[jitsi-dev] [libjitsi] Cache certificate and fingerprint, stop using ZrtpFortuna (#108)


#1

You can view, comment on, or merge this pull request online at:

  https://github.com/jitsi/libjitsi/pull/108

-- Commit Summary --

  * Also cache certificate and fingerprint in DtlsControlImpl
  * Use SecureRandom instead of ZrtpFortuna in DtlsControlImpl
  * Use SecureRandom instead of ZrtpFortuna in ZRTPTransformEngine
  * Use SecureRandom instead of ZrtpFortuna in SDesControlImpl

-- File Changes --

    M src/org/jitsi/impl/neomedia/transform/dtls/DtlsControlImpl.java (147)
    M src/org/jitsi/impl/neomedia/transform/dtls/DtlsPacketTransformer.java (5)
    M src/org/jitsi/impl/neomedia/transform/sdes/SDesControlImpl.java (15)
    M src/org/jitsi/impl/neomedia/transform/zrtp/ZRTPTransformEngine.java (4)

-- Patch Links --

https://github.com/jitsi/libjitsi/pull/108.patch
https://github.com/jitsi/libjitsi/pull/108.diff

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/108


#2

Hi, thanks for your contribution!
If you haven't already done so, could you please make sure you sign our CLA (https://jitsi.org/icla for individuals and https://jitsi.org/ccla for corporations)? We would unfortunately be unable to merge your patch unless we have that piece :(.

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/108#issuecomment-197883368


#3

It ain't as simple as that :frowning:
I know that I had to introduce setRandomGenerator on SDesFactory because it was blocking on /some/ (desktop) machines. We need to guarantee that Java never reads from /dev/random, not even for seeding. If we're using multiple instances of SecureRandom, generateSeed(..) is called multiple times and will drain /dev/random.

Also please split the Fortuna-removal and cache thing into two PRs. About the cache commit: the _ in the variable names are nothing we ever used. Please remove those. I cannot comment on the actual change there.

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/108#issuecomment-197892552


#4

generateSeed is never called, and if you don't use it /dev/random is never called
i've tested with java 6/7/8 and strace, is it possible that it was before java 6?

will update this PR once #109 is merged

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/108#issuecomment-197944209


#5

http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/provider/NativePRNG.java

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/108#issuecomment-197946070


#6

by the way ZrtpFortuna do use SecureRandom
https://github.com/jitsi/zrtp4j/commit/1bd0743d9cdd1750def56ff60951a99d44db2a87

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/108#issuecomment-197948902


#7

I'll look at https://github.com/jitsi/libjitsi/pull/108/commits/584363a4be3549c94005544597e55c9164264b8e because I have similar modifications in my local clone.

However, I'm going to close this PR now because (1) I will not pull Fortuna now and (2) I believe there are two distinct issues here: caching and Fortuna. Please @champtar create a separate PR for Fortuna which deals with Fortuna only (I'll cherry-pick the caching from here now).

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/108#issuecomment-197955178


#8

Closed #108.

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/108#event-593658936


#9

@lyubomir see #109

···

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/libjitsi/pull/108#issuecomment-197956150