Skip to content

Commit

Permalink
Actually settle on SHA1PRNG if it's available. #1407
Browse files Browse the repository at this point in the history 
I botched the previous patch a bit by unconditionally re-assigning
the secureRandom local to a default JDK new SecureRandom. This
could cause systems without the default preferred PRNG
(NativePRNGNonBlocking, Java 8+) to have slower thread startup and/or
random number generation.
  • Loading branch information
@headius
headius committed Sep 12, 2016
1 parent 42a0ea3 commit 862ee1c
Showing 1 changed file with 24 additions and 18 deletions.
42 changes: 24 additions & 18 deletions core/src/main/java/org/jruby/runtime/ThreadContext.java
View file
Expand Up @@ -145,29 +145,35 @@ public static ThreadContext newContext(Ruby runtime) {

public final JavaSites sites;

@SuppressWarnings("deprecated")
@SuppressWarnings("deprecation")
public SecureRandom getSecureRandom() {
SecureRandom secureRandom = this.secureRandom;
if (secureRandom == null) {
if (tryPreferredPRNG) {
try {
secureRandom = SecureRandom.getInstance(Options.PREFERRED_PRNG.load());
} catch (Exception e) {
tryPreferredPRNG = false;
}

// Try preferred PRNG, which defaults to NativePRNGNonBlocking
if (secureRandom == null && tryPreferredPRNG) {
try {
secureRandom = SecureRandom.getInstance(Options.PREFERRED_PRNG.load());
} catch (Exception e) {
tryPreferredPRNG = false;
}
if (secureRandom == null) {
if (trySHA1PRNG) {
try {
secureRandom = SecureRandom.getInstance("SHA1PRNG");
} catch (Exception e) {
trySHA1PRNG = false;
}
}
secureRandom = new SecureRandom();
}

// Try SHA1PRNG
if (secureRandom == null && trySHA1PRNG) {
try {
secureRandom = SecureRandom.getInstance("SHA1PRNG");
} catch (Exception e) {
trySHA1PRNG = false;
}
this.secureRandom = secureRandom;
}

// Just let JDK do whatever it does
if (secureRandom == null) {
secureRandom = new SecureRandom();
}

this.secureRandom = secureRandom;

return secureRandom;
}

Expand Down

0 comments on commit 862ee1c

Please sign in to comment.