RFR: 8273297: AES/GCM non-AVX512+VAES CPUs suffer after 8267125

Smita Kamath svkamath at openjdk.java.net
Wed Sep 8 00:26:25 UTC 2021

Performance dropped up to 10% for 1k data after 8267125 for CPUs that do not support the new intrinsic. Tests run were crypto.full.AESGCMBench and crypto.full.AESGCMByteBuffer from the jmh micro benchmarks.

The problem is each instance of GHASH allocates 96 extra longs for the AVX512+VAES intrinsic regardless if the intrinsic is used. This extra table space should be allocated differently so that non-supporting CPUs do not suffer this penalty. This issue also affects non-Intel CPUs too.


Commit messages:
 - Merge master
 - JDK 8273297: AES/GCM non AVX512 + VAES CPU's suffer after 8267125
 - changes to make sure that ghash_long_swap_mask and counter_mask_addr calls are not duplicated
 - Merge branch 'master' of https://git.openjdk.java.net/jdk into aes-gcm
 - Moved declaration in vmStructs.cpp to other AESCrypt declarations
 - comment update
 - rewiew update
 - Merge branch 'aes-gcm' of github.com:smita-kamath/jdk into aes-gcm
 - changed file property of GaloisCounterMode.java
 - Merge branch 'master' of https://git.openjdk.java.net/jdk into aes-gcm
 - ... and 10 more: https://git.openjdk.java.net/jdk/compare/d6d6c069...4628dc3a

Changes: https://git.openjdk.java.net/jdk/pull/5402/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=5402&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8273297
  Stats: 66 lines in 9 files changed: 18 ins; 2 del; 46 mod
  Patch: https://git.openjdk.java.net/jdk/pull/5402.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/5402/head:pull/5402

PR: https://git.openjdk.java.net/jdk/pull/5402

More information about the security-dev mailing list