RFR: 8260274: Cipher.init(int, key) does not use highest priority provider for random bytes

Anthony Scarpino ascarpino at openjdk.java.net
Mon Mar 15 21:34:08 UTC 2021

On Mon, 15 Mar 2021 21:05:36 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/jca/JCAUtil.java line 62:
>>> 60:         private static SecureRandom instance = new SecureRandom();
>>> 61:         public static SecureRandom instance(boolean checkConfig) {
>>> 62:             synchronized (CachedSecureRandomHolder.class) {
>> Is there a performance regression because of this synchronization?
> It depends, this may not be a "hot area" where there is a lot of contention? Or do you feel maybe we should just go with the slower "new SecureRandom()" call for each affected class? I am on the fence actually.

Since 5 classes have init() calls that would be acquiring this lock, something that could be independent would be better.  Calling "new SecureRandom()" may or may not be better, but hope it wouldn't lock over operations during creation.

I'm just throwing out an idea:
Can the provider index number be verify in the list each time?

Better yet, maybe a way to have this triggered each time a provider is added or removed from the list?


PR: https://git.openjdk.java.net/jdk/pull/3018

More information about the security-dev mailing list