Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8049244

XML Signature performance issue caused by unbuffered signature data

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P3
    • 9
    • 8, 9
    • security-libs

    Backports

      Description

        Serious performance issue, bug was initially filed against Apache Santuario.
        From https://issues.apache.org/jira/browse/SANTUARIO-393 :

        After upgrading from xmlsec (java) 1.4 to 1.5 we saw a significant drop
        in signature generation performance especially when using a network
        based HSM.

        After some investigation it turns out that the problem is that the
        hashing is done with one byte at a time which with network latencies
        gives the bad performance.

        Looking in the code of DOMSignedInfo.java it looks like the code intends
        to use an UnsyncBufferedOutputStream however only its close method is
        actually called, which as far as I can see won't have any side affect at
        all when operated on a ByteArrayOutputStream.

        The attached patch resolves the performance issue by actually using the
        UnsyncBufferedOutputStream and that way perform the digests on a
        possibly full buffer instead of byte by byte. The patch has been tested
        on version 1.5.5 but also applies on 1.5.6.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8050000 XML Signature performance issue caused by unbuffered signature data

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8063742 XML Signature performance issue caused by unbuffered signature data

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8070193 XML Signature performance issue caused by unbuffered signature data

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8175440 XML Signature performance issue caused by unbuffered signature data

            • P3 - Major loss of function.
            • Resolved

            Activity

              People

                mullan Sean Mullan
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: