plexus-cipher/0001-Improve-randomness-of-PBECipher-salt.patch

From f9975b549fcb2453b1127ceccfd1f8061e35a618 Mon Sep 17 00:00:00 2001
From: Mikolaj Izdebski <mizdebsk@redhat.com>
Date: Tue, 27 Nov 2012 15:32:10 +0100
Subject: [PATCH] Improve randomness of PBECipher salt

See: https://bugzilla.redhat.com/show_bug.cgi?id=880279
---
 .../plexus/components/cipher/PBECipher.java        | 43 +++-------------------
 1 file changed, 5 insertions(+), 38 deletions(-)

diff --git a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
index ce6b173..c69e753 100644
--- a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
+++ b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
@@ -63,9 +63,8 @@ public class PBECipher
 
     protected MessageDigest _digester;
     
-    protected SecureRandom _secureRandom;
-    
-    protected boolean _onLinux = false;
+    private static final SecureRandom _secureRandom = new SecureRandom();
+
     //---------------------------------------------------------------
     public PBECipher()
     throws PlexusCipherException
@@ -73,21 +72,6 @@ public class PBECipher
         try
         {
             _digester = MessageDigest.getInstance( DIGEST_ALG );
-            
-            if( System.getProperty( "os.name", "blah" ).toLowerCase().indexOf( "linux" ) != -1 )
-            {
-                _onLinux = true;
-            }
-            
-            if( _onLinux )
-            {
-                System.setProperty( "securerandom.source", "file:/dev/./urandom");
-            }
-            else
-            {
-                _secureRandom = new SecureRandom();
-            }
-            
         }
         catch ( NoSuchAlgorithmException e )
         {
@@ -96,21 +80,10 @@ public class PBECipher
     }
     //---------------------------------------------------------------
     private byte[] getSalt( final int sz )
-    throws NoSuchAlgorithmException, NoSuchProviderException
     {
-        byte [] res = null;
-        
-        if( _secureRandom != null )
-        {
-            _secureRandom.setSeed( System.currentTimeMillis() );
-            res = _secureRandom.generateSeed( sz );
-        }
-        else
-        {
-            res = new byte[ sz ];
-            Random r = new Random( System.currentTimeMillis() );
-            r.nextBytes( res );
-        }
+        byte[] res = new byte[ sz ];
+
+        _secureRandom.nextBytes( res );
 
         return res;
     }
@@ -124,12 +97,6 @@ public class PBECipher
     
             byte[] salt = getSalt( SALT_SIZE );
             
-            // spin it :)
-            if( _secureRandom != null )
-            {
-                new SecureRandom().nextBytes( salt );
-            }
-    
             Cipher cipher = createCipher( password.getBytes( STRING_ENCODING ), salt, Cipher.ENCRYPT_MODE  );
     
             byte [] encryptedBytes = cipher.doFinal( clearBytes );
-- 
1.7.11.7
Improve randomness of PBECipher - Resolves: rhbz#880279 2012-11-27 15:07:12 +00:00			`From f9975b549fcb2453b1127ceccfd1f8061e35a618 Mon Sep 17 00:00:00 2001`
			`From: Mikolaj Izdebski <mizdebsk@redhat.com>`
			`Date: Tue, 27 Nov 2012 15:32:10 +0100`
			`Subject: [PATCH] Improve randomness of PBECipher salt`

			`See: https://bugzilla.redhat.com/show_bug.cgi?id=880279`
			`---`
			`.../plexus/components/cipher/PBECipher.java \| 43 +++-------------------`
			`1 file changed, 5 insertions(+), 38 deletions(-)`

			`diff --git a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java`
			`index ce6b173..c69e753 100644`
			`--- a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java`
			`+++ b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java`
			`@@ -63,9 +63,8 @@ public class PBECipher`

			`protected MessageDigest _digester;`

			`- protected SecureRandom _secureRandom;`
			`-`
			`- protected boolean _onLinux = false;`
			`+ private static final SecureRandom _secureRandom = new SecureRandom();`
			`+`
			`//---------------------------------------------------------------`
			`public PBECipher()`
			`throws PlexusCipherException`
			`@@ -73,21 +72,6 @@ public class PBECipher`
			`try`
			`{`
			`_digester = MessageDigest.getInstance( DIGEST_ALG );`
			`-`
			`- if( System.getProperty( "os.name", "blah" ).toLowerCase().indexOf( "linux" ) != -1 )`
			`- {`
			`- _onLinux = true;`
			`- }`
			`-`
			`- if( _onLinux )`
			`- {`
			`- System.setProperty( "securerandom.source", "file:/dev/./urandom");`
			`- }`
			`- else`
			`- {`
			`- _secureRandom = new SecureRandom();`
			`- }`
			`-`
			`}`
			`catch ( NoSuchAlgorithmException e )`
			`{`
			`@@ -96,21 +80,10 @@ public class PBECipher`
			`}`
			`//---------------------------------------------------------------`
			`private byte[] getSalt( final int sz )`
			`- throws NoSuchAlgorithmException, NoSuchProviderException`
			`{`
			`- byte [] res = null;`
			`-`
			`- if( _secureRandom != null )`
			`- {`
			`- _secureRandom.setSeed( System.currentTimeMillis() );`
			`- res = _secureRandom.generateSeed( sz );`
			`- }`
			`- else`
			`- {`
			`- res = new byte[ sz ];`
			`- Random r = new Random( System.currentTimeMillis() );`
			`- r.nextBytes( res );`
			`- }`
			`+ byte[] res = new byte[ sz ];`
			`+`
			`+ _secureRandom.nextBytes( res );`

			`return res;`
			`}`
			`@@ -124,12 +97,6 @@ public class PBECipher`

			`byte[] salt = getSalt( SALT_SIZE );`

			`- // spin it :)`
			`- if( _secureRandom != null )`
			`- {`
			`- new SecureRandom().nextBytes( salt );`
			`- }`
			`-`
			`Cipher cipher = createCipher( password.getBytes( STRING_ENCODING ), salt, Cipher.ENCRYPT_MODE );`

			`byte [] encryptedBytes = cipher.doFinal( clearBytes );`
			`--`
			`1.7.11.7`