From 0f7785e8d90a59e71b516f387ce2d16fd4d92514 Mon Sep 17 00:00:00 2001 From: itssunilsid Date: Thu, 25 Jun 2020 13:05:44 +0530 Subject: [PATCH] Allowing arbitrary random number generators (#29246) Issue #29188 --- .../pr-29246-remove-prng-constans.excludes | 3 +++ .../artery/tcp/SecureRandomFactory.scala | 21 ++++--------------- 2 files changed, 7 insertions(+), 17 deletions(-) create mode 100644 akka-remote/src/main/mima-filters/2.6.x.backwards.excludes/pr-29246-remove-prng-constans.excludes diff --git a/akka-remote/src/main/mima-filters/2.6.x.backwards.excludes/pr-29246-remove-prng-constans.excludes b/akka-remote/src/main/mima-filters/2.6.x.backwards.excludes/pr-29246-remove-prng-constans.excludes new file mode 100644 index 0000000000..54c516c378 --- /dev/null +++ b/akka-remote/src/main/mima-filters/2.6.x.backwards.excludes/pr-29246-remove-prng-constans.excludes @@ -0,0 +1,3 @@ +# removed prng constants related to issue #29188 and pr #29246 +ProblemFilters.exclude[DirectMissingMethodProblem]("akka.remote.artery.tcp.SecureRandomFactory.GeneratorSha1Prng") +ProblemFilters.exclude[DirectMissingMethodProblem]("akka.remote.artery.tcp.SecureRandomFactory.GeneratorNativePrng") diff --git a/akka-remote/src/main/scala/akka/remote/artery/tcp/SecureRandomFactory.scala b/akka-remote/src/main/scala/akka/remote/artery/tcp/SecureRandomFactory.scala index a9879372dc..f083ca716b 100644 --- a/akka-remote/src/main/scala/akka/remote/artery/tcp/SecureRandomFactory.scala +++ b/akka-remote/src/main/scala/akka/remote/artery/tcp/SecureRandomFactory.scala @@ -7,7 +7,6 @@ package akka.remote.artery.tcp import java.security.SecureRandom import akka.annotation.InternalApi -import akka.event.LogMarker import akka.event.MarkerLoggingAdapter import com.typesafe.config.Config @@ -16,8 +15,6 @@ import com.typesafe.config.Config */ @InternalApi private[akka] object SecureRandomFactory { - val GeneratorSha1Prng = "SHA1PRNG" - val GeneratorNativePrng = "NativePRNG" val GeneratorJdkSecureRandom = "SecureRandom" /** @@ -35,22 +32,12 @@ import com.typesafe.config.Config def createSecureRandom(randomNumberGenerator: String, log: MarkerLoggingAdapter): SecureRandom = { val rng = randomNumberGenerator match { - case s @ (GeneratorSha1Prng | GeneratorNativePrng) => - log.debug("SSL random number generator set to: {}", s) - // SHA1PRNG needs /dev/urandom to be the source on Linux to prevent problems with /dev/random blocking - // However, this also makes the seed source insecure as the seed is reused to avoid blocking (not a problem on FreeBSD). - SecureRandom.getInstance(s) - case "" | GeneratorJdkSecureRandom => - log.debug("SSL random number generator set to [SecureRandom]") - new SecureRandom - - case unknown => - log.warning( - LogMarker.Security, - "Unknown SSL random number generator [{}] falling back to SecureRandom", - unknown) + log.debug("Using platform default SecureRandom algorithm for SSL") new SecureRandom + case custom => + log.debug("Using {} SecureRandom algorithm for SSL", custom) + SecureRandom.getInstance(custom) } rng.nextInt() // prevent stall on first access rng