-
Bug
-
Resolution: Fixed
-
P3
-
8
-
b27
-
generic
-
generic
-
Not verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8163052 | openjdk7u | Vincent Ryan | P3 | Resolved | Fixed | master |
PKCS7.java has a static initializer that creates a SHA1PRNG, which is only used for generating timestamp nonces. This is not even used during basic JDK startup, this class is getting pulled in during the signed Jar Verification of providers like sunpkcs11, etc. I think it would be better to delay this selection until when it's actually needed. This is today's code.
static {
SecureRandom tmp = null;
try {
tmp = SecureRandom.getInstance("SHA1PRNG");
} catch (NoSuchAlgorithmException e) {
// should not happen
}
RANDOM = tmp;
}
private static byte[] generatorTimestampToken(...) {
...deleted...
if (RANDOM != null) {
nonce = new BigInteger(64, RANDOM);
}
static {
SecureRandom tmp = null;
try {
tmp = SecureRandom.getInstance("SHA1PRNG");
} catch (NoSuchAlgorithmException e) {
// should not happen
}
RANDOM = tmp;
}
private static byte[] generatorTimestampToken(...) {
...deleted...
if (RANDOM != null) {
nonce = new BigInteger(64, RANDOM);
}
- backported by
-
JDK-8163052 PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done
-
- Resolved
-