commit	486db2f3e9558c712c4ae394973631caedbe5256	[log] [tgz]
author	Nathan Mittler <nathanmittler@google.com>	Fri Jun 30 07:39:22 2017 -0700
committer	GitHub <noreply@github.com>	Fri Jun 30 07:39:22 2017 -0700
tree	3360eaecc624dcb15432f3c0bebc04ac0aaf9872
parent	0a9f791848913395f386c5a3d6aeaeef1cb4119f [diff]

Use buffer allocator in engine (#236)

Also modifying the engine so that when running with no allocator
(i.e. default), that it lazy-creates a direct buffer for JNI operations.
This is a trade-off of performance for memory. It requires the
allocation of a single direct buffer (~16k) that it uses to copy
from/to heap buffers provided by the application.

Fixes #226

Benchmarks show a huge improvement. The engine socket now blows away
old file-based socket. Also the engine, itself, is performing on par with Netty.

Client Socket:
```
Benchmark                                (channelType)  (messageSize)      (socketType)           Score           Error  Units
JmhClientSocketBenchmark:bytesPerSecond           NONE             64               JDK    20670510.287 ±   2819961.400  ops/s
JmhClientSocketBenchmark:bytesPerSecond           NONE             64         CONSCRYPT    33848197.816 ±   4989350.539  ops/s
JmhClientSocketBenchmark:bytesPerSecond           NONE             64  CONSCRYPT_ENGINE    44749583.683 ±   6134292.637  ops/s
JmhClientSocketBenchmark:bytesPerSecond           NONE            512               JDK    48204433.541 ±   2810531.888  ops/s
JmhClientSocketBenchmark:bytesPerSecond           NONE            512         CONSCRYPT   232416415.148 ±  29684894.680  ops/s
JmhClientSocketBenchmark:bytesPerSecond           NONE            512  CONSCRYPT_ENGINE   310801215.727 ±  24371818.265  ops/s
JmhClientSocketBenchmark:bytesPerSecond           NONE           4096               JDK    58643513.808 ±   1658108.450  ops/s
JmhClientSocketBenchmark:bytesPerSecond           NONE           4096         CONSCRYPT  1042715167.769 ±  33554034.996  ops/s
JmhClientSocketBenchmark:bytesPerSecond           NONE           4096  CONSCRYPT_ENGINE   998985902.510 ± 173250355.584  ops/s
JmhClientSocketBenchmark:bytesPerSecond     NO_CHANNEL             64               JDK    21669189.718 ±   2106385.961  ops/s
JmhClientSocketBenchmark:bytesPerSecond     NO_CHANNEL             64         CONSCRYPT    37385156.054 ±   4532906.286  ops/s
JmhClientSocketBenchmark:bytesPerSecond     NO_CHANNEL             64  CONSCRYPT_ENGINE    52886375.324 ±   6790212.250  ops/s
JmhClientSocketBenchmark:bytesPerSecond     NO_CHANNEL            512               JDK    47883220.892 ±   3333321.741  ops/s
JmhClientSocketBenchmark:bytesPerSecond     NO_CHANNEL            512         CONSCRYPT   224271272.001 ±  31693272.362  ops/s
JmhClientSocketBenchmark:bytesPerSecond     NO_CHANNEL            512  CONSCRYPT_ENGINE   307433134.710 ±  30458931.236  ops/s
JmhClientSocketBenchmark:bytesPerSecond     NO_CHANNEL           4096               JDK    59366754.581 ±    989937.143  ops/s
JmhClientSocketBenchmark:bytesPerSecond     NO_CHANNEL           4096         CONSCRYPT   997387329.864 ±  88179847.161  ops/s
JmhClientSocketBenchmark:bytesPerSecond     NO_CHANNEL           4096  CONSCRYPT_ENGINE   949163467.244 ± 162903541.551  ops/s
JmhClientSocketBenchmark:bytesPerSecond        CHANNEL             64               JDK    18853147.149 ±   2567512.388  ops/s
JmhClientSocketBenchmark:bytesPerSecond        CHANNEL             64         CONSCRYPT    38973102.125 ±   5288147.227  ops/s
JmhClientSocketBenchmark:bytesPerSecond        CHANNEL             64  CONSCRYPT_ENGINE    49037557.290 ±   3449771.391  ops/s
JmhClientSocketBenchmark:bytesPerSecond        CHANNEL            512               JDK    46940578.297 ±   3187957.601  ops/s
JmhClientSocketBenchmark:bytesPerSecond        CHANNEL            512         CONSCRYPT   242148384.926 ±  26908183.865  ops/s
JmhClientSocketBenchmark:bytesPerSecond        CHANNEL            512  CONSCRYPT_ENGINE   285255663.928 ±  29806352.951  ops/s
JmhClientSocketBenchmark:bytesPerSecond        CHANNEL           4096               JDK    58530903.691 ±   1673847.911  ops/s
JmhClientSocketBenchmark:bytesPerSecond        CHANNEL           4096         CONSCRYPT   935549616.895 ± 174971552.322  ops/s
JmhClientSocketBenchmark:bytesPerSecond        CHANNEL           4096  CONSCRYPT_ENGINE   885196452.941 ± 149034647.632  ops/s
```

