commit | 486db2f3e9558c712c4ae394973631caedbe5256 | [log] [tgz] |
---|---|---|
author | Nathan Mittler <nathanmittler@google.com> | Fri Jun 30 07:39:22 2017 -0700 |
committer | GitHub <noreply@github.com> | Fri Jun 30 07:39:22 2017 -0700 |
tree | 3360eaecc624dcb15432f3c0bebc04ac0aaf9872 | |
parent | 0a9f791848913395f386c5a3d6aeaeef1cb4119f [diff] |
Use buffer allocator in engine (#236) Also modifying the engine so that when running with no allocator (i.e. default), that it lazy-creates a direct buffer for JNI operations. This is a trade-off of performance for memory. It requires the allocation of a single direct buffer (~16k) that it uses to copy from/to heap buffers provided by the application. Fixes #226 Benchmarks show a huge improvement. The engine socket now blows away old file-based socket. Also the engine, itself, is performing on par with Netty. Client Socket: ``` Benchmark (channelType) (messageSize) (socketType) Score Error Units JmhClientSocketBenchmark:bytesPerSecond NONE 64 JDK 20670510.287 ± 2819961.400 ops/s JmhClientSocketBenchmark:bytesPerSecond NONE 64 CONSCRYPT 33848197.816 ± 4989350.539 ops/s JmhClientSocketBenchmark:bytesPerSecond NONE 64 CONSCRYPT_ENGINE 44749583.683 ± 6134292.637 ops/s JmhClientSocketBenchmark:bytesPerSecond NONE 512 JDK 48204433.541 ± 2810531.888 ops/s JmhClientSocketBenchmark:bytesPerSecond NONE 512 CONSCRYPT 232416415.148 ± 29684894.680 ops/s JmhClientSocketBenchmark:bytesPerSecond NONE 512 CONSCRYPT_ENGINE 310801215.727 ± 24371818.265 ops/s JmhClientSocketBenchmark:bytesPerSecond NONE 4096 JDK 58643513.808 ± 1658108.450 ops/s JmhClientSocketBenchmark:bytesPerSecond NONE 4096 CONSCRYPT 1042715167.769 ± 33554034.996 ops/s JmhClientSocketBenchmark:bytesPerSecond NONE 4096 CONSCRYPT_ENGINE 998985902.510 ± 173250355.584 ops/s JmhClientSocketBenchmark:bytesPerSecond NO_CHANNEL 64 JDK 21669189.718 ± 2106385.961 ops/s JmhClientSocketBenchmark:bytesPerSecond NO_CHANNEL 64 CONSCRYPT 37385156.054 ± 4532906.286 ops/s JmhClientSocketBenchmark:bytesPerSecond NO_CHANNEL 64 CONSCRYPT_ENGINE 52886375.324 ± 6790212.250 ops/s JmhClientSocketBenchmark:bytesPerSecond NO_CHANNEL 512 JDK 47883220.892 ± 3333321.741 ops/s JmhClientSocketBenchmark:bytesPerSecond NO_CHANNEL 512 CONSCRYPT 224271272.001 ± 31693272.362 ops/s JmhClientSocketBenchmark:bytesPerSecond NO_CHANNEL 512 CONSCRYPT_ENGINE 307433134.710 ± 30458931.236 ops/s JmhClientSocketBenchmark:bytesPerSecond NO_CHANNEL 4096 JDK 59366754.581 ± 989937.143 ops/s JmhClientSocketBenchmark:bytesPerSecond NO_CHANNEL 4096 CONSCRYPT 997387329.864 ± 88179847.161 ops/s JmhClientSocketBenchmark:bytesPerSecond NO_CHANNEL 4096 CONSCRYPT_ENGINE 949163467.244 ± 162903541.551 ops/s JmhClientSocketBenchmark:bytesPerSecond CHANNEL 64 JDK 18853147.149 ± 2567512.388 ops/s JmhClientSocketBenchmark:bytesPerSecond CHANNEL 64 CONSCRYPT 38973102.125 ± 5288147.227 ops/s JmhClientSocketBenchmark:bytesPerSecond CHANNEL 64 CONSCRYPT_ENGINE 49037557.290 ± 3449771.391 ops/s JmhClientSocketBenchmark:bytesPerSecond CHANNEL 512 JDK 46940578.297 ± 3187957.601 ops/s JmhClientSocketBenchmark:bytesPerSecond CHANNEL 512 CONSCRYPT 242148384.926 ± 26908183.865 ops/s JmhClientSocketBenchmark:bytesPerSecond CHANNEL 512 CONSCRYPT_ENGINE 285255663.928 ± 29806352.951 ops/s JmhClientSocketBenchmark:bytesPerSecond CHANNEL 4096 JDK 58530903.691 ± 1673847.911 ops/s JmhClientSocketBenchmark:bytesPerSecond CHANNEL 4096 CONSCRYPT 935549616.895 ± 174971552.322 ops/s JmhClientSocketBenchmark:bytesPerSecond CHANNEL 4096 CONSCRYPT_ENGINE 