Integrated: 8273297: AES/GCM non-AVX512+VAES CPUs suffer after 8267125

Smita Kamath svkamath at
Fri Sep 24 19:25:57 UTC 2021

On Tue, 7 Sep 2021 22:31:30 GMT, Smita Kamath <svkamath at> wrote:

> Performance dropped up to 10% for 1k data after 8267125 for CPUs that do not support the new intrinsic. Tests run were crypto.full.AESGCMBench and crypto.full.AESGCMByteBuffer from the jmh micro benchmarks.
> The problem is each instance of GHASH allocates 96 extra longs for the AVX512+VAES intrinsic regardless if the intrinsic is used. This extra table space should be allocated differently so that non-supporting CPUs do not suffer this penalty. This issue also affects non-Intel CPUs too.

This pull request has now been integrated.

Changeset: 13e9ea9e
Author:    Smita Kamath <svkamath at>
Committer: Anthony Scarpino <ascarpino at>
Stats:     116 lines in 16 files changed: 60 ins; 2 del; 54 mod

8273297: AES/GCM non-AVX512+VAES CPUs suffer after 8267125

Reviewed-by: ascarpino, sviswanathan, aph



More information about the security-dev mailing list