Skip to content

Reduce WC_RNG allocations in WolfCryptCipher and WolfCryptDhParameterGenerator#208

Merged
rlm2002 merged 3 commits intowolfSSL:masterfrom
cconlon:rngAllocationReduction
Apr 1, 2026
Merged

Reduce WC_RNG allocations in WolfCryptCipher and WolfCryptDhParameterGenerator#208
rlm2002 merged 3 commits intowolfSSL:masterfrom
cconlon:rngAllocationReduction

Conversation

@cconlon
Copy link
Copy Markdown
Member

@cconlon cconlon commented Mar 31, 2026

Summary

This PR includes a few optimizations to reduce creation of WC_RNG structs when not needed.

  • WolfCryptCipher: Defer Rng creation from constructor to RSA-only code paths. Previously every Cipher instance (including all AES and DES3 variants) eagerly allocated a native WC_RNG struct that only RSA operations use. Also added missing rng.free() call in finalize() for cleanup consistency.
  • WolfCryptDhParameterGenerator: Bump Rng allocation out of the PRIME_GEN_E retry loop so a single WC_RNG is reused across retries instead of creating and destroying one per attempt.

@cconlon cconlon self-assigned this Mar 31, 2026
Copilot AI review requested due to automatic review settings March 31, 2026 22:55
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR optimizes the wolfJCE provider’s native RNG usage by avoiding unnecessary WC_RNG allocations in code paths that don’t require randomness, and by reusing a single RNG across DH parameter-generation retries.

Changes:

  • Defer Rng creation in WolfCryptCipher until RSA code paths actually need it, rather than allocating for every cipher instance.
  • Reuse a single Rng across PRIME_GEN_E retry attempts in WolfCryptDhParameterGenerator instead of allocating/freeing per attempt.
  • Ensure RNG cleanup is performed during WolfCryptCipher.finalize().

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
src/main/java/com/wolfssl/provider/jce/WolfCryptDhParameterGenerator.java Moves RNG initialization outside the prime-generation retry loop to reuse one native RNG across attempts.
src/main/java/com/wolfssl/provider/jce/WolfCryptCipher.java Makes RNG allocation lazy for RSA-only usage and adjusts finalization cleanup for RNG resources.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/main/java/com/wolfssl/provider/jce/WolfCryptCipher.java Outdated
Comment thread src/main/java/com/wolfssl/provider/jce/WolfCryptCipher.java
@cconlon cconlon assigned rlm2002 and unassigned cconlon Apr 1, 2026
@rlm2002 rlm2002 merged commit 4f89eda into wolfSSL:master Apr 1, 2026
79 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rlm2002 rlm2002 rlm2002 approved these changes

Assignees

@rlm2002 rlm2002

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cconlon @rlm2002