RFR: 8260274: Cipher.init(int, key) does not use highest priority provider for random bytes
Valerie Peng
valeriep at openjdk.java.net
Mon Mar 15 21:08:09 UTC 2021
On Mon, 15 Mar 2021 20:55:24 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Can someone help review this somewhat trivial change?
>>
>> Updated JCAUtil class to return the cached SecureRandom object only when the provider configuration has not changed.
>> Added a regression test to check the affected classes, i.e. AlgorithmParameterGenerator, KeyPairGenerator, Cipher, KeyAgreement, KeyGenerator.
>>
>> Thanks,
>> Valerie
>
> src/java.base/share/classes/sun/security/jca/JCAUtil.java line 62:
>
>> 60: private static SecureRandom instance = new SecureRandom();
>> 61: public static SecureRandom instance(boolean checkConfig) {
>> 62: synchronized (CachedSecureRandomHolder.class) {
>
> Is there a performance regression because of this synchronization?
It depends, this may not be a "hot area" where there is a lot of contention? Or do you feel maybe we should just go with the slower "new SecureRandom()" call for each affected class? I am on the fence actually.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3018
More information about the security-dev
mailing list