-
Bug
-
Resolution: Fixed
-
P4
-
7
-
b28
-
generic
-
generic
-
Verified
In CipherSuite.java of SunJSSE provider, there is a bulk key avaliable detection block:
SecretKey key = new SecretKeySpec
(new byte[cipher.expandedKeySize], cipher.algorithm);
IvParameterSpec iv = new IvParameterSpec(new byte[cipher.ivSize]);
cipher.newCipher(ProtocolVersion.DEFAULT, key, iv, null, true);
If the detection success, the cipher will be accepted for further usage. Otherwise, the cipher will be denied in runtime. The ciper.newCipher() operation does not really generate a useful CipherBox. The call is only use to detect whether the cipher is supported by the runtime environment.
The 2nd last parameter of cipher.newCipher() is of type SecureRandom. In a SSLContext, it is expected that only one SecureRandom instance can be used to generate randomness, as specified in the 3rd parameter of SSLContext.init(KeyManager[] km, TrustManager[] tm, SecureRandom random).
If the 2nd last parameter ofcipher.newCipher() is null, a new SecureRandom instance will be generated and initilized. As will hurt the performance a little. Normally, the impact is just a little.
SecretKey key = new SecretKeySpec
(new byte[cipher.expandedKeySize], cipher.algorithm);
IvParameterSpec iv = new IvParameterSpec(new byte[cipher.ivSize]);
cipher.newCipher(ProtocolVersion.DEFAULT, key, iv, null, true);
If the detection success, the cipher will be accepted for further usage. Otherwise, the cipher will be denied in runtime. The ciper.newCipher() operation does not really generate a useful CipherBox. The call is only use to detect whether the cipher is supported by the runtime environment.
The 2nd last parameter of cipher.newCipher() is of type SecureRandom. In a SSLContext, it is expected that only one SecureRandom instance can be used to generate randomness, as specified in the 3rd parameter of SSLContext.init(KeyManager[] km, TrustManager[] tm, SecureRandom random).
If the 2nd last parameter ofcipher.newCipher() is null, a new SecureRandom instance will be generated and initilized. As will hurt the performance a little. Normally, the impact is just a little.