @@ enum CipherSuite { } static CipherSuite nameOf(String ciperSuiteName) { - for (CipherSuite cs : CipherSuite.values()) { - if (cs.name.equals(ciperSuiteName) || - cs.aliases.contains(ciperSuiteName)) { - return cs; - } - } - - return null; + return cipherSuiteNames.get(ciperSuiteName); } static CipherSuite valueOf(int id) { - for (CipherSuite cs : CipherSuite.values()) { - if (cs.id == id) { - return cs; - } - } - - return null; + return cipherSuiteIds.get(id); } static String nameOf(int id) { - for (CipherSuite cs : CipherSuite.values()) { - if (cs.id == id) { - return cs.name; - } + CipherSuite cs = cipherSuiteIds.get(id); + + if (cs != null) { + return cs.name; } return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")"; } static Collection allowedCipherSuites() { - Collection cipherSuites = new LinkedList<>(); - for (CipherSuite cs : CipherSuite.values()) { - if (!cs.supportedProtocols.isEmpty()) { - cipherSuites.add(cs); - } else { - // values() is ordered, remaining cipher suites are - // not supported. - break; - } - } - return cipherSuites; + return allowedCipherSuites; } static Collection defaultCipherSuites() { - Collection cipherSuites = new LinkedList<>(); - for (CipherSuite cs : CipherSuite.values()) { - if (cs.isDefaultEnabled) { - cipherSuites.add(cs); - } else { - // values() is ordered, remaining cipher suites are - // not enabled. - break; - } - } - return cipherSuites; + return defaultCipherSuites; } /** @@ -972,19 +968,11 @@ enum CipherSuite { } boolean found = false; - for (CipherSuite cs : CipherSuite.values()) { - if (!cs.supportedProtocols.isEmpty()) { - if (cs.name.equals(name) || - cs.aliases.contains(name)) { - cipherSuites.add(cs); - found = true; - break; - } - } else { - // values() is ordered, remaining cipher suites are - // not supported. - break; - } + CipherSuite cs; + if ((cs = cipherSuiteNames.get(name)) != null + && !cs.supportedProtocols.isEmpty()) { + cipherSuites.add(cs); + found = true; } if (!found) { throw new IllegalArgumentException( diff --git a/test/micro/org/openjdk/bench/java/security/CipherSuiteBench.java b/test/micro/org/openjdk/bench/java/security/CipherSuiteBench.java new file mode 100644 index 00000000000..8703e85fef0 --- /dev/null +++ b/test/micro/org/openjdk/bench/java/security/CipherSuiteBench.java @@ -0,0 +1,58 @@ +/* + * Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + * + */ +package org.openjdk.bench.java.security; + +import org.openjdk.jmh.annotations.*; + +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.concurrent.TimeUnit; + + +@Fork(jvmArgsAppend = {"--add-exports", "java.base/sun.security.ssl=ALL-UNNAMED", "--add-opens", "java.base/sun.security.ssl=ALL-UNNAMED"}) +@State(Scope.Benchmark) +@OutputTimeUnit(TimeUnit.MICROSECONDS) +@BenchmarkMode(Mode.Throughput) +public class CipherSuiteBench { + + Method nameOf; + + @Param({"TLS_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }) + String cipherSuite; + + @Setup + public void initilizeClass() throws ClassNotFoundException, NoSuchMethodException { + Class cs = Class.forName("sun.security.ssl.CipherSuite"); + nameOf = cs.getDeclaredMethod("nameOf", String.class); + nameOf.setAccessible(true); + } + + @Benchmark + public Object benchmarkCipherSuite() throws InvocationTargetException, IllegalAccessException { + return nameOf.invoke(null,cipherSuite); + } +}