From 2e42ca9f0324c1367213f1019b6c97b79509ad19 Mon Sep 17 00:00:00 2001 From: Mikolaj Izdebski Date: Tue, 27 Nov 2012 16:07:12 +0100 Subject: [PATCH] Improve randomness of PBECipher - Resolves: rhbz#880279 --- ...Improve-randomness-of-PBECipher-salt.patch | 89 +++++++++++++++++++ plexus-cipher.spec | 8 +- 2 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 0001-Improve-randomness-of-PBECipher-salt.patch diff --git a/0001-Improve-randomness-of-PBECipher-salt.patch b/0001-Improve-randomness-of-PBECipher-salt.patch new file mode 100644 index 0000000..b08bd2a --- /dev/null +++ b/0001-Improve-randomness-of-PBECipher-salt.patch @@ -0,0 +1,89 @@ +From f9975b549fcb2453b1127ceccfd1f8061e35a618 Mon Sep 17 00:00:00 2001 +From: Mikolaj Izdebski +Date: Tue, 27 Nov 2012 15:32:10 +0100 +Subject: [PATCH] Improve randomness of PBECipher salt + +See: https://bugzilla.redhat.com/show_bug.cgi?id=880279 +--- + .../plexus/components/cipher/PBECipher.java | 43 +++------------------- + 1 file changed, 5 insertions(+), 38 deletions(-) + +diff --git a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java +index ce6b173..c69e753 100644 +--- a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java ++++ b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java +@@ -63,9 +63,8 @@ public class PBECipher + + protected MessageDigest _digester; + +- protected SecureRandom _secureRandom; +- +- protected boolean _onLinux = false; ++ private static final SecureRandom _secureRandom = new SecureRandom(); ++ + //--------------------------------------------------------------- + public PBECipher() + throws PlexusCipherException +@@ -73,21 +72,6 @@ public class PBECipher + try + { + _digester = MessageDigest.getInstance( DIGEST_ALG ); +- +- if( System.getProperty( "os.name", "blah" ).toLowerCase().indexOf( "linux" ) != -1 ) +- { +- _onLinux = true; +- } +- +- if( _onLinux ) +- { +- System.setProperty( "securerandom.source", "file:/dev/./urandom"); +- } +- else +- { +- _secureRandom = new SecureRandom(); +- } +- + } + catch ( NoSuchAlgorithmException e ) + { +@@ -96,21 +80,10 @@ public class PBECipher + } + //--------------------------------------------------------------- + private byte[] getSalt( final int sz ) +- throws NoSuchAlgorithmException, NoSuchProviderException + { +- byte [] res = null; +- +- if( _secureRandom != null ) +- { +- _secureRandom.setSeed( System.currentTimeMillis() ); +- res = _secureRandom.generateSeed( sz ); +- } +- else +- { +- res = new byte[ sz ]; +- Random r = new Random( System.currentTimeMillis() ); +- r.nextBytes( res ); +- } ++ byte[] res = new byte[ sz ]; ++ ++ _secureRandom.nextBytes( res ); + + return res; + } +@@ -124,12 +97,6 @@ public class PBECipher + + byte[] salt = getSalt( SALT_SIZE ); + +- // spin it :) +- if( _secureRandom != null ) +- { +- new SecureRandom().nextBytes( salt ); +- } +- + Cipher cipher = createCipher( password.getBytes( STRING_ENCODING ), salt, Cipher.ENCRYPT_MODE ); + + byte [] encryptedBytes = cipher.doFinal( clearBytes ); +-- +1.7.11.7 + diff --git a/plexus-cipher.spec b/plexus-cipher.spec index 83e42f9..985de38 100644 --- a/plexus-cipher.spec +++ b/plexus-cipher.spec @@ -1,6 +1,6 @@ Name: plexus-cipher Version: 1.5 -Release: 10%{?dist} +Release: 11%{?dist} Summary: Plexus Cipher: encryption/decryption Component Group: Development/Libraries @@ -12,6 +12,7 @@ Source0: %{name}-%{version}.tar.gz Source1: http://apache.org/licenses/LICENSE-2.0.txt Patch0: %{name}-migration-to-component-metadata.patch +Patch1: 0001-Improve-randomness-of-PBECipher-salt.patch BuildArch: noarch @@ -55,6 +56,7 @@ API documentation for %{name}. %setup -q %patch0 -p1 +%patch1 -p1 cp %{SOURCE1} . @@ -86,6 +88,10 @@ cp -pr target/site/api*/* %{buildroot}%{_javadocdir}/plexus/%{name}/ %{_javadocdir}/plexus/%{name} %changelog +* Tue Nov 27 2012 Mikolaj Izdebski - 1.5-11 +- Improve randomness of PBECipher +- Resolves: rhbz#880279 + * Mon Nov 26 2012 Mikolaj Izdebski - 1.5-10 - Remove duplicated NOTICE file