Integrated: 8308118: Avoid multiarray allocations in AESCrypt.makeSessionKey

Aleksey Shipilev shade at openjdk.org
Fri May 19 06:57:12 UTC 2023 

On Mon, 15 May 2023 19:59:13 GMT, Aleksey Shipilev <shade at openjdk.org> wrote:

> One of our services has a hot path with AES/GCM cipher reuse. The JDK code reinitializes the session key on that path, and [JDK-8308105](https://bugs.openjdk.org/browse/JDK-8308105) shows up prominently there.
> 
> Fixing [JDK-8308105](https://bugs.openjdk.org/browse/JDK-8308105) would take a while, as would likely require multiple patches in VM internals. Meanwhile, we can avoid the multiarray allocations in AESCrypt.makeSessionKey completely, reaping performance benefits. We can go even deeper: replace the multi-array with the flat array and drop `expandToSubKey` completely.
> 
> Example original profile is in the bug.
> 
> There are other things we can polish in that code, but experiments show those polishings have rather diminshed returns.
> 
> On new benchmark:
> 
> 
> Benchmark       Mode  Cnt    Score   Error  Units
> 
> ## Mac M1
> 
> # Before
> AESReinit.test  avgt   15   873,842 ± 6,911  ns/op
> 
> # After
> AESReinit.test  avgt   15   347,632 ± 8,764  ns/op  ; <--- 2.5x faster
> 
> ## Xeon, c6.8xlarge
> 
> # Before
> AESReinit.test  avgt   15  1524.307 ± 24.231 ns/op
> 
> # After
> AESReinit.test  avgt   15   554.727 ± 12.876 ns/op  ; <--- 2.75x faster
> 
> ## Graviton, m6g.4xlarge
> 
> # Before
> AESReinit.test  avgt   15  1913.492 ± 23.489 ns/op
> 
> # After
> AESReinit.test  avgt   15   639.701 ± 5.033  ns/op  ; <--- 2.99x faster
> 
> 
> Additional testing:
>  - [x] Benchmarks
>  - [x] macos-aarch64-server-release, `jdk_security`
>  - [x] linux-x86_64-server-fastdebug, `tier1 tier2 tier3`

This pull request has now been integrated.

Changeset: 67657610
Author:    Aleksey Shipilev <shade at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/6765761075361459f764f4f17a52ac6ecbe67f4e
Stats:     133 lines in 2 files changed: 78 ins; 38 del; 17 mod

8308118: Avoid multiarray allocations in AESCrypt.makeSessionKey

Reviewed-by: xuelei

-------------

PR: https://git.openjdk.org/jdk/pull/13996

More information about the security-dev mailing list