Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8042904

apple.security.KeychainStore.getSalt() calling generateSeed()

    XMLWordPrintable

Details

    Backports

      Description

        While looking at JDK-6491602, I did a search of the codebase to look for similar occurrences. This one came up.

        (src/java.base/macosx/classes/apple/security/KeychainStore.java)

            private byte[] getSalt()
            {
                // Generate a random salt.
                byte[] salt = new byte[SALT_LEN];
                if (random == null) {
                    random = new SecureRandom();
                }
                salt = random.generateSeed(SALT_LEN);
                return salt;
            }

        I think SecureRandom.nextBytes is more appropriate here and better for performance.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8225820 apple.security.KeychainStore.getSalt() calling generateSeed()

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-6491602 PKCS12 KeyStore should not call secureRandom.generateSeed()

            • P3 - Major loss of function.
            • Closed

            Activity

              People

                coffeys Sean Coffey
                coffeys Sean Coffey
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: