United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-4706382 : Remove secure random seed generation code in JPI

Details
Type:
Enhancement
Submit Date:
2002-06-21
Status:
Resolved
Updated Date:
2002-08-01
Project Name:
JDK
Resolved Date:
2002-08-01
Component:
deploy
OS:
generic
Sub-Component:
plugin
CPU:
generic
Priority:
P4
Resolution:
Fixed
Affected Versions:
1.4.1
Fixed Versions:
1.4.2 (mantis)

Related Reports

Sub Tasks

Description
Since JSSE uses native OS support to generate the secure random seed in hopper to improve the performance, we can eliminate the JPI code which provides similar functionality

                                    

Comments
CONVERTED DATA

BugTraq+ Release Management Values

COMMIT TO FIX:
mantis

FIXED IN:
mantis

INTEGRATED IN:
mantis
mantis-b03


                                     
2004-06-14
SUGGESTED FIX

See the webrev in attachment.
###@###.### 2002-07-31
                                     
2002-07-31
EVALUATION

The corresponding RFE under classes_security is 4518762
###@###.### 2002-06-26

A potential fix has been identified. The fix is to disable JPI code which is responsible for creating and seeding a SecureRandom object. The fix also involves changing the way the sslContext.init method is being called. By passing a null as the third argument to sslContext.init, JSSE will create and seed a SecureRandom object. The suggested fix contains source diff of ext/plugin/java/src/sun/plugin/net/protocol/https/Handler.java for the Hopper version. I'm working on eliminating unnecessary java and native source code related to SecureRandom in JPI.
###@###.### 2002-07-19

A fix has been integrated into JPI's Mantis ws. 
###@###.### 2002-07-31
                                     
2002-07-19



Hardware and Software, Engineered to Work Together