RFR: 8273297: AES/GCM non-AVX512+VAES CPUs suffer after 8267125 [v2]

Sandhya Viswanathan sviswanathan at openjdk.java.net
Tue Sep 21 16:42:35 UTC 2021

On Mon, 20 Sep 2021 05:16:16 GMT, Smita Kamath <svkamath at openjdk.org> wrote:

>> Performance dropped up to 10% for 1k data after 8267125 for CPUs that do not support the new intrinsic. Tests run were crypto.full.AESGCMBench and crypto.full.AESGCMByteBuffer from the jmh micro benchmarks.
>> The problem is each instance of GHASH allocates 96 extra longs for the AVX512+VAES intrinsic regardless if the intrinsic is used. This extra table space should be allocated differently so that non-supporting CPUs do not suffer this penalty. This issue also affects non-Intel CPUs too.
> Smita Kamath has updated the pull request incrementally with one additional commit since the last revision:
>   Added a wrapper around aes-gcm intrinsic, changed data size in TestAESMain and added a new constant for htbl entries

src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 588:

> 586:                     ctOfs+len, out, outOfs+len, gctr, ghash);
> 587:                 len+= partlen;
> 588:                 inLen-= len;

This should be inLen -= partlen;


PR: https://git.openjdk.java.net/jdk/pull/5402

More information about the security-dev mailing list