[plexus-cipher/f16: 7/7] Improve randomness of PBECipher

Mikolaj Izdebski mizdebsk at fedoraproject.org
Tue Nov 27 15:10:03 UTC 2012 

commit 2e42ca9f0324c1367213f1019b6c97b79509ad19
Author: Mikolaj Izdebski <mizdebsk at redhat.com>
Date:   Tue Nov 27 16:07:12 2012 +0100

    Improve randomness of PBECipher
    
    - Resolves: rhbz#880279

 0001-Improve-randomness-of-PBECipher-salt.patch |   89 +++++++++++++++++++++++
 plexus-cipher.spec                              |    8 ++-
 2 files changed, 96 insertions(+), 1 deletions(-)
---
diff --git a/0001-Improve-randomness-of-PBECipher-salt.patch b/0001-Improve-randomness-of-PBECipher-salt.patch
new file mode 100644
index 0000000..b08bd2a
--- /dev/null
+++ b/0001-Improve-randomness-of-PBECipher-salt.patch
@@ -0,0 +1,89 @@
+From f9975b549fcb2453b1127ceccfd1f8061e35a618 Mon Sep 17 00:00:00 2001
+From: Mikolaj Izdebski <mizdebsk at redhat.com>
+Date: Tue, 27 Nov 2012 15:32:10 +0100
+Subject: [PATCH] Improve randomness of PBECipher salt
+
+See: https://bugzilla.redhat.com/show_bug.cgi?id=880279
+---
+ .../plexus/components/cipher/PBECipher.java        | 43 +++-------------------
+ 1 file changed, 5 insertions(+), 38 deletions(-)
+
+diff --git a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
+index ce6b173..c69e753 100644
+--- a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
++++ b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java
+@@ -63,9 +63,8 @@ public class PBECipher
+ 
+     protected MessageDigest _digester;
+     
+-    protected SecureRandom _secureRandom;
+-    
+-    protected boolean _onLinux = false;
++    private static final SecureRandom _secureRandom = new SecureRandom();
++
+     //---------------------------------------------------------------
+     public PBECipher()
+     throws PlexusCipherException
+@@ -73,21 +72,6 @@ public class PBECipher
+         try
+         {
+             _digester = MessageDigest.getInstance( DIGEST_ALG );
+-            
+-            if( System.getProperty( "os.name", "blah" ).toLowerCase().indexOf( "linux" ) != -1 )
+-            {
+-                _onLinux = true;
+-            }
+-            
+-            if( _onLinux )
+-            {
+-                System.setProperty( "securerandom.source", "file:/dev/./urandom");
+-            }
+-            else
+-            {
+-                _secureRandom = new SecureRandom();
+-            }
+-            
+         }
+         catch ( NoSuchAlgorithmException e )
+         {
+@@ -96,21 +80,10 @@ public class PBECipher
+     }
+     //---------------------------------------------------------------
+     private byte[] getSalt( final int sz )
+-    throws NoSuchAlgorithmException, NoSuchProviderException
+     {
+-        byte [] res = null;
+-        
+-        if( _secureRandom != null )
+-        {
+-            _secureRandom.setSeed( System.currentTimeMillis() );
+-            res = _secureRandom.generateSeed( sz );
+-        }
+-        else
+-        {
+-            res = new byte[ sz ];
+-            Random r = new Random( System.currentTimeMillis() );
+-            r.nextBytes( res );
+-        }
++        byte[] res = new byte[ sz ];
++
++        _secureRandom.nextBytes( res );
+ 
+         return res;
+     }
+@@ -124,12 +97,6 @@ public class PBECipher
+     
+             byte[] salt = getSalt( SALT_SIZE );
+             
+-            // spin it :)
+-            if( _secureRandom != null )
+-            {
+-                new SecureRandom().nextBytes( salt );
+-            }
+-    
+             Cipher cipher = createCipher( password.getBytes( STRING_ENCODING ), salt, Cipher.ENCRYPT_MODE  );
+     
+             byte [] encryptedBytes = cipher.doFinal( clearBytes );
+-- 
+1.7.11.7
+
diff --git a/plexus-cipher.spec b/plexus-cipher.spec
index 83e42f9..985de38 100644
--- a/plexus-cipher.spec
+++ b/plexus-cipher.spec
@@ -1,6 +1,6 @@
 Name:           plexus-cipher
 Version:        1.5
-Release:        10%{?dist}
+Release:        11%{?dist}
 Summary:        Plexus Cipher: encryption/decryption Component
 
 Group:          Development/Libraries
@@ -12,6 +12,7 @@ Source0:        %{name}-%{version}.tar.gz
 Source1:        http://apache.org/licenses/LICENSE-2.0.txt
 
 Patch0:         %{name}-migration-to-component-metadata.patch
+Patch1:         0001-Improve-randomness-of-PBECipher-salt.patch
 
 BuildArch: noarch
 
@@ -55,6 +56,7 @@ API documentation for %{name}.
 %setup -q
 
 %patch0 -p1
+%patch1 -p1
 
 cp %{SOURCE1} .
 
@@ -86,6 +88,10 @@ cp -pr target/site/api*/* %{buildroot}%{_javadocdir}/plexus/%{name}/
 %{_javadocdir}/plexus/%{name}
 
 %changelog
+* Tue Nov 27 2012 Mikolaj Izdebski <mizdebsk at redhat.com> - 1.5-11
+- Improve randomness of PBECipher
+- Resolves: rhbz#880279
+
 * Mon Nov 26 2012 Mikolaj Izdebski <mizdebsk at redhat.com> - 1.5-10
 - Remove duplicated NOTICE file

More information about the scm-commits mailing list