In src/java.base/share/classes/sun/security/rsa/RSACore.java:
353 BlindingParameters(BigInteger e, BigInteger d, BigInteger n) {
354 this.u = null;
355 this.v = null;
356 this.e = e;
357 this.d = d;
358
359 int len = n.bitLength();
** 360 SecureRandom random = JCAUtil.getSecureRandom();
361 u = new BigInteger(len, random).mod(n);Here, it is not using the SecureRandom passed into init() of either Signature or Cipher. Is this a bug we should fix? Thanks Max
