From 180bc67e28f333a8b23413a0789b6563c3a5b9de Mon Sep 17 00:00:00 2001 From: Thomas Wolf Date: Sat, 13 Nov 2021 13:09:58 +0100 Subject: ssh: use a single SecureRandom instance for hashing hostnames According to Spotbugs, that's better practice. It's questionable whether it makes a big difference, though, especially since the hash is the cryptographically weak SHA1. Change-Id: Id293de2bad809d9cc19230bd720184786dc6c226 Signed-off-by: Thomas Wolf --- .../jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java index 85e406f422..d8bf449acf 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java @@ -34,6 +34,7 @@ import java.util.Collections; import java.util.LinkedList; import java.util.List; import java.util.Map; +import java.util.Random; import java.util.TreeSet; import java.util.concurrent.ConcurrentHashMap; import java.util.function.Supplier; @@ -138,6 +139,8 @@ public class OpenSshServerKeyDatabase private final List defaultFiles = new ArrayList<>(); + private Random prng; + /** * Creates a new {@link OpenSshServerKeyDatabase}. * @@ -680,7 +683,9 @@ public class OpenSshServerKeyDatabase // or to Apache MINA sshd. NamedFactory digester = KnownHostDigest.SHA1; Mac mac = digester.create(); - SecureRandom prng = new SecureRandom(); + if (prng == null) { + prng = new SecureRandom(); + } byte[] salt = new byte[mac.getDefaultBlockSize()]; for (SshdSocketAddress address : patterns) { if (result.length() > 0) { -- cgit v1.2.3