ssh: use a single SecureRandom instance for hashing hostnames
According to Spotbugs, that's better practice. It's questionable whether it makes a big difference, though, especially since the hash is the cryptographically weak SHA1. Change-Id: Id293de2bad809d9cc19230bd720184786dc6c226 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
This commit is contained in:
parent
af0126e1d0
commit
180bc67e28
|
@ -34,6 +34,7 @@
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Random;
|
||||||
import java.util.TreeSet;
|
import java.util.TreeSet;
|
||||||
import java.util.concurrent.ConcurrentHashMap;
|
import java.util.concurrent.ConcurrentHashMap;
|
||||||
import java.util.function.Supplier;
|
import java.util.function.Supplier;
|
||||||
|
@ -138,6 +139,8 @@ public class OpenSshServerKeyDatabase
|
||||||
|
|
||||||
private final List<HostKeyFile> defaultFiles = new ArrayList<>();
|
private final List<HostKeyFile> defaultFiles = new ArrayList<>();
|
||||||
|
|
||||||
|
private Random prng;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a new {@link OpenSshServerKeyDatabase}.
|
* Creates a new {@link OpenSshServerKeyDatabase}.
|
||||||
*
|
*
|
||||||
|
@ -680,7 +683,9 @@ private String createHostKeyLine(Collection<SshdSocketAddress> patterns,
|
||||||
// or to Apache MINA sshd.
|
// or to Apache MINA sshd.
|
||||||
NamedFactory<Mac> digester = KnownHostDigest.SHA1;
|
NamedFactory<Mac> digester = KnownHostDigest.SHA1;
|
||||||
Mac mac = digester.create();
|
Mac mac = digester.create();
|
||||||
SecureRandom prng = new SecureRandom();
|
if (prng == null) {
|
||||||
|
prng = new SecureRandom();
|
||||||
|
}
|
||||||
byte[] salt = new byte[mac.getDefaultBlockSize()];
|
byte[] salt = new byte[mac.getDefaultBlockSize()];
|
||||||
for (SshdSocketAddress address : patterns) {
|
for (SshdSocketAddress address : patterns) {
|
||||||
if (result.length() > 0) {
|
if (result.length() > 0) {
|
||||||
|
|
Loading…
Reference in New Issue