Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6943352

SSL regression: RSAClientKeyExchange fails to pass securerandom arg to KeyGen

    Details

    • Subcomponent:
    • Resolved In Build:
      b123
    • CPU:
      x86
    • OS:
      windows_xp
    • Verification:
      Verified

      Backports

        Description

        FULL PRODUCT VERSION :
        java version "1.6.0_19"
        Java(TM) SE Runtime Environment (build 1.6.0_19-b04)
        Java HotSpot(TM) Client VM (build 16.2-b04, mixed mode, sharing)

        ADDITIONAL OS VERSION INFORMATION :
        applies to all OSes
        Microsoft Windows XP [Version 5.1.2600]

        A DESCRIPTION OF THE PROBLEM :
        The RSAClientKeyExchange constructor used with SSL initiation has a SecureRandom argument, but fails to pass this SecureRandom to the KeyGenerator.init() method. As a result, a different SecureRandom is created and used by the KeyGenerator. Using a different SecureRandom could have performance and security implications.

        This regression was introduced between java 5 and java 6.


        REPRODUCIBILITY :
        This bug can be reproduced always.

        Release Regression From : 5
        The above release value was the last known release where this
        bug was not reproducible. Since then there has been a regression.

        Release Regression From : 5
        The above release value was the last known release where this
        bug was not reproducible. Since then there has been a regression.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  weijun Weijun Wang
                  Reporter:
                  ndcosta Nelson Dcosta (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Imported:
                    Indexed: