Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 8
Affects Version/s: 8
Component/s: security-libs
Labels:
- noreg-hard

Subcomponent:
java.security
Resolved In Build:
b27
CPU:

generic
OS:

generic
Verification:
Not verified

Backports

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8163052	openjdk7u	Vincent Ryan	P3	Resolved	Fixed	master

Description

PKCS7.java has a static initializer that creates a SHA1PRNG, which is only used for generating timestamp nonces. This is not even used during basic JDK startup, this class is getting pulled in during the signed Jar Verification of providers like sunpkcs11, etc. I think it would be better to delay this selection until when it's actually needed. This is today's code.

    static {
        SecureRandom tmp = null;
        try {
            tmp = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            // should not happen
        }
        RANDOM = tmp;
    }

    private static byte[] generatorTimestampToken(...) {
    ...deleted...
    if (RANDOM != null) {
        nonce = new BigInteger(64, RANDOM);
    }

Attachments

Issue Links

backported by

JDK-8163052 PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done

Resolved

Activity

People

Assignee:: Vincent Ryan

Reporter:: Bradford Wetmore

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2012-02-02 16:11

Updated:: 2016-08-02 23:12

Resolved:: 2012-02-21 14:44

Imported:: 16/Sep/12 2:30 AM

Indexed:: 17/Jul/12 10:29 PM