Investigating PK11SecureRandom seeding

[pki-bot]

This issue was migrated from Pagure Issue #2698. Originally filed by edewata (@edewata) on 2017-05-19 14:17:05:

• Assigned to nobody

---

The following code in JssSubsystem seeds a PK11SecureRandom object with random bytes obtained from /dev/urandom (see https://github.com/dogtagpki/pki/blob/master/base/server/cmscore/src/com/netscape/cmscore/security/JssSubsystem.java#L258):

byte[] b = ... random bytes from /dev/urandom ...

PK11SecureRandom sr = new PK11SecureRandom();
sr.setSeed(b);

This code is only used in KRA. Further investigation is needed to determine the purpose of this code. If it turns out to be unnecessary the code should be removed.

[pki-bot]

Comment from edewata (@edewata) at 2017-05-19 14:17:50

Metadata Update from @edewata:

• Custom field component adjusted to General
• Custom field feature adjusted to ''
• Custom field origin adjusted to Community
• Custom field proposedmilestone adjusted to ''
• Custom field proposedpriority adjusted to ''
• Custom field reviewer adjusted to ''
• Custom field type adjusted to defect
• Custom field version adjusted to ''
• Issue set to the milestone: FUTURE

[pki-bot]

Comment from edewata (@edewata) at 2017-05-19 15:11:07

See also https://bugzilla.mozilla.org/show_bug.cgi?id=1254334#c22.