RFR: 8376164: Optimize AES/ECB/PKCS5Padding implementation using full-message intrinsic stub and parallel RoundKey addition [v7]

xinyangwu duke at openjdk.org
Fri Feb 27 12:55:51 UTC 2026 

> ### Summary
> This PR introduces a parallel intrinsic for AES/ECB operations to replace the current per-block processing approach, reducing native call overhead and improving throughput for multi-block operations.
> ### Problem
> Except supporting AVX512, The existing AES/ECB/PKCS5Padding implementation suffers from three major performance issues:
> 1. Excessive stub call overhead: Each 16-byte block requires a separate intrinsic call, resulting in high invocation frequency
> 
> 2. Inefficient instruction-level parallelism: The serialized block processing fails to fully utilize instruction-level parallelism
> 
> 3. Redundant setup/teardown: Repeated initialization of encryption state for each block
> ### Changes
> Added parallel AES intrinsic implementation
> ### Testing
> JMH benchmarks
> 
> It can bring about a **37.43%** performance improvement.
> 
> On a Intel(R) Core(TM) i9-14900HX CPU machine with origin implements:
> 
> 
> Benchmark     Mode  Cnt      Score    Error  Units
> AesTest.test  avgt    5  11518.846 ± 68.621  ns/op
> 
> 
> On the same machine with optimized implements:
> 
> 
> Benchmark     Mode  Cnt     Score    Error  Units
> AesTest.test  avgt    5  8381.499 ± 57.751  ns/op
> 
> 
> All Tier-1 tests pass on linux-x64. This modification does not involve changing the encryption or decryption logic.

xinyangwu has updated the pull request incrementally with one additional commit since the last revision:

  8376164: Optimize AES/ECB/PKCS5Padding implementation using full-message intrinsic stub and parallel RoundKey addition

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/29385/files
  - new: https://git.openjdk.org/jdk/pull/29385/files/8de87fa1..c1b9d302

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=29385&range=06
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=29385&range=05-06

  Stats: 36 lines in 1 file changed: 0 ins; 32 del; 4 mod
  Patch: https://git.openjdk.org/jdk/pull/29385.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/29385/head:pull/29385

PR: https://git.openjdk.org/jdk/pull/29385

More information about the security-dev mailing list