Skip to content
Permalink
Browse files
8260274: Cipher.init(int, key) does not use highest priority provider…
… for random bytes

Reviewed-by: ascarpino, xuelei
  • Loading branch information
Valerie Peng committed Mar 18, 2021
1 parent 6aa28b3 commit 434a399bea4b116f14df963a5f5045608956a772
Show file tree
Hide file tree
Showing 8 changed files with 243 additions and 19 deletions.
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -309,7 +309,7 @@ public final Provider getProvider() {
* @param size the size (number of bits).
*/
public final void init(int size) {
paramGenSpi.engineInit(size, JCAUtil.getSecureRandom());
paramGenSpi.engineInit(size, JCAUtil.getDefSecureRandom());
}

/**
@@ -340,7 +340,7 @@ public final void init(int size, SecureRandom random) {
*/
public final void init(AlgorithmParameterSpec genParamSpec)
throws InvalidAlgorithmParameterException {
paramGenSpi.engineInit(genParamSpec, JCAUtil.getSecureRandom());
paramGenSpi.engineInit(genParamSpec, JCAUtil.getDefSecureRandom());
}

/**
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -373,7 +373,7 @@ void disableFailover() {
* supported by this KeyPairGenerator object.
*/
public void initialize(int keysize) {
initialize(keysize, JCAUtil.getSecureRandom());
initialize(keysize, JCAUtil.getDefSecureRandom());
}

/**
@@ -433,7 +433,7 @@ public void initialize(int keysize, SecureRandom random) {
*/
public void initialize(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException {
initialize(params, JCAUtil.getSecureRandom());
initialize(params, JCAUtil.getDefSecureRandom());
}

/**
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1233,7 +1233,7 @@ private static void checkOpmode(int opmode) {
* by the underlying {@code CipherSpi}.
*/
public final void init(int opmode, Key key) throws InvalidKeyException {
init(opmode, key, JCAUtil.getSecureRandom());
init(opmode, key, JCAUtil.getDefSecureRandom());
}

/**
@@ -1372,7 +1372,7 @@ public final void init(int opmode, Key key, SecureRandom random)
public final void init(int opmode, Key key, AlgorithmParameterSpec params)
throws InvalidKeyException, InvalidAlgorithmParameterException
{
init(opmode, key, params, JCAUtil.getSecureRandom());
init(opmode, key, params, JCAUtil.getDefSecureRandom());
}

/**
@@ -1513,7 +1513,7 @@ public final void init(int opmode, Key key, AlgorithmParameterSpec params,
public final void init(int opmode, Key key, AlgorithmParameters params)
throws InvalidKeyException, InvalidAlgorithmParameterException
{
init(opmode, key, params, JCAUtil.getSecureRandom());
init(opmode, key, params, JCAUtil.getDefSecureRandom());
}

/**
@@ -1659,7 +1659,7 @@ public final void init(int opmode, Key key, AlgorithmParameters params,
public final void init(int opmode, Certificate certificate)
throws InvalidKeyException
{
init(opmode, certificate, JCAUtil.getSecureRandom());
init(opmode, certificate, JCAUtil.getDefSecureRandom());
}

/**
@@ -448,7 +448,7 @@ public final Provider getProvider() {
* has an incompatible algorithm type.
*/
public final void init(Key key) throws InvalidKeyException {
init(key, JCAUtil.getSecureRandom());
init(key, JCAUtil.getDefSecureRandom());
}

/**
@@ -516,7 +516,7 @@ public final void init(Key key, SecureRandom random)
public final void init(Key key, AlgorithmParameterSpec params)
throws InvalidKeyException, InvalidAlgorithmParameterException
{
init(key, params, JCAUtil.getSecureRandom());
init(key, params, JCAUtil.getDefSecureRandom());
}

private String getProviderName() {
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -449,7 +449,7 @@ public final void init(SecureRandom random) {
public final void init(AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException
{
init(params, JCAUtil.getSecureRandom());
init(params, JCAUtil.getDefSecureRandom());
}

/**
@@ -513,7 +513,7 @@ public final void init(AlgorithmParameterSpec params, SecureRandom random)
* supported.
*/
public final void init(int keysize) {
init(keysize, JCAUtil.getSecureRandom());
init(keysize, JCAUtil.getDefSecureRandom());
}

/**
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,6 @@
package sun.security.jca;

import java.lang.ref.*;

import java.security.*;

/**
@@ -59,6 +58,8 @@ private static class CachedSecureRandomHolder {
public static SecureRandom instance = new SecureRandom();
}

private static volatile SecureRandom def = null;

/**
* Get a SecureRandom instance. This method should be used by JDK
* internal code in favor of calling "new SecureRandom()". That needs to
@@ -69,4 +70,27 @@ public static SecureRandom getSecureRandom() {
return CachedSecureRandomHolder.instance;
}

// called by sun.security.jca.Providers class when provider list is changed
static void clearDefSecureRandom() {
def = null;
}

/**
* Get the default SecureRandom instance. This method is the
* optimized version of "new SecureRandom()" which re-uses the default
* SecureRandom impl if the provider table is the same.
*/
public static SecureRandom getDefSecureRandom() {
SecureRandom result = def;
if (result == null) {
synchronized (JCAUtil.class) {
result = def;
if (result == null) {
def = result = new SecureRandom();
}
}
}
return result;

}
}
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -150,6 +150,7 @@ public static void setProviderList(ProviderList newList) {
} else {
changeThreadProviderList(newList);
}
JCAUtil.clearDefSecureRandom();
}

/**

0 comments on commit 434a399

Please sign in to comment.