8273297: AES/GCM non-AVX512+VAES CPUs suffer after 8267125

Reviewed-by: ascarpino, sviswanathan, aph
2025-08-26 22:34:27 +02:00 · 2021-09-24 19:21:32 +00:00 · 2021-09-24 19:21:32 +00:00 · 13e9ea9e92
commit 13e9ea9e92
parent 753b25633b
16 changed files with 114 additions and 56 deletions
--- a/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
@ -86,7 +86,9 @@ abstract class GaloisCounterMode extends CipherSpi {
    // data size when buffer is divided up to aid in intrinsics
    private static final int TRIGGERLEN = 65536;  // 64k
    // x86-64 parallel intrinsic data size
-    private static final int PARALLEL_LEN = 768;
+    private static final int PARALLEL_LEN = 8192;
+    // max data size for x86-64 intrinsic
+    private static final int SPLIT_LEN = 1048576;  // 1MB

    static final byte[] EMPTY_BUF = new byte[0];

@ -570,6 +572,28 @@ abstract class GaloisCounterMode extends CipherSpi {
        return j0;
    }

+    // Wrapper function around AES-GCM interleaved intrinsic that splits
+    // large chunks of data into 1MB sized chunks. This is to place
+    // an upper limit on the number of blocks encrypted in the intrinsic.
+    private static int implGCMCrypt(byte[] in, int inOfs, int inLen, byte[] ct,
+                                    int ctOfs, byte[] out, int outOfs,
+                                    GCTR gctr, GHASH ghash) {
+
+        int len = 0;
+        if (inLen > SPLIT_LEN) {
+            while (inLen >= SPLIT_LEN) {
+                int partlen = implGCMCrypt0(in, inOfs + len, SPLIT_LEN, ct,
+                    ctOfs + len, out, outOfs + len, gctr, ghash);
+                len += partlen;
+                inLen -= partlen;
+            }
+        }
+        if (inLen > 0) {
+            len += implGCMCrypt0(in, inOfs + len, inLen, ct,
+                   ctOfs + len, out, outOfs + len, gctr, ghash);
+        }
+        return len;
+    }
    /**
     * Intrinsic for Vector AES Galois Counter Mode implementation.
     * AES and GHASH operations are interleaved in the intrinsic implementation.
@ -590,7 +614,7 @@ abstract class GaloisCounterMode extends CipherSpi {
     * @return number of processed bytes
     */
    @IntrinsicCandidate
-    private static int implGCMCrypt(byte[] in, int inOfs, int inLen,
+    private static int implGCMCrypt0(byte[] in, int inOfs, int inLen,
        byte[] ct, int ctOfs, byte[] out, int outOfs,
        GCTR gctr, GHASH ghash) {