RFR (XS) : 8042904: apple.security.KeychainStore.getSalt() calling generateSeed()
Jamil Nimeh
jamil.j.nimeh at oracle.com
Tue May 28 14:52:54 UTC 2019
This looks fine to me.
--Jamil
On 5/28/2019 7:45 AM, Seán Coffey wrote:
> https://bugs.openjdk.java.net/browse/JDK-8042904
>
> Looking to correct this issue. SecureRandom.nextBytes looks like the
> method
> which should be in use rather than generateSeed(int)
>
> --- a/src/java.base/macosx/classes/apple/security/KeychainStore.java
> +++ b/src/java.base/macosx/classes/apple/security/KeychainStore.java
> @@ -1050,7 +1050,7 @@
> if (random == null) {
> random = new SecureRandom();
> }
> - salt = random.generateSeed(SALT_LEN);
> + random.nextBytes(salt);
> return salt;
> }
>
> regards,
> Sean.
>
>
More information about the security-dev
mailing list