Skip to content

Commit

Permalink
8293858: Change PKCS7 code to use default SecureRandom impl instead o…
Browse files Browse the repository at this point in the history 
…f SHA1PRNG

Reviewed-by: weijun, xuelei
  • Loading branch information
@seanjmullan
seanjmullan committed Oct 27, 2022
1 parent b8ad6cd commit 2157145
Showing 1 changed file with 4 additions and 22 deletions.
26 changes: 4 additions & 22 deletions src/java.base/share/classes/sun/security/pkcs/PKCS7.java
View file
Expand Up @@ -37,6 +37,7 @@
import java.security.*;
import java.util.function.Function;

import sun.security.jca.JCAUtil;
import sun.security.provider.SHAKE256;
import sun.security.timestamp.*;
import sun.security.util.*;
Expand Down Expand Up @@ -65,23 +66,6 @@ public class PKCS7 {

private Principal[] certIssuerNames;

/*
* Random number generator for creating nonce values
* (Lazy initialization)
*/
private static class SecureRandomHolder {
static final SecureRandom RANDOM;
static {
SecureRandom tmp = null;
try {
tmp = SecureRandom.getInstance("SHA1PRNG");
} catch (NoSuchAlgorithmException e) {
// should not happen
}
RANDOM = tmp;
}
}

/**
* Unmarshals a PKCS7 block from its encoded form, parsing the
* encoded bytes from the InputStream.
Expand Down Expand Up @@ -1017,11 +1001,9 @@ public static byte[] generateTimestampToken(Timestamper tsa,
}

// Generate a nonce
BigInteger nonce = null;
if (SecureRandomHolder.RANDOM != null) {
nonce = new BigInteger(64, SecureRandomHolder.RANDOM);
tsQuery.setNonce(nonce);
}
BigInteger nonce = new BigInteger(64, JCAUtil.getDefSecureRandom());
tsQuery.setNonce(nonce);

tsQuery.requestCertificate(true);

TSResponse tsReply = tsa.generateTimestamp(tsQuery);
Expand Down

3 comments on commit 2157145

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review

Issues

@GoeLin
Copy link
Member

@GoeLin GoeLin commented on 2157145 Apr 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/backport jdk17u-dev

@openjdk
Copy link

@openjdk openjdk bot commented on 2157145 Apr 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@GoeLin the backport was successfully created on the branch GoeLin-backport-21571457 in my personal fork of openjdk/jdk17u-dev. To create a pull request with this backport targeting openjdk/jdk17u-dev:master, just click the following link:

➡️ Create pull request

The title of the pull request is automatically filled in correctly and below you find a suggestion for the pull request body:

Hi all,

This pull request contains a backport of commit 21571457 from the openjdk/jdk repository.

The commit being backported was authored by Sean Mullan on 27 Oct 2022 and was reviewed by Weijun Wang and Xue-Lei Andrew Fan.

Thanks!

If you need to update the source branch of the pull then run the following commands in a local clone of your personal fork of openjdk/jdk17u-dev:

$ git fetch https://github.com/openjdk-bots/jdk17u-dev.git GoeLin-backport-21571457:GoeLin-backport-21571457
$ git checkout GoeLin-backport-21571457
# make changes
$ git add paths/to/changed/files
$ git commit --message 'Describe additional changes made'
$ git push https://github.com/openjdk-bots/jdk17u-dev.git GoeLin-backport-21571457

Please sign in to comment.