JDK-4706382 : Remove secure random seed generation code in JPI
Type:Enhancement
Component:deploy
Sub-Component:plugin
Affected Version:1.4.1
Priority:P4
Status:Resolved
Resolution:Fixed
OS:generic
CPU:generic
Submitted:2002-06-21
Updated:2002-08-01
Resolved:2002-08-01
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
Since JSSE uses native OS support to generate the secure random seed in hopper to improve the performance, we can eliminate the JPI code which provides similar functionality
Comments
CONVERTED DATA
BugTraq+ Release Management Values
COMMIT TO FIX:
mantis
FIXED IN:
mantis
INTEGRATED IN:
mantis
mantis-b03
14-06-2004
SUGGESTED FIX
See the webrev in attachment.
###@###.### 2002-07-31
31-07-2002
EVALUATION
The corresponding RFE under classes_security is 4518762
###@###.### 2002-06-26
A potential fix has been identified. The fix is to disable JPI code which is responsible for creating and seeding a SecureRandom object. The fix also involves changing the way the sslContext.init method is being called. By passing a null as the third argument to sslContext.init, JSSE will create and seed a SecureRandom object. The suggested fix contains source diff of ext/plugin/java/src/sun/plugin/net/protocol/https/Handler.java for the Hopper version. I'm working on eliminating unnecessary java and native source code related to SecureRandom in JPI.
###@###.### 2002-07-19
A fix has been integrated into JPI's Mantis ws.
###@###.### 2002-07-31