RFR: 8260274: Cipher.init(int, key) does not use highest priority provider for random bytes

Valerie Peng valeriep at openjdk.java.net
Mon Mar 15 21:08:09 UTC 2021


On Mon, 15 Mar 2021 20:55:24 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Can someone help review this somewhat trivial change?
>> 
>> Updated JCAUtil class to return the cached SecureRandom object only when the provider configuration has not changed. 
>> Added a regression test to check the affected classes, i.e. AlgorithmParameterGenerator, KeyPairGenerator, Cipher, KeyAgreement, KeyGenerator. 
>> 
>> Thanks,
>> Valerie
>
> src/java.base/share/classes/sun/security/jca/JCAUtil.java line 62:
> 
>> 60:         private static SecureRandom instance = new SecureRandom();
>> 61:         public static SecureRandom instance(boolean checkConfig) {
>> 62:             synchronized (CachedSecureRandomHolder.class) {
> 
> Is there a performance regression because of this synchronization?

It depends, this may not be a "hot area" where there is a lot of contention? Or do you feel maybe we should just go with the slower "new SecureRandom()" call for each affected class? I am on the fence actually.

-------------

PR: https://git.openjdk.java.net/jdk/pull/3018


More information about the security-dev mailing list