RFR: 8273297: AES/GCM non-AVX512+VAES CPUs suffer after 8267125 [v2]
Sandhya Viswanathan
sviswanathan at openjdk.java.net
Tue Sep 21 16:42:35 UTC 2021
On Mon, 20 Sep 2021 05:16:16 GMT, Smita Kamath <svkamath at openjdk.org> wrote:
>> Performance dropped up to 10% for 1k data after 8267125 for CPUs that do not support the new intrinsic. Tests run were crypto.full.AESGCMBench and crypto.full.AESGCMByteBuffer from the jmh micro benchmarks.
>>
>> The problem is each instance of GHASH allocates 96 extra longs for the AVX512+VAES intrinsic regardless if the intrinsic is used. This extra table space should be allocated differently so that non-supporting CPUs do not suffer this penalty. This issue also affects non-Intel CPUs too.
>
> Smita Kamath has updated the pull request incrementally with one additional commit since the last revision:
>
> Added a wrapper around aes-gcm intrinsic, changed data size in TestAESMain and added a new constant for htbl entries
src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 588:
> 586: ctOfs+len, out, outOfs+len, gctr, ghash);
> 587: len+= partlen;
> 588: inLen-= len;
This should be inLen -= partlen;
-------------
PR: https://git.openjdk.java.net/jdk/pull/5402
More information about the security-dev
mailing list