(commons-crypto) branch master updated: SecureRandom in JavaCryptoRandom is not seeded

Thu, 25 Jan 2024 18:58:39 -0800 

This is an automated email from the ASF dual-hosted git repository.

ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-crypto.git


The following commit(s) were added to refs/heads/master by this push:
     new 7a54fa31 SecureRandom in JavaCryptoRandom is not seeded
7a54fa31 is described below

commit 7a54fa312cdb28396c34e79431c50c9d937f5900
Author: Gary Gregory <garydgreg...@gmail.com>
AuthorDate: Thu Jan 25 21:58:30 2024 -0500

    SecureRandom in JavaCryptoRandom is not seeded
---
 src/changes/changes.xml                                              | 1 +
 src/main/java/org/apache/commons/crypto/random/JavaCryptoRandom.java | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index f565815e..255eab21 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -94,6 +94,7 @@
       <action dev="ggregory"     type="fix" due-to="Gary 
Gregory">StreamInput.StreamInput(InputStream, int) now throws 
NullPointerException on null input.</action>
       <action dev="ggregory"     type="fix" due-to="Gary 
Gregory">ChannelOutput.ChannelOutput(WritableByteChannel) now throws 
NullPointerException on null input.</action>
       <action dev="ggregory"     type="fix" due-to="Gary 
Gregory">StreamOutput.StreamOutput(OutputStream, int) now throws 
NullPointerException on null input.</action>
+      <action dev="ggregory"     type="fix" due-to="Gary Gregory">SecureRandom 
in JavaCryptoRandom is not seeded.</action>
       <!-- UPDATE -->
       <action                    type="update" dev="sebb" due-to="Ludovic 
Henry">Dockerfile: Bump maven to 3.8.8 (previous no longer online)</action>
       <action                    type="update" dev="sebb">Tests: show details 
of crypt library actually loaded</action>
diff --git 
a/src/main/java/org/apache/commons/crypto/random/JavaCryptoRandom.java 
b/src/main/java/org/apache/commons/crypto/random/JavaCryptoRandom.java
index 38ed20d1..87713216 100644
--- a/src/main/java/org/apache/commons/crypto/random/JavaCryptoRandom.java
+++ b/src/main/java/org/apache/commons/crypto/random/JavaCryptoRandom.java
@@ -47,6 +47,8 @@ final class JavaCryptoRandom implements CryptoRandom {
         } catch (final NoSuchAlgorithmException e) {
             tmp = new SecureRandom();
         }
+        // Seed the SecureRandom by calling nextBytes(byte[])
+        tmp.nextBytes(new byte[8]);
         instance = tmp;
     }

Reply via email to