Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Prefer SHA1PRNG, which avoids VM-wide global lock on Unix. Another way to fix this is to avoid repeated calls to "rnd.nextInt()" in TransportConnection.sendMessage() and instead get all the padding in one call. That would require another byte array as there's no SecureRandom.nextBytes(byte[],int,int), but that'd be a monitor cost in the face of VM-wide lock across all the SecureRandom instances. The amount of padding is fairly small, so yet another way to fix this is to buffer random bytes by hitting SecureRandom in a bigger block (thus infrequentl) and save the rest at Connection.
- Loading branch information
Showing
3 changed files
with
35 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
package com.trilead.ssh2; | ||
|
||
import java.security.NoSuchAlgorithmException; | ||
import java.security.SecureRandom; | ||
|
||
/** | ||
* Creates {@link SecureRandom} | ||
* | ||
* @author Kohsuke Kawaguchi | ||
*/ | ||
class RandomFactory { | ||
static SecureRandom create() { | ||
try { | ||
// JENKINS-20108 | ||
// on Unix, "new SecureRandom()" uses NativePRNG that uses a VM-wide lock, which results in | ||
// SecureRandom.nextInt() contention when there are lots of concurrent connections. | ||
// SHA1PRNG avoids this problem. This PRNG still gets seeded from (blocking) /dev/random, | ||
// which assures security. | ||
// | ||
// note that SHA1PRNG is not a standard. See http://security.stackexchange.com/questions/47871/ | ||
// | ||
// there's also http://coding.tocea.com/scertify-code/dont-use-the-sha1-prng-randomness-generator/ | ||
// which claims SHA1PRNG has "statistical defects" without details. I discount the credibility of | ||
// this claim based on the lack of details, and that this is not reported as a vulnerability upstream. | ||
return SecureRandom.getInstance("SHA1PRNG"); | ||
} catch (NoSuchAlgorithmException e) { | ||
// fall back | ||
return new SecureRandom(); | ||
} | ||
} | ||
} |