RFR: 8260274: Cipher.init(int, key) does not use highest priority provider for random bytes [v2]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Wed Mar 17 20:44:49 UTC 2021
On Wed, 17 Mar 2021 19:55:13 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> To minimize the impact, I leave the JCAUtil.getSecureRandom() impl as is. I suppose this is more for JDK internal code which is not required to use the most preferred SecureRandom impl. There are quite a few callers to this method and I feel it's better to leave them out of this change.
The internal use may be just to avoid to create new instances of SecureRandom. Those use may need to use the latest updated secure random provider as well, for example the use in DSA key pair generation (DSAKeyPairGenerator.java).
With this update, I think the performance impact should be minimal and we may be able to have a uniform behavior no matter internal or external uses.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3018
More information about the security-dev
mailing list