stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done

Browse Source 
Reviewed-by: xuelei, wetmore
This commit is contained in:
Vinnie Ryan 2012-02-13 14:26:25 +00:00
parent c750a3e42c
commit 7c7523d968
1 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
jdk/src/share/classes/sun/security/pkcs/PKCS7.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -72,8 +72,10 @@ public class PKCS7 {
/* /*
* Random number generator for creating nonce values * Random number generator for creating nonce values
* (Lazy initialization)
*/ */
private static final SecureRandom RANDOM; private static class SecureRandomHolder {
static final SecureRandom RANDOM;
static { static {
SecureRandom tmp = null; SecureRandom tmp = null;
try { try {
@ -83,6 +85,7 @@ public class PKCS7 {
} }
RANDOM = tmp; RANDOM = tmp;
} }
}
/* /*
* Object identifier for the timestamping key purpose. * Object identifier for the timestamping key purpose.
@ -862,8 +865,8 @@ public class PKCS7 {
// Generate a nonce // Generate a nonce
BigInteger nonce = null; BigInteger nonce = null;
if (RANDOM != null) { if (SecureRandomHolder.RANDOM != null) {
nonce = new BigInteger(64, RANDOM); nonce = new BigInteger(64, SecureRandomHolder.RANDOM);
tsQuery.setNonce(nonce); tsQuery.setNonce(nonce);
} }
tsQuery.requestCertificate(true); tsQuery.requestCertificate(true);