Code review request: 7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done

Vincent Ryan vincent.x.ryan at oracle.com
Wed Feb 8 03:42:58 PST 2012


Thanks for your review.

On 02/ 8/12 09:35 AM, Xuelei Fan wrote:
> Looks fine to me.
> 
> Interesting fix that making use of the class loading priorities.
> 
> Xuelei
> 
> On 2/8/2012 5:18 PM, Vincent Ryan wrote:
>> Please review the following change:
>>   http://cr.openjdk.java.net/~vinnie/7142339/webrev.00/
>>
>> for http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7142339
>>
>> It employs lazy initialization to avoid the overhead of creating a secure
>> random number generator in code that never uses signature timestamping.
>>
>> Thanks.
> 




More information about the security-dev mailing list