On 01/27/2014 05:46 PM, Michael StJohns wrote:
GCM uses a GF2 multiply as part of the integrity calculation. That operation is pretty expensive. My guess is that if the code was profiled, you'd find a lot of time being spent in com.sun.crypto.provider.GHASH.
I ran into this and posted a fix: <http://mail.openjdk.java.net/pipermail/security-dev/2014-August/011009.html>
The AES-GCM implementation still conses a lot in unrelated parts of the code, but that's a separate fix.
-- Florian Weimer / Red Hat Product Security
