RFR: 8260274: Cipher.init(int, key) does not use highest priority provider for random bytes [v3]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Thu Mar 18 02:00:50 UTC 2021
On Thu, 18 Mar 2021 01:27:26 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/jca/JCAUtil.java line 86:
>>
>>> 84: SecureRandom result = def;
>>> 85: if (result == null) {
>>> 86: synchronized (JCAUtil.class) {
>>
>> Could this lock be avoided if set the value in the Providers update (or when the providers list is updated)?
>
> Well, then we have to pay the cost of "new SecureRandom()" at every provider list update when it may not be needed. It's hard to say which way is better... I thought about it and it seems more reasonable to only pay the cost when the SecureRandom object is needed.
It makes sense to me.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3018
More information about the security-dev
mailing list