[16] RFR JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when using Entrust provider
Valerie Peng
valerie.peng at oracle.com
Tue Aug 18 21:43:15 UTC 2020
Using a shared instance is surely faster. However, the API specified
that the most preferred SecureRandom impl will be used. To ensure this
for all scenarios, creating default SecureRandom obj will provide
correct result but shared instance may not. Apps can call other init
functions which takes SecureRandom objects to avoid this default
SecureRandom obj creation if needed.
Valerie
On 8/18/2020 2:10 PM, Xuelei Fan wrote:
> Is there any performance impact?
>
> Xuelei
>
> On 8/18/2020 12:51 PM, Valerie Peng wrote:
>>
>> Anyone has cycles to review this somewhat trivial changes?
>> JceSecurity has this shared SecureRandom instance which may lead to
>> NPE when certain 3rd party JCE provider is set as most preferred.
>> Removing this shared instance and change to create default
>> SecureRandom obj when needed.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8246383
>>
>> Webrev: http://cr.openjdk.java.net/~valeriep/8246383/webrev.00/
>>
>> Thanks,
>> Valerie
More information about the security-dev
mailing list