[plexus-cipher/f16: 7/7] Improve randomness of PBECipher
Mikolaj Izdebski
mizdebsk at fedoraproject.org
Tue Nov 27 15:10:03 UTC 2012
commit 2e42ca9f0324c1367213f1019b6c97b79509ad19
Author: Mikolaj Izdebski <mizdebsk at redhat.com>
Date: Tue Nov 27 16:07:12 2012 +0100
Improve randomness of PBECipher
- Resolves: rhbz#880279
0001-Improve-randomness-of-PBECipher-salt.patch | 89 +++++++++++++++++++++++
plexus-cipher.spec | 8 ++-
2 files changed, 96 insertions(+), 1 deletions(-)
---
diff --git a/0001-Improve-randomness-of-PBECipher-salt.patch b/0001-Improve-randomness-of-PBECipher-salt.patch
new file mode 100644
index 0000000..b08bd2a
--- /dev/null
+++ b/0001-Improve-randomness-of-PBECipher-salt.patch
@@ -0,0 +1,89 @@
+From f9975b549fcb2453b1127ceccfd1f8061e35a618 Mon Sep 17 00:00:00 2001
+From: Mikolaj Izdebski <mizdebsk at redhat.com>
+Date: Tue, 27 Nov 2012 15:32:10 +0100
+Subject: [PATCH] Improve randomness of PBECipher salt
+
+See: https://bugzilla.redhat.com/show_bug.cgi?id=880279
+---
+ .../plexus/components/cipher/PBECipher.java | 43 +++-------------------
+ 1 file changed, 5 insertions(+), 38 deletions(-)
+
+diff --git a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
+index ce6b173..c69e753 100644
+--- a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
++++ b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
+@@ -63,9 +63,8 @@ public class PBECipher
+
+ protected MessageDigest _digester;
+
+- protected SecureRandom _secureRandom;
+-
+- protected boolean _onLinux = false;
++ private static final SecureRandom _secureRandom = new SecureRandom();
++
+ //---------------------------------------------------------------
+ public PBECipher()
+ throws PlexusCipherException
+@@ -73,21 +72,6 @@ public class PBECipher
+ try
+ {
+ _digester = MessageDigest.getInstance( DIGEST_ALG );
+-
+- if( System.getProperty( "os.name", "blah" ).toLowerCase().indexOf( "linux" ) != -1 )
+- {
+- _onLinux = true;
+- }
+-
+- if( _onLinux )
+- {
+- System.setProperty( "securerandom.source", "file:/dev/./urandom");
+- }
+- else
+- {
+- _secureRandom = new SecureRandom();
+- }
+-
+ }
+ catch ( NoSuchAlgorithmException e )
+ {
+@@ -96,21 +80,10 @@ public class PBECipher
+ }
+ //---------------------------------------------------------------
+ private byte[] getSalt( final int sz )
+- throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+- byte [] res = null;
+-
+- if( _secureRandom != null )
+- {
+- _secureRandom.setSeed( System.currentTimeMillis() );
+- res = _secureRandom.generateSeed( sz );
+- }
+- else
+- {
+- res = new byte[ sz ];
+- Random r = new Random( System.currentTimeMillis() );
+- r.nextBytes( res );
+- }
++ byte[] res = new byte[ sz ];
++
++ _secureRandom.nextBytes( res );
+
+ return res;
+ }
+@@ -124,12 +97,6 @@ public class PBECipher
+
+ byte[] salt = getSalt( SALT_SIZE );
+
+- // spin it :)
+- if( _secureRandom != null )
+- {
+- new SecureRandom().nextBytes( salt );
+- }
+-
+ Cipher cipher = createCipher( password.getBytes( STRING_ENCODING ), salt, Cipher.ENCRYPT_MODE );
+
+ byte [] encryptedBytes = cipher.doFinal( clearBytes );
+--
+1.7.11.7
+
diff --git a/plexus-cipher.spec b/plexus-cipher.spec
index 83e42f9..985de38 100644
--- a/plexus-cipher.spec
+++ b/plexus-cipher.spec
@@ -1,6 +1,6 @@
Name: plexus-cipher
Version: 1.5
-Release: 10%{?dist}
+Release: 11%{?dist}
Summary: Plexus Cipher: encryption/decryption Component
Group: Development/Libraries
@@ -12,6 +12,7 @@ Source0: %{name}-%{version}.tar.gz
Source1: http://apache.org/licenses/LICENSE-2.0.txt
Patch0: %{name}-migration-to-component-metadata.patch
+Patch1: 0001-Improve-randomness-of-PBECipher-salt.patch
BuildArch: noarch
@@ -55,6 +56,7 @@ API documentation for %{name}.
%setup -q
%patch0 -p1
+%patch1 -p1
cp %{SOURCE1} .
@@ -86,6 +88,10 @@ cp -pr target/site/api*/* %{buildroot}%{_javadocdir}/plexus/%{name}/
%{_javadocdir}/plexus/%{name}
%changelog
+* Tue Nov 27 2012 Mikolaj Izdebski <mizdebsk at redhat.com> - 1.5-11
+- Improve randomness of PBECipher
+- Resolves: rhbz#880279
+
* Mon Nov 26 2012 Mikolaj Izdebski <mizdebsk at redhat.com> - 1.5-10
- Remove duplicated NOTICE file
More information about the scm-commits
mailing list