RFR: 8371450: AES performance improvements for key schedule generation
Jamil Nimeh
jnimeh at openjdk.org
Fri Nov 7 17:30:08 UTC 2025
On Fri, 7 Nov 2025 07:53:37 GMT, Shawn M Emery <duke at openjdk.org> wrote:
> This fix improves performance in the AES key schedule generation by eliminating an unnecessary object and unnecessary mask in the inverse key schedule.
>
> The micro:org.openjdk.bench.javax.crypto.AESReinit benchmark results are improved by 6.96% for arm64 and 7.79% for x86_64.
>
> Thank you @jnimeh for catching the unnecessary byte mask!
src/java.base/share/classes/com/sun/crypto/provider/AES_Crypt.java line 986:
> 984: int idx = kLen - widx;
> 985:
> 986: dw[idx] = TMI0[w[widx] >>> 24] ^ TMI1[(w[widx] >> 16) & 0xFF]
Do you think there would be any benefit to putting w[widx] through w[widx+3] on local int variables? In some cases I've seen where that increases register pressure and can lead to some perf benefits. I'm not sure if this is one of those cases but it seems like you'd only need to reference memory once instead of 4 times per assignment.
src/java.base/share/classes/com/sun/crypto/provider/AES_Crypt.java line 1011:
> 1009: */
> 1010: private static int subWord(int word) {
> 1011: byte b0 = (byte) (word >>> 24);
Nits (unrelated to this block of code, but I can't put comments on the lines directly since they're not part of the modified code):
- Lines 37-43: I think you could do an `@link` annotation with <a href></a> surrounding the links.
- Lines 1004-1005: Looks like a bit of comment rot, I think you just need an `@param` for `word`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28188#discussion_r2504680092
PR Review Comment: https://git.openjdk.org/jdk/pull/28188#discussion_r2504700496
More information about the security-dev
mailing list