885196452.941 ± 149034647.632 ops/s ``` Server socket: ``` Benchmark (channelType) (messageSize) (socketType) Score Error Units JmhServerSocketBenchmark:bytesPerSecond NONE 64 JDK 20471863.122 ± 2750083.890 ops/s JmhServerSocketBenchmark:bytesPerSecond NONE 64 CONSCRYPT 35067182.137 ± 4321558.305 ops/s JmhServerSocketBenchmark:bytesPerSecond NONE 64 CONSCRYPT_ENGINE 51865841.557 ± 6210881.683 ops/s JmhServerSocketBenchmark:bytesPerSecond NONE 512 JDK 48226041.924 ± 2652378.529 ops/s JmhServerSocketBenchmark:bytesPerSecond NONE 512 CONSCRYPT 256960370.646 ± 15978194.656 ops/s JmhServerSocketBenchmark:bytesPerSecond NONE 512 CONSCRYPT_ENGINE 305922585.432 ± 11603169.168 ops/s JmhServerSocketBenchmark:bytesPerSecond NONE 4096 JDK 57540407.205 ± 1494303.451 ops/s JmhServerSocketBenchmark:bytesPerSecond NONE 4096 CONSCRYPT 834949391.557 ± 131468107.844 ops/s JmhServerSocketBenchmark:bytesPerSecond NONE 4096 CONSCRYPT_ENGINE 894561064.594 ± 186485784.506 ops/s JmhServerSocketBenchmark:bytesPerSecond NO_CHANNEL 64 JDK 21414715.924 ± 2525202.959 ops/s JmhServerSocketBenchmark:bytesPerSecond NO_CHANNEL 64 CONSCRYPT 36320793.361 ± 2506987.539 ops/s JmhServerSocketBenchmark:bytesPerSecond NO_CHANNEL 64 CONSCRYPT_ENGINE 51698559.566 ± 4280412.657 ops/s JmhServerSocketBenchmark:bytesPerSecond NO_CHANNEL 512 JDK 47550444.360 ± 2791912.476 ops/s JmhServerSocketBenchmark:bytesPerSecond NO_CHANNEL 512 CONSCRYPT 226298704.876 ± 32094643.264 ops/s JmhServerSocketBenchmark:bytesPerSecond NO_CHANNEL 512 CONSCRYPT_ENGINE 302745204.149 ± 32629696.557 ops/s JmhServerSocketBenchmark:bytesPerSecond NO_CHANNEL 4096 JDK 59568364.160 ± 662744.026 ops/s JmhServerSocketBenchmark:bytesPerSecond NO_CHANNEL 4096 CONSCRYPT 892983849.077 ± 185771381.513 ops/s JmhServerSocketBenchmark:bytesPerSecond NO_CHANNEL 4096 CONSCRYPT_ENGINE 1027094139.211 ± 142838635.652 ops/s JmhServerSocketBenchmark:bytesPerSecond CHANNEL 64 JDK 19017307.062 ± 3202589.193 ops/s JmhServerSocketBenchmark:bytesPerSecond CHANNEL 64 CONSCRYPT 36145718.739 ± 7424407.014 ops/s JmhServerSocketBenchmark:bytesPerSecond CHANNEL 64 CONSCRYPT_ENGINE 43706545.753 ± 8133454.663 ops/s JmhServerSocketBenchmark:bytesPerSecond CHANNEL 512 JDK 48295259.871 ± 2751536.354 ops/s JmhServerSocketBenchmark:bytesPerSecond CHANNEL 512 CONSCRYPT 260689915.496 ± 11958497.389 ops/s JmhServerSocketBenchmark:bytesPerSecond CHANNEL 512 CONSCRYPT_ENGINE 300341704.678 ± 29489214.700 ops/s JmhServerSocketBenchmark:bytesPerSecond CHANNEL 4096 JDK 57961362.687 ± 1450364.082 ops/s JmhServerSocketBenchmark:bytesPerSecond CHANNEL 4096 CONSCRYPT 999803862.933 ± 113516770.944 ops/s JmhServerSocketBenchmark:bytesPerSecond CHANNEL 4096 CONSCRYPT_ENGINE 1031217300.014 ± 124844374.416 ops/s ``` Engine: ``` Benchmark (cipher) (messageSize) (sslProvider) Score Error Units JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 JDK_HEAP 465332.382 ± 23279.209 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 JDK_DIRECT 454529.557 ± 27897.327 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 CONSCRYPT_HEAP_UNPOOLED 1744207.896 ± 17819.397 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 CONSCRYPT_HEAP_POOLED 1465451.813 ± 14176.452 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 CONSCRYPT_DIRECT 2016813.524 ± 27654.790 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 NETTY_HEAP 1434943.223 ± 75951.521 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 NETTY_DIRECT 2213406.254 ± 176332.371 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 