AES GCM slow

Florian Weimer fweimer at redhat.com
Mon Aug 18 15:07:04 UTC 2014


On 01/27/2014 05:46 PM, Michael StJohns wrote:
> GCM uses a GF2 multiply as part of the integrity calculation.  That
> operation is pretty expensive.  My guess is that if the code was
> profiled, you'd find a lot of time being spent in
> com.sun.crypto.provider.GHASH.

I ran into this and posted a fix: 
<http://mail.openjdk.java.net/pipermail/security-dev/2014-August/011009.html>

The AES-GCM implementation still conses a lot in unrelated parts of the 
code, but that's a separate fix.

-- 
Florian Weimer / Red Hat Product Security


More information about the security-dev mailing list