Server socket:
```
Benchmark                                (channelType)  (messageSize)      (socketType)           Score           Error  Units
JmhServerSocketBenchmark:bytesPerSecond           NONE             64               JDK    20471863.122 ±   2750083.890  ops/s
JmhServerSocketBenchmark:bytesPerSecond           NONE             64         CONSCRYPT    35067182.137 ±   4321558.305  ops/s
JmhServerSocketBenchmark:bytesPerSecond           NONE             64  CONSCRYPT_ENGINE    51865841.557 ±   6210881.683  ops/s
JmhServerSocketBenchmark:bytesPerSecond           NONE            512               JDK    48226041.924 ±   2652378.529  ops/s
JmhServerSocketBenchmark:bytesPerSecond           NONE            512         CONSCRYPT   256960370.646 ±  15978194.656  ops/s
JmhServerSocketBenchmark:bytesPerSecond           NONE            512  CONSCRYPT_ENGINE   305922585.432 ±  11603169.168  ops/s
JmhServerSocketBenchmark:bytesPerSecond           NONE           4096               JDK    57540407.205 ±   1494303.451  ops/s
JmhServerSocketBenchmark:bytesPerSecond           NONE           4096         CONSCRYPT   834949391.557 ± 131468107.844  ops/s
JmhServerSocketBenchmark:bytesPerSecond           NONE           4096  CONSCRYPT_ENGINE   894561064.594 ± 186485784.506  ops/s
JmhServerSocketBenchmark:bytesPerSecond     NO_CHANNEL             64               JDK    21414715.924 ±   2525202.959  ops/s
JmhServerSocketBenchmark:bytesPerSecond     NO_CHANNEL             64         CONSCRYPT    36320793.361 ±   2506987.539  ops/s
JmhServerSocketBenchmark:bytesPerSecond     NO_CHANNEL             64  CONSCRYPT_ENGINE    51698559.566 ±   4280412.657  ops/s
JmhServerSocketBenchmark:bytesPerSecond     NO_CHANNEL            512               JDK    47550444.360 ±   2791912.476  ops/s
JmhServerSocketBenchmark:bytesPerSecond     NO_CHANNEL            512         CONSCRYPT   226298704.876 ±  32094643.264  ops/s
JmhServerSocketBenchmark:bytesPerSecond     NO_CHANNEL            512  CONSCRYPT_ENGINE   302745204.149 ±  32629696.557  ops/s
JmhServerSocketBenchmark:bytesPerSecond     NO_CHANNEL           4096               JDK    59568364.160 ±    662744.026  ops/s
JmhServerSocketBenchmark:bytesPerSecond     NO_CHANNEL           4096         CONSCRYPT   892983849.077 ± 185771381.513  ops/s
JmhServerSocketBenchmark:bytesPerSecond     NO_CHANNEL           4096  CONSCRYPT_ENGINE  1027094139.211 ± 142838635.652  ops/s
JmhServerSocketBenchmark:bytesPerSecond        CHANNEL             64               JDK    19017307.062 ±   3202589.193  ops/s
JmhServerSocketBenchmark:bytesPerSecond        CHANNEL             64         CONSCRYPT    36145718.739 ±   7424407.014  ops/s
JmhServerSocketBenchmark:bytesPerSecond        CHANNEL             64  CONSCRYPT_ENGINE    43706545.753 ±   8133454.663  ops/s
JmhServerSocketBenchmark:bytesPerSecond        CHANNEL            512               JDK    48295259.871 ±   2751536.354  ops/s
JmhServerSocketBenchmark:bytesPerSecond        CHANNEL            512         CONSCRYPT   260689915.496 ±  11958497.389  ops/s
JmhServerSocketBenchmark:bytesPerSecond        CHANNEL            512  CONSCRYPT_ENGINE   300341704.678 ±  29489214.700  ops/s
JmhServerSocketBenchmark:bytesPerSecond        CHANNEL           4096               JDK    57961362.687 ±   1450364.082  ops/s
JmhServerSocketBenchmark:bytesPerSecond        CHANNEL           4096         CONSCRYPT   999803862.933 ± 113516770.944  ops/s
JmhServerSocketBenchmark:bytesPerSecond        CHANNEL           4096  CONSCRYPT_ENGINE  1031217300.014 ± 124844374.416  ops/s
```

