From 7c7523d9686f9369c218246631551058093009c1 Mon Sep 17 00:00:00 2001 From: Vinnie Ryan Date: Mon, 13 Feb 2012 14:26:25 +0000 Subject: [PATCH] 7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done Reviewed-by: xuelei, wetmore --- .../classes/sun/security/pkcs/PKCS7.java | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/jdk/src/share/classes/sun/security/pkcs/PKCS7.java b/jdk/src/share/classes/sun/security/pkcs/PKCS7.java index a3198784729..657842c0017 100644 --- a/jdk/src/share/classes/sun/security/pkcs/PKCS7.java +++ b/jdk/src/share/classes/sun/security/pkcs/PKCS7.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -72,16 +72,19 @@ public class PKCS7 { /* * Random number generator for creating nonce values + * (Lazy initialization) */ - private static final SecureRandom RANDOM; - static { - SecureRandom tmp = null; - try { - tmp = SecureRandom.getInstance("SHA1PRNG"); - } catch (NoSuchAlgorithmException e) { - // should not happen + private static class SecureRandomHolder { + static final SecureRandom RANDOM; + static { + SecureRandom tmp = null; + try { + tmp = SecureRandom.getInstance("SHA1PRNG"); + } catch (NoSuchAlgorithmException e) { + // should not happen + } + RANDOM = tmp; } - RANDOM = tmp; } /* @@ -862,8 +865,8 @@ public class PKCS7 { // Generate a nonce BigInteger nonce = null; - if (RANDOM != null) { - nonce = new BigInteger(64, RANDOM); + if (SecureRandomHolder.RANDOM != null) { + nonce = new BigInteger(64, SecureRandomHolder.RANDOM); tsQuery.setNonce(nonce); } tsQuery.requestCertificate(true);