JDK_HEAP 106853.524 ± 4317.313 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 JDK_DIRECT 103353.246 ± 8433.983 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 CONSCRYPT_HEAP_UNPOOLED 1496206.948 ± 21583.193 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 CONSCRYPT_HEAP_POOLED 1057553.091 ± 130857.752 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 CONSCRYPT_DIRECT 1597479.155 ± 20888.559 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 NETTY_HEAP 1169042.447 ± 77704.222 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 NETTY_DIRECT 1663056.393 ± 26704.186 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 JDK_HEAP 15108.921 ± 160.300 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 JDK_DIRECT 14246.365 ± 981.619 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 CONSCRYPT_HEAP_UNPOOLED 497098.353 ± 4970.274 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 CONSCRYPT_HEAP_POOLED 417374.589 ± 4997.278 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 CONSCRYPT_DIRECT 527155.170 ± 33216.737 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 NETTY_HEAP 392839.884 ± 23065.132 ops/s JmhEngineBenchmark.wrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 NETTY_DIRECT 507145.953 ± 29442.768 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 JDK_HEAP 221410.435 ± 15308.092 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 JDK_DIRECT 219072.340 ± 16675.432 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 CONSCRYPT_HEAP_UNPOOLED 866077.951 ± 42527.270 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 CONSCRYPT_HEAP_POOLED 597154.296 ± 8613.868 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 CONSCRYPT_DIRECT 926671.460 ± 15021.389 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 NETTY_HEAP 704027.048 ± 25672.112 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 64 NETTY_DIRECT 1051056.529 ± 15020.345 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 JDK_HEAP 50648.382 ± 4929.690 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 JDK_DIRECT 51725.315 ± 2160.470 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 CONSCRYPT_HEAP_UNPOOLED 648229.046 ± 20470.238 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 CONSCRYPT_HEAP_POOLED 493919.908 ± 43992.976 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 CONSCRYPT_DIRECT 718664.342 ± 8480.030 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 NETTY_HEAP 554893.692 ± 18063.672 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 512 NETTY_DIRECT 777181.573 ± 9124.882 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 JDK_HEAP 7456.319 ± 86.302 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 JDK_DIRECT 7106.374 ± 397.573 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 CONSCRYPT_HEAP_UNPOOLED 223205.783 ± 11577.505 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 CONSCRYPT_HEAP_POOLED 190202.214 ± 9213.396 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 CONSCRYPT_DIRECT 253628.773 ± 2695.321 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 NETTY_HEAP 186621.213 ± 10636.644 ops/s JmhEngineBenchmark.wrapAndUnwrap TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 4096 NETTY_DIRECT 234275.366 ± 14115.279 ops/s ```
Conscrypt is a Java Security Provider (JSP) that implements parts of the Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE). It uses BoringSSL to provide cryptographical primitives and Transport Layer Security (TLS) for Java applications on Android and OpenJDK.
