RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v7]

Valerie Peng valeriep at openjdk.java.net
Wed Mar 23 20:49:53 UTC 2022


On Wed, 23 Mar 2022 04:46:48 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Minor code refactoring
>
> src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java line 129:
> 
>> 127:         return currVal;
>> 128:     }
>> 129: 
> 
> I'm not very sure of this method.  Is it performance friendly if making the default key size calculation in the static block (from line 142 to the end of the file)?  Then, the DEF_AES_KEY_SIZE could be a public primitive int.
> 
> Or did I miss something?

My very first prototype is to implement the AES keysize calculation as you commented, i.e. in the static block and use an int for DEF_AES_KEY_SIZE. However, it is later discovered through testing that this leads to deadlocks as this interferes with provider loading. Given that AES key size is just a small piece of the whole puzzle, it seems safer to defer this to a later point when it's actually needed rather than touching the whole provider loading logic just to make this a static int. Performance-wise, this is a very small piece, generally should just be the AtomicInteger.get().

-------------

PR: https://git.openjdk.java.net/jdk/pull/7652



More information about the security-dev mailing list