RFR: 8267319: Use larger default key sizes and algorithms based on CNSA [v7]

Valerie Peng valeriep at openjdk.java.net
Wed Mar 23 22:02:49 UTC 2022


On Wed, 23 Mar 2022 21:51:51 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> My very first prototype is to implement the AES keysize calculation as you commented, i.e. in the static block and use an int for DEF_AES_KEY_SIZE. However, it is later discovered through testing that this leads to deadlocks as this interferes with provider loading. Given that AES key size is just a small piece of the whole puzzle, it seems safer to defer this to a later point when it's actually needed rather than touching the whole provider loading logic just to make this a static int. Performance-wise, this is a very small piece, generally should just be the AtomicInteger.get().
>
> I see.
> 
> Would you mind add a comment about the provider loading impact, just in case someone else have similar questions in the future?

Sure, I can do that. Will add a comment about this.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7652



More information about the security-dev mailing list