-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
P4
-
None
-
Affects Version/s: 8
-
Component/s: security-libs
-
None
Some places in the JSSE code don't use the provided SecureRandom passed in SSLContext.init(..., sr), but instead use the system default SecureRandom. For example:
sun.security.ssl.SignatureScheme.getSigner(PrivateKey privateKey)
Signature signer = Signature.getInstance(algorithm);
...
initSign(Signature s, PrivateKey privateKey,
AlgorithmParameterSpec params, SecureRandom random)
Examine whether these might be updated.
sun.security.ssl.SignatureScheme.getSigner(PrivateKey privateKey)
Signature signer = Signature.getInstance(algorithm);
...
initSign(Signature s, PrivateKey privateKey,
AlgorithmParameterSpec params, SecureRandom random)
Examine whether these might be updated.