summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Wolf <thomas.wolf@paranor.ch>2021-11-13 13:09:58 +0100
committerMatthias Sohn <matthias.sohn@sap.com>2021-11-15 22:26:20 +0100
commit180bc67e28f333a8b23413a0789b6563c3a5b9de (patch)
tree33136bf1bcd8d4b4da562294a821d064d337f401
parentaf0126e1d01100fad673b6d0a56a99633383a198 (diff)
downloadjgit-180bc67e28f333a8b23413a0789b6563c3a5b9de.tar.gz
jgit-180bc67e28f333a8b23413a0789b6563c3a5b9de.zip
ssh: use a single SecureRandom instance for hashing hostnames
According to Spotbugs, that's better practice. It's questionable whether it makes a big difference, though, especially since the hash is the cryptographically weak SHA1. Change-Id: Id293de2bad809d9cc19230bd720184786dc6c226 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
-rw-r--r--org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java7
1 files changed, 6 insertions, 1 deletions
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java
index 85e406f422..d8bf449acf 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java
@@ -34,6 +34,7 @@ import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
+import java.util.Random;
import java.util.TreeSet;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Supplier;
@@ -138,6 +139,8 @@ public class OpenSshServerKeyDatabase
private final List<HostKeyFile> defaultFiles = new ArrayList<>();
+ private Random prng;
+
/**
* Creates a new {@link OpenSshServerKeyDatabase}.
*
@@ -680,7 +683,9 @@ public class OpenSshServerKeyDatabase
// or to Apache MINA sshd.
NamedFactory<Mac> digester = KnownHostDigest.SHA1;
Mac mac = digester.create();
- SecureRandom prng = new SecureRandom();
+ if (prng == null) {
+ prng = new SecureRandom();
+ }
byte[] salt = new byte[mac.getDefaultBlockSize()];
for (SshdSocketAddress address : patterns) {
if (result.length() > 0) {