RFR: 8260274: Cipher.init(int, key) does not use highest priority provider for random bytes [v3]
Valerie Peng
valeriep at openjdk.java.net
Thu Mar 18 01:30:49 UTC 2021
On Wed, 17 Mar 2021 20:49:41 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Fixed a null race condition
>
> src/java.base/share/classes/sun/security/jca/JCAUtil.java line 86:
>
>> 84: SecureRandom result = def;
>> 85: if (result == null) {
>> 86: synchronized (JCAUtil.class) {
>
> Could this lock be avoided if set the value in the Providers update (or when the providers list is updated)?
Well, then we have to pay the cost of "new SecureRandom()" at every provider list update when it may not be needed. It's hard to say which way is better... I thought about it and it seems more reasonable to only pay the cost when the SecureRandom object is needed.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3018
More information about the security-dev
mailing list