Improve randomness of PBECipher
- Resolves: rhbz#880279
This commit is contained in:
Mikolaj Izdebski
parent
b75736306d
commit
2e42ca9f03
89
0001-Improve-randomness-of-PBECipher-salt.patch
Normal file
89
0001-Improve-randomness-of-PBECipher-salt.patch
Normal file
@ -0,0 +1,89 @@
|
|||||||
|
From f9975b549fcb2453b1127ceccfd1f8061e35a618 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Mikolaj Izdebski <mizdebsk@redhat.com>
|
||||||
|
Date: Tue, 27 Nov 2012 15:32:10 +0100
|
||||||
|
Subject: [PATCH] Improve randomness of PBECipher salt
|
||||||
|
|
||||||
|
See: https://bugzilla.redhat.com/show_bug.cgi?id=880279
|
||||||
|
---
|
||||||
|
.../plexus/components/cipher/PBECipher.java | 43 +++-------------------
|
||||||
|
1 file changed, 5 insertions(+), 38 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
|
||||||
|
index ce6b173..c69e753 100644
|
||||||
|
--- a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
|
||||||
|
+++ b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
|
||||||
|
@@ -63,9 +63,8 @@ public class PBECipher
|
||||||
|
|
||||||
|
protected MessageDigest _digester;
|
||||||
|
|
||||||
|
- protected SecureRandom _secureRandom;
|
||||||
|
-
|
||||||
|
- protected boolean _onLinux = false;
|
||||||
|
+ private static final SecureRandom _secureRandom = new SecureRandom();
|
||||||
|
+
|
||||||
|
//---------------------------------------------------------------
|
||||||
|
public PBECipher()
|
||||||
|
throws PlexusCipherException
|
||||||
|
@@ -73,21 +72,6 @@ public class PBECipher
|
||||||
|
try
|
||||||
|
{
|
||||||
|
_digester = MessageDigest.getInstance( DIGEST_ALG );
|
||||||
|
-
|
||||||
|
- if( System.getProperty( "os.name", "blah" ).toLowerCase().indexOf( "linux" ) != -1 )
|
||||||
|
- {
|
||||||
|
- _onLinux = true;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if( _onLinux )
|
||||||
|
- {
|
||||||
|
- System.setProperty( "securerandom.source", "file:/dev/./urandom");
|
||||||
|
- }
|
||||||
|
- else
|
||||||
|
- {
|
||||||
|
- _secureRandom = new SecureRandom();
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
}
|
||||||
|
catch ( NoSuchAlgorithmException e )
|
||||||
|
{
|
||||||
|
@@ -96,21 +80,10 @@ public class PBECipher
|
||||||
|
}
|
||||||
|
//---------------------------------------------------------------
|
||||||
|
private byte[] getSalt( final int sz )
|
||||||
|
- throws NoSuchAlgorithmException, NoSuchProviderException
|
||||||
|
{
|
||||||
|
- byte [] res = null;
|
||||||
|
-
|
||||||
|
- if( _secureRandom != null )
|
||||||
|
- {
|
||||||
|
- _secureRandom.setSeed( System.currentTimeMillis() );
|
||||||
|
- res = _secureRandom.generateSeed( sz );
|
||||||
|
- }
|
||||||
|
- else
|
||||||
|
- {
|
||||||
|
- res = new byte[ sz ];
|
||||||
|
- Random r = new Random( System.currentTimeMillis() );
|
||||||
|
- r.nextBytes( res );
|
||||||
|
- }
|
||||||
|
+ byte[] res = new byte[ sz ];
|
||||||
|
+
|
||||||
|
+ _secureRandom.nextBytes( res );
|
||||||
|
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
@@ -124,12 +97,6 @@ public class PBECipher
|
||||||
|
|
||||||
|
byte[] salt = getSalt( SALT_SIZE );
|
||||||
|
|
||||||
|
- // spin it :)
|
||||||
|
- if( _secureRandom != null )
|
||||||
|
- {
|
||||||
|
- new SecureRandom().nextBytes( salt );
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
Cipher cipher = createCipher( password.getBytes( STRING_ENCODING ), salt, Cipher.ENCRYPT_MODE );
|
||||||
|
|
||||||
|
byte [] encryptedBytes = cipher.doFinal( clearBytes );
|
||||||
|
--
|
||||||
|
1.7.11.7
|
||||||
|
|
||||||
@ -1,6 +1,6 @@
|
|||||||
Name: plexus-cipher
|
Name: plexus-cipher
|
||||||
Version: 1.5
|
Version: 1.5
|
||||||
Release: 10%{?dist}
|
Release: 11%{?dist}
|
||||||
Summary: Plexus Cipher: encryption/decryption Component
|
Summary: Plexus Cipher: encryption/decryption Component
|
||||||
|
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
@ -12,6 +12,7 @@ Source0: %{name}-%{version}.tar.gz
|
|||||||
Source1: http://apache.org/licenses/LICENSE-2.0.txt
|
Source1: http://apache.org/licenses/LICENSE-2.0.txt
|
||||||
|
|
||||||
Patch0: %{name}-migration-to-component-metadata.patch
|
Patch0: %{name}-migration-to-component-metadata.patch
|
||||||
|
Patch1: 0001-Improve-randomness-of-PBECipher-salt.patch
|
||||||
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
@ -55,6 +56,7 @@ API documentation for %{name}.
|
|||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
|
%patch1 -p1
|
||||||
|
|
||||||
cp %{SOURCE1} .
|
cp %{SOURCE1} .
|
||||||
|
|
||||||
@ -86,6 +88,10 @@ cp -pr target/site/api*/* %{buildroot}%{_javadocdir}/plexus/%{name}/
|
|||||||
%{_javadocdir}/plexus/%{name}
|
%{_javadocdir}/plexus/%{name}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 27 2012 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.5-11
|
||||||
|
- Improve randomness of PBECipher
|
||||||
|
- Resolves: rhbz#880279
|
||||||
|
|
||||||
* Mon Nov 26 2012 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.5-10
|
* Mon Nov 26 2012 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.5-10
|
||||||
- Remove duplicated NOTICE file
|
- Remove duplicated NOTICE file
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user