Engine:
```
Benchmark                                                      (cipher)  (messageSize)            (sslProvider)           Score           Error  Units
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64                 JDK_HEAP      465332.382 ±     23279.209  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64               JDK_DIRECT      454529.557 ±     27897.327  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64  CONSCRYPT_HEAP_UNPOOLED     1744207.896 ±     17819.397  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64    CONSCRYPT_HEAP_POOLED     1465451.813 ±     14176.452  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64         CONSCRYPT_DIRECT     2016813.524 ±     27654.790  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64               NETTY_HEAP     1434943.223 ±     75951.521  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64             NETTY_DIRECT     2213406.254 ±    176332.371  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512                 JDK_HEAP      106853.524 ±      4317.313  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512               JDK_DIRECT      103353.246 ±      8433.983  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512  CONSCRYPT_HEAP_UNPOOLED     1496206.948 ±     21583.193  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512    CONSCRYPT_HEAP_POOLED     1057553.091 ±    130857.752  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512         CONSCRYPT_DIRECT     1597479.155 ±     20888.559  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512               NETTY_HEAP     1169042.447 ±     77704.222  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512             NETTY_DIRECT     1663056.393 ±     26704.186  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096                 JDK_HEAP       15108.921 ±       160.300  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096               JDK_DIRECT       14246.365 ±       981.619  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096  CONSCRYPT_HEAP_UNPOOLED      497098.353 ±      4970.274  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096    CONSCRYPT_HEAP_POOLED      417374.589 ±      4997.278  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096         CONSCRYPT_DIRECT      527155.170 ±     33216.737  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096               NETTY_HEAP      392839.884 ±     23065.132  ops/s
JmhEngineBenchmark.wrap           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096             NETTY_DIRECT      507145.953 ±     29442.768  ops/s


JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64                 JDK_HEAP      221410.435 ±     15308.092  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64               JDK_DIRECT      219072.340 ±     16675.432  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64  CONSCRYPT_HEAP_UNPOOLED      866077.951 ±     42527.270  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64    CONSCRYPT_HEAP_POOLED      597154.296 ±      8613.868  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64         CONSCRYPT_DIRECT      926671.460 ±     15021.389  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64               NETTY_HEAP      704027.048 ±     25672.112  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256             64             NETTY_DIRECT     1051056.529 ±     15020.345  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512                 JDK_HEAP       50648.382 ±      4929.690  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512               JDK_DIRECT       51725.315 ±      2160.470  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512  CONSCRYPT_HEAP_UNPOOLED      648229.046 ±     20470.238  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512    CONSCRYPT_HEAP_POOLED      493919.908 ±     43992.976  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512         CONSCRYPT_DIRECT      718664.342 ±      8480.030  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512               NETTY_HEAP      554893.692 ±     18063.672  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256            512             NETTY_DIRECT      777181.573 ±      9124.882  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096                 JDK_HEAP        7456.319 ±        86.302  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096               JDK_DIRECT        7106.374 ±       397.573  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096  CONSCRYPT_HEAP_UNPOOLED      223205.783 ±     11577.505  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096    CONSCRYPT_HEAP_POOLED      190202.214 ±      9213.396  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096         CONSCRYPT_DIRECT      253628.773 ±      2695.321  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096               NETTY_HEAP      186621.213 ±     10636.644  ops/s
JmhEngineBenchmark.wrapAndUnwrap  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256           4096             NETTY_DIRECT      234275.366 ±     14115.279  ops/s
```

