Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7142339

PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 8
    • Fix Version/s: 8
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b27
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Not verified

      Backports

        Description

        PKCS7.java has a static initializer that creates a SHA1PRNG, which is only used for generating timestamp nonces. This is not even used during basic JDK startup, this class is getting pulled in during the signed Jar Verification of providers like sunpkcs11, etc. I think it would be better to delay this selection until when it's actually needed. This is today's code.

            static {
                SecureRandom tmp = null;
                try {
                    tmp = SecureRandom.getInstance("SHA1PRNG");
                } catch (NoSuchAlgorithmException e) {
                    // should not happen
                }
                RANDOM = tmp;
            }

            private static byte[] generatorTimestampToken(...) {
            ...deleted...
            if (RANDOM != null) {
                nonce = new BigInteger(64, RANDOM);
            }

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  vinnie Vincent Ryan
                  Reporter:
                  wetmore Bradford Wetmore
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Imported:
                    Indexed: