Remove SslHelper. Don't use SecureRandom.
SslHelper has been removed, and its functionality has been transferred into TrustedSocketFactory. The added layer of indirection wasn't really simplifying anything. It's now easier to see what happens when createSocket() is invoked. A new instance of SecureRandom is no longer passed to SSLContext.init(). Instead, null is passed. The (default) provider of the TLS SSLContext used is OpenSSLProvider, which provides an SSLSocket instance of type OpenSSLSocketImpl. The only use of SecureRandom is in OpenSSLSocketImpl.startHandshake(), where it is used to seed the OpenSSL PRNG with additional random data. But if SecureRandom is null, then /dev/urandom is used for seeding instead. Meanwhile, the default provider for the SecureRandom service is OpenSSLRandom, which uses the OpenSSL PRNG as its data source. So we were effectively seeding the OpenSSL PRNG with itself. That's probably okay (we trust that the OpenSSL PRNG was properly initialized with random data before first use), but using /dev/urandom would seem like a better source (or at least as good a source) for the additional seed data added with each new connection. Note that our PRNGFixes class replaces the default SecureRandom service with one whose data source is /dev/urandom for certain vulnerable API levels anyway. (It also makes sure that the OpenSSL PRNG is properly seeded before first use for certain vulnerable API levels.)
Loading
Please register or sign in to comment