15 files changed

tree: 3360eaecc624dcb15432f3c0bebc04ac0aaf9872

README.md

Conscrypt - A Java Security Provider

Conscrypt is a Java Security Provider (JSP) that implements parts of the Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE). It uses BoringSSL to provide cryptographical primitives and Transport Layer Security (TLS) for Java applications on Android and OpenJDK.

The core SSL engine has borrowed liberally from the Netty project and their work on netty-tcnative, giving Conscrypt similar performance.

Download

NOTE: This section is under construction! Artifacts have not yet been published to the public Maven repositories.

Download JARs

You can download the JARs directly from the Maven repositories.

OpenJDK (i.e. non-Android)

Native Classifiers

The OpenJDK artifacts are platform-dependent since each embeds a native library for a particular platform. We publish artifacts to Maven Central for the following platforms:

Classifier	Description
windows-x86_64	Windows distribution
osx-x86_64	Mac distribution
linux-x86_64	Used for Linux

Maven

Use the os-maven-plugin to add the dependency:

<build>
  <extensions>
    <extension>
      <groupId>kr.motd.maven</groupId>
      <artifactId>os-maven-plugin</artifactId>
      <version>1.4.1.Final</version>
    </extension>
  </extensions>
</build>

<dependency>
  <groupId>org.conscrypt</groupId>
  <artifactId>conscrypt-openjdk</artifactId>
  <version>1.1.0-SNAPSHOT</version>
  <classifier>${os.detected.classifier}</classifier>
</dependency>

Gradle

Use the osdetector-gradle-plugin (which is a wrapper around the os-maven-plugin) to add the dependency:

buildscript {
  repositories {
    mavenCentral()
  }
  dependencies {
    classpath 'com.google.gradle:osdetector-gradle-plugin:1.4.0'
  }
}

// Use the osdetector-gradle-plugin
apply plugin: "com.google.osdetector"

dependencies {
  compile 'org.conscrypt:conscrypt-jdk:1.1.0-SNAPSHOT:' + osdetector.classifier
}

Uber JAR

For convenience, we also publish an Uber JAR to Maven Central that contains the shared libraries for all of the published platforms. While the overall size of the JAR is larger than depending on a platform-specific artifact, it greatly simplifies the task of dependency management for most platforms.

To depend on the uber jar, simply use the conscrypt-openjdk-uber artifacts.

Maven

<dependency>
  <groupId>org.conscrypt</groupId>
  <artifactId>conscrypt-openjdk-uber</artifactId>
  <version>1.1.0-SNAPSHOT</version>
</dependency>

Gradle

dependencies {
  compile 'org.conscrypt:conscrypt-jdk-uber:1.1.0-SNAPSHOT'
}

How to Build

If you are making changes to Conscrypt, see the building instructions.

Source Overview

Here‘s a quick readers’ guide to the code to help folks get started. The high-level modules are Common, Android, OpenJDK, and Platform.

Common

This contains the bulk of the code for both Java and C. This isn't an actual module and builds no artifacts. Rather, the other modules just point to this directory as source.

Android

This module provides the Platform class for Android and also adds compatibility classes for supporting various versions of Android. This generates an aar library artifact.

OpenJDK

These modules provide the Platform class for non-Android (OpenJDK-based) systems. It also provides a native library loader supports bundling the shared library with the JAR.

Platform

This is not an actual module and is not part of the default build. This is used for building Conscrypt as an embedded component of the Android platform.