> 12 bytes is the recommended size for GCM per NIST SP 800-38D: > > For IVs, it is recommended that implementations restrict support to the > length of 96 bits, to > promote interoperability, efficiency, and simplicity of design.` > > Larger IV size requires an extra hashing step (GHASH). Currently we have it > set to 16 bytes.
Artur Barashev has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision: - Make GCM IV a constant. Update copyright year. - Merge branch 'master' into JDK-8374317 - 8374317: Change GCM IV size to 12 bytes when encrypting/decrypting TLS session ticket ------------- Changes: - all: https://git.openjdk.org/jdk/pull/28971/files - new: https://git.openjdk.org/jdk/pull/28971/files/72921697..31f7362c Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=28971&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28971&range=00-01 Stats: 77800 lines in 1632 files changed: 49160 ins; 19561 del; 9079 mod Patch: https://git.openjdk.org/jdk/pull/28971.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/28971/head:pull/28971 PR: https://git.openjdk.org/jdk/pull/28971
