RFR: 8376164: Optimize AES/ECB/PKCS5Padding implementation using full-message intrinsic stub and parallel RoundKey addition [v3]

xinyangwu duke at openjdk.org
Tue Feb 24 02:09:45 UTC 2026 

> ### Summary
> This PR introduces a parallel intrinsic for AES/ECB operations to replace the current per-block processing approach, reducing native call overhead and improving throughput for multi-block operations.
> ### Problem
> Except supporting AVX512, The existing AES/ECB/PKCS5Padding implementation suffers from three major performance issues:
> 1. Excessive stub call overhead: Each 16-byte block requires a separate intrinsic call, resulting in high invocation frequency
> 
> 2. Inefficient instruction-level parallelism: The serialized block processing fails to fully utilize instruction-level parallelism
> 
> 3. Redundant setup/teardown: Repeated initialization of encryption state for each block
> ### Changes
> Added parallel AES intrinsic implementation
> ### Testing
> JMH benchmarks
> 
> It can bring about a **37.43%** performance improvement.
> 
> On a Intel(R) Core(TM) i9-14900HX CPU machine with origin implements:
> 
> 
> Benchmark     Mode  Cnt      Score    Error  Units
> AesTest.test  avgt    5  11518.846 ± 68.621  ns/op
> 
> 
> On the same machine with optimized implements:
> 
> 
> Benchmark     Mode  Cnt     Score    Error  Units
> AesTest.test  avgt    5  8381.499 ± 57.751  ns/op
> 
> 
> All Tier-1 tests pass on linux-x64. This modification does not involve changing the encryption or decryption logic.

xinyangwu has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:

 - Merge branch 'openjdk:master' into aes
 - Merge branch 'openjdk:master' into aes
 - 8376164: Optimize AES/ECB/PKCS5Padding with parallel intrinsic

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/29385/files
  - new: https://git.openjdk.org/jdk/pull/29385/files/db7cf182..d6675c72

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=29385&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=29385&range=01-02

  Stats: 499605 lines in 976 files changed: 251713 ins; 241732 del; 6160 mod
  Patch: https://git.openjdk.org/jdk/pull/29385.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/29385/head:pull/29385

PR: https://git.openjdk.org/jdk/pull/29385

More information about the security-dev mailing list