Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7142339

PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 8
    • Fix Version/s: 8
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b27
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Not verified

      Backports

        Description

        PKCS7.java has a static initializer that creates a SHA1PRNG, which is only used for generating timestamp nonces. This is not even used during basic JDK startup, this class is getting pulled in during the signed Jar Verification of providers like sunpkcs11, etc. I think it would be better to delay this selection until when it's actually needed. This is today's code.

            static {
                SecureRandom tmp = null;
                try {
                    tmp = SecureRandom.getInstance("SHA1PRNG");
                } catch (NoSuchAlgorithmException e) {
                    // should not happen
                }
                RANDOM = tmp;
            }

            private static byte[] generatorTimestampToken(...) {
            ...deleted...
            if (RANDOM != null) {
                nonce = new BigInteger(64, RANDOM);
            }

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                vinnie Vincent Ryan
                Reporter:
                wetmore Bradford Wetmore
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: