From 3cc9d481f727793fb8c878181e0adcc07669d450 Mon Sep 17 00:00:00 2001 From: Thomas Wolf Date: Sun, 1 Sep 2024 23:11:43 +0200 Subject: [PATCH] JceRandom: use SecureRandom.getInstanceStrong() Fall back to new SecureRandom() if we get a NoSuchAlgorithmException, which should never occur unless the JVM is wrongly configured. Every JVM must support at least one strong PRNG. --- .../apache/sshd/common/random/JceRandom.java | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/sshd-common/src/main/java/org/apache/sshd/common/random/JceRandom.java b/sshd-common/src/main/java/org/apache/sshd/common/random/JceRandom.java index ba050e675..4ef8c1f1f 100644 --- a/sshd-common/src/main/java/org/apache/sshd/common/random/JceRandom.java +++ b/sshd-common/src/main/java/org/apache/sshd/common/random/JceRandom.java @@ -18,23 +18,39 @@ */ package org.apache.sshd.common.random; +import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + /** * A Random implementation using the built-in {@link SecureRandom} PRNG. * * @author Apache MINA SSHD Project */ public class JceRandom extends AbstractRandom { + public static final String NAME = "JCE"; + private static final Logger LOG = LoggerFactory.getLogger(JceRandom.class); + private byte[] tmp = new byte[16]; - private final SecureRandom random = new SecureRandom(); + private final SecureRandom random = getRandom(); public JceRandom() { super(); } + private static SecureRandom getRandom() { + try { + return SecureRandom.getInstanceStrong(); + } catch (NoSuchAlgorithmException e) { + LOG.warn("No strong SecureRandom algorithm available; falling back to non-strong SecureRandom PRNG."); + return new SecureRandom(); + } + } + @Override public String getName() { return NAME;