JDK-8221250 : RSAKeyPairGenerator initialize drops SecureRandom parameter
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 11
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: os_x
  • CPU: x86
  • Submitted: 2019-03-20
  • Updated: 2019-10-02
  • Resolved: 2019-03-21
Related Reports
Duplicate :  
JDK-8211049 - Second parameter of "initialize" method is not used
Description
A DESCRIPTION OF THE PROBLEM :
The behavior of the following piece of code changed between java10 and java11: https://gist.github.com/alokmenghrajani/94703a63652bf17c328f921bd3431189

I believe the bug is the null in https://github.com/AdoptOpenJDK/openjdk-jdk11/blob/999dbd4192d0f819cb5224f26e9e7fa75ca6f289/src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java?fbclid=IwAR2UE_r8ove135uXt2bv_5LJ3Ay3BHgnxoepi78Mhloe02Qb53oc1eivYxU#L73 which was introduced in https://github.com/AdoptOpenJDK/openjdk-jdk11/commit/12fbbe6212f4b8ce2822cd592841ba28524cf8c7 (when RSASSA-PSS was added).

REGRESSION : Last worked in version 10.0.2

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run the code from https://gist.github.com/alokmenghrajani/94703a63652bf17c328f921bd3431189 on Java10. The output between genKey1() and genKey2() will differ when it should not.


FREQUENCY : always
Comments
This has been fixed with JDK-8211049 in JDK 12 and backported in JDK 11.0.3 as well. The test results are : JDK 10.0.2 - Pass JDK 11.0.2 - Fail JDK 12 - Pass JDK 13-ea+11 - Pass
21-03-2019