8293858: Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG

Backport-of: 2157145766f9789ade0940e9ae1715a3b74d508b

Author: GoeLin

src/java.base/share/classes/sun/security/pkcs/PKCS7.java

@@ -37,6 +37,7 @@
 import java.security.*;
 import java.util.function.Function;
 
+import sun.security.jca.JCAUtil;
 import sun.security.provider.SHAKE256;
 import sun.security.timestamp.*;
 import sun.security.util.*;
@@ -67,23 +68,6 @@ public class PKCS7 {
 
     private Principal[] certIssuerNames;
 
-    /*
-     * Random number generator for creating nonce values
-     * (Lazy initialization)
-     */
-    private static class SecureRandomHolder {
-        static final SecureRandom RANDOM;
-        static {
-            SecureRandom tmp = null;
-            try {
-                tmp = SecureRandom.getInstance("SHA1PRNG");
-            } catch (NoSuchAlgorithmException e) {
-                // should not happen
-            }
-            RANDOM = tmp;
-        }
-    }
-
     /**
      * Unmarshals a PKCS7 block from its encoded form, parsing the
      * encoded bytes from the InputStream.
@@ -1027,11 +1011,9 @@ public static byte[] generateTimestampToken(Timestamper tsa,
         }
 
         // Generate a nonce
-        BigInteger nonce = null;
-        if (SecureRandomHolder.RANDOM != null) {
-            nonce = new BigInteger(64, SecureRandomHolder.RANDOM);
-            tsQuery.setNonce(nonce);
-        }
+        BigInteger nonce = new BigInteger(64, JCAUtil.getDefSecureRandom());
+        tsQuery.setNonce(nonce);
+
         tsQuery.requestCertificate(true);
 
         TSResponse tsReply = tsa.generateTimestamp(tsQuery);