The core SSL engine has borrowed liberally from the Netty project and their work on netty-tcnative, giving Conscrypt
similar performance.
NOTE: This section is under construction! Artifacts have not yet been published to the public Maven repositories.
You can download the JARs directly from the Maven repositories.
The OpenJDK artifacts are platform-dependent since each embeds a native library for a particular platform. We publish artifacts to Maven Central for the following platforms:
Classifier | Description |
---|---|
windows-x86_64 | Windows distribution |
osx-x86_64 | Mac distribution |
linux-x86_64 | Used for Linux |
Use the os-maven-plugin to add the dependency:
<build> <extensions> <extension> <groupId>kr.motd.maven</groupId> <artifactId>os-maven-plugin</artifactId> <version>1.4.1.Final</version> </extension> </extensions> </build> <dependency> <groupId>org.conscrypt</groupId> <artifactId>conscrypt-openjdk</artifactId> <version>1.1.0-SNAPSHOT</version> <classifier>${os.detected.classifier}</classifier> </dependency>
Use the osdetector-gradle-plugin (which is a wrapper around the os-maven-plugin) to add the dependency:
buildscript { repositories { mavenCentral() } dependencies { classpath 'com.google.gradle:osdetector-gradle-plugin:1.4.0' } } // Use the osdetector-gradle-plugin apply plugin: "com.google.osdetector" dependencies { compile 'org.conscrypt:conscrypt-jdk:1.1.0-SNAPSHOT:' + osdetector.classifier }
For convenience, we also publish an Uber JAR to Maven Central that contains the shared libraries for all of the published platforms. While the overall size of the JAR is larger than depending on a platform-specific artifact, it greatly simplifies the task of dependency management for most platforms.
To depend on the uber jar, simply use the conscrypt-openjdk-uber
artifacts.
<dependency> <groupId>org.conscrypt</groupId> <artifactId>conscrypt-openjdk-uber</artifactId> <version>1.1.0-SNAPSHOT</version> </dependency>
dependencies { compile 'org.conscrypt:conscrypt-jdk-uber:1.1.0-SNAPSHOT' }
If you are making changes to Conscrypt, see the building instructions.
Here‘s a quick readers’ guide to the code to help folks get started. The high-level modules are Common, Android, OpenJDK, and Platform.
This contains the bulk of the code for both Java and C. This isn't an actual module and builds no artifacts. Rather, the other modules just point to this directory as source.
This module provides the Platform
class for Android and also adds compatibility classes for supporting various versions of Android. This generates an aar
library artifact.
These modules provide the Platform
class for non-Android (OpenJDK-based) systems. It also provides a native library loader supports bundling the shared library with the JAR.
This is not an actual module and is not part of the default build. This is used for building Conscrypt as an embedded component of the Android platform.