diff options
author | Thomas Wolf <thomas.wolf@paranor.ch> | 2021-11-13 13:09:58 +0100 |
---|---|---|
committer | Matthias Sohn <matthias.sohn@sap.com> | 2021-11-15 22:26:20 +0100 |
commit | 180bc67e28f333a8b23413a0789b6563c3a5b9de (patch) | |
tree | 33136bf1bcd8d4b4da562294a821d064d337f401 /org.eclipse.jgit.ssh.apache | |
parent | af0126e1d01100fad673b6d0a56a99633383a198 (diff) | |
download | jgit-180bc67e28f333a8b23413a0789b6563c3a5b9de.tar.gz jgit-180bc67e28f333a8b23413a0789b6563c3a5b9de.zip |
ssh: use a single SecureRandom instance for hashing hostnames
According to Spotbugs, that's better practice. It's questionable
whether it makes a big difference, though, especially since the
hash is the cryptographically weak SHA1.
Change-Id: Id293de2bad809d9cc19230bd720184786dc6c226
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.ssh.apache')
-rw-r--r-- | org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java index 85e406f422..d8bf449acf 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java @@ -34,6 +34,7 @@ import java.util.Collections; import java.util.LinkedList; import java.util.List; import java.util.Map; +import java.util.Random; import java.util.TreeSet; import java.util.concurrent.ConcurrentHashMap; import java.util.function.Supplier; @@ -138,6 +139,8 @@ public class OpenSshServerKeyDatabase private final List<HostKeyFile> defaultFiles = new ArrayList<>(); + private Random prng; + /** * Creates a new {@link OpenSshServerKeyDatabase}. * @@ -680,7 +683,9 @@ public class OpenSshServerKeyDatabase // or to Apache MINA sshd. NamedFactory<Mac> digester = KnownHostDigest.SHA1; Mac mac = digester.create(); - SecureRandom prng = new SecureRandom(); + if (prng == null) { + prng = new SecureRandom(); + } byte[] salt = new byte[mac.getDefaultBlockSize()]; for (SshdSocketAddress address : patterns) { if (result.length() > 0) { |