265620 - Use buffer to reduce C_DigestUpdate calls to Cryptoki during SSL handshake

Status: NEW

(NSS :: Libraries, enhancement, P2)

Description

[Ian McGreer]

David Jacobson requested that we buffer calls to C_DigestUpdate when the message
size was a few bytes.  He believes these calls have an adverse effect on token
performance.

I implemented a quick patch that tried to do this.  Julien later found a crash
in a tree with that patch intact (bug 262192).  However, it is not clear if the
patch was responsible.  In the course of that bug Nelson fixed an unrelated bug
in my patch.

This bug is to track David's original enhancement request.

Comment 1

[Julien Pierre]

Attachment: updated patch with fix in PK11_DigestKey

Comment 2

[Robert Relyea]

I know we have similiar code in CMS because tokens tend to have high latency
between calls. On the other hand, you get better response with smaller buffers
in software. In the CMS case we look at the PKCS #11 is hardware flag to
determine if we are going to buffer or not.

I'm not sure it's the same situation here (it may be better to just always
buffer), I suggest trying some profiling to make sure our memory consumption
does not drastically increase in the software case. If it does, we should only
buffer (and allocate the space for buffers) if digesting to a slot with the HW
flag set.

bob

Comment 3

[Wan-Teh Chang]

Julien, feel free to reassign the bug to some
other Sun NSS developer.

Comment 4

[Nelson Bolyard (seldom reads bugmail)]

Unsetting target milestone in unresolved bugs whose targets have passed.