Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8049244

XML Signature performance issue caused by unbuffered signature data

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 8, 9
    • Fix Version/s: 9
    • Component/s: security-libs
    • Labels:

      Backports

        Description

        Serious performance issue, bug was initially filed against Apache Santuario.
        From https://issues.apache.org/jira/browse/SANTUARIO-393 :

        After upgrading from xmlsec (java) 1.4 to 1.5 we saw a significant drop
        in signature generation performance especially when using a network
        based HSM.

        After some investigation it turns out that the problem is that the
        hashing is done with one byte at a time which with network latencies
        gives the bad performance.

        Looking in the code of DOMSignedInfo.java it looks like the code intends
        to use an UnsyncBufferedOutputStream however only its close method is
        actually called, which as far as I can see won't have any side affect at
        all when operated on a ByteArrayOutputStream.

        The attached patch resolves the performance issue by actually using the
        UnsyncBufferedOutputStream and that way perform the digests on a
        possibly full buffer instead of byte by byte. The patch has been tested
        on version 1.5.5 but also applies on 1.5.6.

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              mullan Sean Mullan
              Reporter:
              mullan Sean Mullan
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: