-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proliferation of BouncyCastleProvider instances causing large memory consumption #94
Comments
Steps to reproduce with link to a proposed temporary fix at https://gist.github.com/bbrowning/a6af5239ad35dcdd83212a729d6896c5 |
I'm working on a test now. |
I've pulled in @bbrowning's fix but I have been unable to reproduce this locally. We still need a test that confirms the provider stays the same. See my test in 13e964a. |
for the record ... the regression in 1.54 has been (mostly) caused by bcgit/bc-java@4eecbee |
released jruby-openssl 0.9.17 ... thanks @bbrowning for the investigation and the quick fix. |
See jruby/jruby-openssl#94. Signed-off-by: Pierre-Alexandre Meyer <pierre@mouraf.org>
See jruby/jruby-openssl#94. Signed-off-by: Pierre-Alexandre Meyer <pierre@mouraf.org>
The upgrade to BouncyCastle 1.54 has introduced a bug where we're creating a new BouncyCastleProvider instance for every X509AuxCertificate we create. The code path that leads to this is:
jruby-openssl/src/main/java/org/jruby/ext/openssl/x509store/X509AuxCertificate.java
Line 81 in eb200e5
which calls
jruby-openssl/src/main/java/org/jruby/ext/openssl/SecurityHelper.java
Line 194 in f1ca23c
which ends up creating a new instance of
org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory
that instantiates a new BCJcaJceHelper athttps://github.com/bcgit/bc-java/blob/r1rv54/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java#L40
which ends up returning a new instance of BouncyCastleProvider at
https://github.com/bcgit/bc-java/blob/r1rv54/prov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java#L22 unless the provider is registered already.
This causes the memory consumption of each X509AuxCertificate to explode for me, leading to a baseline memory usage of about 65MB of just BouncyCastleProvider objects in every JRuby runtime. This may be related to #86.
The text was updated successfully, but these errors were encountered: