[security-dev 00718]: Review request for 6819110
Mandy Chung
Mandy.Chung at Sun.COM
Wed Mar 25 20:33:48 UTC 2009
6819110: Lazily load Sun digest provider for jar verification
Webrev at:
http://cr.openjdk.java.net/~mchung/6819110/webrev.00/
Details:
ManifestEntryVerifier's static initializer calls
sun.security.jce.Providers.getSunProvider() that loads and initializes
several security classes which are not nnecessarily needed when security
manager is not enabled. The fix is to call Providers.getSunProvider()
when instantiating the MessageDigest object.
One question:
Providers.getSunProvider() method is called by
sun.security.util.ManifestEntryVerifier and
java.security.SecureRandom. Two different Provider instances will be
created if the SecureRandom is used by the application. Is there
performance gain (CPU time and memory) that worths caching the provider
object for both callers?
Thanks
Mandy
More information about the security-dev
mailing list