[16] RFR JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when using Entrust provider

Valerie Peng valerie.peng at oracle.com
Tue Aug 18 21:43:15 UTC 2020

Using a shared instance is surely faster. However, the API specified 
that the most preferred SecureRandom impl will be used. To ensure this 
for all scenarios, creating default SecureRandom obj will provide 
correct result but shared instance may not. Apps can call other init 
functions which takes SecureRandom objects to avoid this default 
SecureRandom obj creation if needed.


On 8/18/2020 2:10 PM, Xuelei Fan wrote:
> Is there any performance impact?
> Xuelei
> On 8/18/2020 12:51 PM, Valerie Peng wrote:
>> Anyone has cycles to review this somewhat trivial changes? 
>> JceSecurity has this shared SecureRandom instance which may lead to 
>> NPE when certain 3rd party JCE provider is set as most preferred. 
>> Removing this shared instance and change to create default 
>> SecureRandom obj when needed.
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8246383
>> Webrev: http://cr.openjdk.java.net/~valeriep/8246383/webrev.00/
>> Thanks,
>> Valerie

More information about the security-dev mailing list