From be0d3e368ca9459430cbae93cf96c40413696027 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Thu, 17 Dec 2015 12:02:12 +0000
Subject: [PATCH] OPENDJ-2558 - use secure PRNG for encryption IVs

---
 opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java |    8 ++------
 1 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java b/opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java
index 8b85714..90c60dc 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerImpl.java
@@ -150,10 +150,6 @@
   /** The secure random number generator used for key generation, initialization vector PRNG seed. */
   private static final SecureRandom secureRandom = new SecureRandom();
 
-  /** The random number generator used for initialization vector production. */
-  private static final Random pseudoRandom
-          = new Random(secureRandom.nextLong());
-
   /**
    * The first byte in any ciphertext produced by CryptoManager is the prologue
    * version. At present, this constant is both the version written and the
@@ -1706,7 +1702,7 @@
       byte[] iv = null;
       if (0 < ivLengthBits) {
         iv = new byte[ivLengthBits / Byte.SIZE];
-        pseudoRandom.nextBytes(iv);
+        secureRandom.nextBytes(iv);
       }
       getCipher(keyEntry, Cipher.DECRYPT_MODE, iv);
 
@@ -1994,7 +1990,7 @@
         byte[] iv;
         if (Cipher.ENCRYPT_MODE == mode && null == initializationVector) {
           iv = new byte[keyEntry.getIVLengthBits() / Byte.SIZE];
-          pseudoRandom.nextBytes(iv);
+          secureRandom.nextBytes(iv);
         }
         else {
           iv = initializationVector;

--
Gitblit v1.10.0