mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: b872c4c4 | patch | commit | ignore whitespace
Matthew Swift
17.02.2015 be0d3e368ca9459430cbae93cf96c40413696027 
OPENDJ-2558 - use secure PRNG for encryption IVs

The initial fix is to use the default secure PRNG for the JVM. Unless
overridden in the the JVM's configuration, "NativePRNG" will be used on
*nix systems and "SHA1PRNG" on Windows.

Note that NativePRNG consumes entropy from /dev/urandom using blocking
reads, and that SHA1PRNG has been reported to block less frequently, as
well as being more performant. We will use the default algorithm despite
the potential performance issue on *nix for three reasons:

* it is obviously the "preferred" algorithm chosen by the JVM vendor

* allows the administrator to override the algorithm/provider by
explicitly configuring their JVM parameters

* we automatically adapt to changes in the default algorithm based on
JVM version/vendor.

We may want to revisit this choice if we find that it becomes a
performance bottleneck. This may occur when performing bulk encryption
of sensitive attributes such as user passwords. Usually this is not the
case since passwords are hashed rather than encrypted.
1 files modified
8 ■■■■ changed files
opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java 8 ●●●● patch | view | raw | blame | history 
 opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java


@@ -150,10 +150,6 @@


  /** The secure random number generator used for key generation, initialization vector PRNG seed. */


  private static final SecureRandom secureRandom = new SecureRandom();




  /** The random number generator used for initialization vector production. */


  private static final Random pseudoRandom


          = new Random(secureRandom.nextLong());




  /**


   * The first byte in any ciphertext produced by CryptoManager is the prologue


   * version. At present, this constant is both the version written and the


@@ -1706,7 +1702,7 @@


      byte[] iv = null;


      if (0 < ivLengthBits) {


        iv = new byte[ivLengthBits / Byte.SIZE];


        pseudoRandom.nextBytes(iv);


        secureRandom.nextBytes(iv);


      }


      getCipher(keyEntry, Cipher.DECRYPT_MODE, iv);




@@ -1994,7 +1990,7 @@


        byte[] iv;


        if (Cipher.ENCRYPT_MODE == mode && null == initializationVector) {


          iv = new byte[keyEntry.getIVLengthBits() / Byte.SIZE];


          pseudoRandom.nextBytes(iv);


          secureRandom.nextBytes(iv);


        }


        else {


          iv = initializationVector;