RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v7]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Wed Mar 23 21:54:46 UTC 2022


On Wed, 23 Mar 2022 20:45:22 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java line 129:
>> 
>>> 127:         return currVal;
>>> 128:     }
>>> 129: 
>> 
>> I'm not very sure of this method.  Is it performance friendly if making the default key size calculation in the static block (from line 142 to the end of the file)?  Then, the DEF_AES_KEY_SIZE could be a public primitive int.
>> 
>> Or did I miss something?
>
> My very first prototype is to implement the AES keysize calculation as you commented, i.e. in the static block and use an int for DEF_AES_KEY_SIZE. However, it is later discovered through testing that this leads to deadlocks as this interferes with provider loading. Given that AES key size is just a small piece of the whole puzzle, it seems safer to defer this to a later point when it's actually needed rather than touching the whole provider loading logic just to make this a static int. Performance-wise, this is a very small piece, generally should just be the AtomicInteger.get().

I see.

Would you mind add a comment about the provider loading impact, just in case someone else have similar questions in the future?

-------------

PR: https://git.openjdk.java.net/jdk/pull/7652



More information about the security-dev mailing list