Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P4
Fix Version/s: 23
Affects Version/s: 17, 21, 22
Component/s: security-libs
Labels:

Subcomponent:
java.security
Resolved In Build:
b10

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8329554	22.0.2	Oli Gillespie	P4	Resolved	Fixed	b02
JDK-8328523	21.0.4	Oli Gillespie	P4	Resolved	Fixed	b01
JDK-8333439	17.0.13	Oli Gillespie	P4	Resolved	Fixed	b01

Creating a new SecureRandom ends up calling `Class.forName(cap.constructorParameterClassName)`
where `constructorParameterClassName` is `java.security.SecureRandomParameters`. Doing this repeatedly is a waste of time/resources.

We can cache this lookup in EngineDescription itself. This covers not just SecureRandom, but also a few other Providers which take params (like CertStore).

In my experience, `new SecureRandom()` can be on an application's hot path. Users are reluctant to pool or share instances for fear of security and/or concurrency issues, plus more complex code.

backported by

JDK-8328523 Avoid Class.forName in SecureRandom constructor

Resolved

JDK-8329554 Avoid Class.forName in SecureRandom constructor

Resolved

JDK-8333439 Avoid Class.forName in SecureRandom constructor

Resolved

relates to

JDK-8324648 Avoid NoSuchMethodError when instantiating NativePRNG

Resolved

links to

Commit openjdk/jdk17u-dev/1ce0c635

Commit openjdk/jdk21u-dev/eaa8ed99

Commit openjdk/jdk22u/5cb863d2

Commit openjdk/jdk/8ef918d6

Review openjdk/jdk17u-dev/2310

Review openjdk/jdk21u-dev/258

Review openjdk/jdk22u/98

Review openjdk/jdk/17559

(7 links to)

Assignee:: Oli Gillespie

Reporter:: Oli Gillespie

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024-01-24 07:06

Updated:: 2024-06-03 07:32

Resolved:: 2024-02-09 06:41

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates