view patches/security/20121016/7167656.patch @ 2593:6df81d93af9c

Add 2012/10/16 security updates. 2012-10-11 Andrew John Hughes <gnu.andrew@redhat.com> * Makefile.am: (SECURITY_PATCHES): Add new patches. * patches/ecj/override.patch: Add new cases in P11Key and RMIConnectionImpl introduced by security patches. * patches/ssl.patch: Removed old unneeded patch which breaks with this update. * patches/security/20111018/7092186.patch: Backport of patch added to OpenJDK6 by Oracle as part of the last security update but not included in the bundle delivered ahead of time. * patches/security/20121016/6631398.patch, * patches/security/20121016/7093490.patch, * patches/security/20121016/7143535.patch, * patches/security/20121016/7158801.patch, * patches/security/20121016/7167656.patch, * patches/security/20121016/7169884.patch, * patches/security/20121016/7169888.patch, * patches/security/20121016/7172522.patch, * patches/security/20121016/7176337.patch, * patches/security/20121016/7186286.patch, * patches/security/20121016/7189103.patch, * patches/security/20121016/7189490.patch, * patches/security/20121016/7189567.patch, * patches/security/20121016/7192975.patch, * patches/security/20121016/7195194.patch, * patches/security/20121016/7195917.patch, * patches/security/20121016/7195919.patch, * patches/security/20121016/7198296.patch, * patches/security/20121016/7198606.patch, * patches/security/20121016/hs20/7158800.patch, * patches/security/20121016/hs20/7158804.patch, * patches/security/20121016/original/7158800.patch, * patches/security/20121016/original/7158804.patch: New patches.
author Andrew John Hughes <ahughes@redhat.com>
date Fri, 12 Oct 2012 02:18:24 +0100
parents
children
line wrap: on
line source

# HG changeset patch
# User coffeys
# Date 1340139680 -3600
# Node ID d04575148db287475168da344159e583f7bff02c
# Parent  1e170e3c1b682d0f98a61a47e5049535c5bd4999
7167656: Multiple Seeders are being created
Reviewed-by: wetmore

diff --git a/src/share/classes/sun/security/provider/SecureRandom.java b/src/share/classes/sun/security/provider/SecureRandom.java
--- openjdk/jdk/src/share/classes/sun/security/provider/SecureRandom.java
+++ openjdk/jdk/src/share/classes/sun/security/provider/SecureRandom.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,12 +56,6 @@
 
     private static final long serialVersionUID = 3581829991155417889L;
 
-    /**
-     * This static object will be seeded by SeedGenerator, and used
-     * to seed future instances of SecureRandom
-     */
-    private static SecureRandom seeder;
-
     private static final int DIGEST_SIZE = 20;
     private transient MessageDigest digest;
     private byte[] state;
@@ -173,6 +167,28 @@
     }
 
     /**
+     * This static object will be seeded by SeedGenerator, and used
+     * to seed future instances of SHA1PRNG SecureRandoms.
+     *
+     * Bloch, Effective Java Second Edition: Item 71
+     */
+    private static class SeederHolder {
+
+        private static final SecureRandom seeder;
+
+        static {
+            /*
+             * Call to SeedGenerator.generateSeed() to add additional
+             * seed material (likely from the Native implementation).
+             */
+            seeder = new SecureRandom(SeedGenerator.getSystemEntropy());
+            byte [] b = new byte[DIGEST_SIZE];
+            SeedGenerator.generateSeed(b);
+            seeder.engineSetSeed(b);
+        }
+    }
+
+    /**
      * Generates a user-specified number of random bytes.
      *
      * @param bytes the array to be filled in with random bytes.
@@ -183,13 +199,8 @@
         byte[] output = remainder;
 
         if (state == null) {
-            if (seeder == null) {
-                seeder = new SecureRandom(SeedGenerator.getSystemEntropy());
-                seeder.engineSetSeed(engineGenerateSeed(DIGEST_SIZE));
-            }
-
             byte[] seed = new byte[DIGEST_SIZE];
-            seeder.engineNextBytes(seed);
+            SeederHolder.seeder.engineNextBytes(seed);
             state = digest.digest(seed);
         }