It should be possible to get a noticeable improvement in the performance of some of the crypto code by adding a few intrinsics:
(1) unsigned integer to long conversion. (i & 0xffffffffL) to zero-extend integers to longs.
(2) multiplication u32 * u32 -> u64. (a & 0xffffffffL) * (b & 0xffffffffL)
(3) divide and remainder: u64 / u32 -> u32, u64 % u32 -> u32. Because Java does not have unsigned arithmetic, this currently has to be emulated using several lines of Java code, see MutableBigInteger.divideOneWord and divWord.
(4) 32 bit rotate. (a >>> r) | (a << (32 - r))
Methods for (1)-(3) will probably we defined as part of 4504839, for (4) with 4495754. If that does not happen, I would suggest defining internal APIs for this.
BigInteger and our crypto implementations would need to be modified to use those new methods, but that should be trivial.
The same RFE has been filed against C2 as JDK-4850191.