AES GCM slow

Florian Weimer fweimer at
Mon Aug 18 15:07:04 UTC 2014

On 01/27/2014 05:46 PM, Michael StJohns wrote:
> GCM uses a GF2 multiply as part of the integrity calculation.  That
> operation is pretty expensive.  My guess is that if the code was
> profiled, you'd find a lot of time being spent in
> com.sun.crypto.provider.GHASH.

I ran into this and posted a fix: 

The AES-GCM implementation still conses a lot in unrelated parts of the 
code, but that's a separate fix.

Florian Weimer / Red Hat Product Security

More information about the security-dev mailing list