8293858: Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG

Reviewed-by: weijun, xuelei
2022-10-27 17:30:11 +00:00 · 2022-10-27 17:30:11 +00:00 · 2157145766
commit 2157145766
parent b8ad6cd98a
1 changed files with 4 additions and 22 deletions
--- a/src/java.base/share/classes/sun/security/pkcs/PKCS7.java
+++ b/src/java.base/share/classes/sun/security/pkcs/PKCS7.java
@ -37,6 +37,7 @@ import java.security.cert.CertificateFactory;
 import java.security.*;
 import java.util.function.Function;

+import sun.security.jca.JCAUtil;
 import sun.security.provider.SHAKE256;
 import sun.security.timestamp.*;
 import sun.security.util.*;
@ -65,23 +66,6 @@ public class PKCS7 {

    private Principal[] certIssuerNames;

-    /*
-     * Random number generator for creating nonce values
-     * (Lazy initialization)
-     */
-    private static class SecureRandomHolder {
-        static final SecureRandom RANDOM;
-        static {
-            SecureRandom tmp = null;
-            try {
-                tmp = SecureRandom.getInstance("SHA1PRNG");
-            } catch (NoSuchAlgorithmException e) {
-                // should not happen
-            }
-            RANDOM = tmp;
-        }
-    }
-
    /**
     * Unmarshals a PKCS7 block from its encoded form, parsing the
     * encoded bytes from the InputStream.
@ -1017,11 +1001,9 @@ public class PKCS7 {
        }

        // Generate a nonce
-        BigInteger nonce = null;
-        if (SecureRandomHolder.RANDOM != null) {
-            nonce = new BigInteger(64, SecureRandomHolder.RANDOM);
-            tsQuery.setNonce(nonce);
-        }
+        BigInteger nonce = new BigInteger(64, JCAUtil.getDefSecureRandom());
+        tsQuery.setNonce(nonce);
+
        tsQuery.requestCertificate(true);

        TSResponse tsReply = tsa.generateTimestamp(tsQuery);