RFR: 8073108: GHASH Intrinsics

Florian Weimer fweimer at redhat.com
Tue Feb 17 20:06:19 UTC 2015

On 02/17/2015 09:03 PM, Anthony Scarpino wrote:
> On 02/17/2015 02:59 AM, Florian Weimer wrote:
>> On 02/16/2015 10:11 PM, Anthony Scarpino wrote:
>>> Hi,
>>> I'm requesting a code review to intrinsify the GHASH operations for both
>>> x86 and SPARC platforms.  This greatly increases performance over
>>> software for AES/GCM crypto operations, details are in the bug.
>>> The review is for two repos, hotspot and jdk:
>>> http://cr.openjdk.java.net/~ascarpino/8073108/hotspot/webrev/
>> Sorry for double-posting.
>> I looked at generate_ghash_processBlocks() and wonder if the loop needs
>> to be split to introduce occasional safepoints.  The TLS record size
>> should limit the number bytes per invocation to 16000, so perhaps this
>> isn't issue for the current application.
> I would think TLS limits should be handled in a JSSE or other TLS area.
>  I think GHASH should be the pure implementation.

Sorry, what I'm trying to say is that TLS won't trigger this issue
because its loops will be reasonably short.

There might be other users for which this could be a problem, though.

Florian Weimer / Red Hat Product Security

More information about the security-dev mailing list