RFR (XS) : 8042904: apple.security.KeychainStore.getSalt() calling generateSeed()
Seán Coffey
sean.coffey at oracle.com
Tue May 28 14:45:26 UTC 2019
https://bugs.openjdk.java.net/browse/JDK-8042904
Looking to correct this issue. SecureRandom.nextBytes looks like the method
which should be in use rather than generateSeed(int)
--- a/src/java.base/macosx/classes/apple/security/KeychainStore.java
+++ b/src/java.base/macosx/classes/apple/security/KeychainStore.java
@@ -1050,7 +1050,7 @@
if (random == null) {
random = new SecureRandom();
}
- salt = random.generateSeed(SALT_LEN);
+ random.nextBytes(salt);
return salt;
}
regards,
Sean.
More information about the security-dev
mailing list