raboof/pekko
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Packages Wiki Activity Actions 11

Allowing arbitrary random number generators (#29246)

Browse source 
Issue #29188
This commit is contained in:
itssunilsid 2020-06-25 13:05:44 +05:30 committed by GitHub
parent 7dfcc0bfd0
commit 0f7785e8d9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

3
akka-remote/src/main/mima-filters/2.6.x.backwards.excludes/pr-29246-remove-prng-constans.excludes Normal file
View file

@ -0,0 +1,3 @@
# removed prng constants related to issue #29188 and pr #29246
ProblemFilters.exclude[DirectMissingMethodProblem]("akka.remote.artery.tcp.SecureRandomFactory.GeneratorSha1Prng")
ProblemFilters.exclude[DirectMissingMethodProblem]("akka.remote.artery.tcp.SecureRandomFactory.GeneratorNativePrng")

21
akka-remote/src/main/scala/akka/remote/artery/tcp/SecureRandomFactory.scala
View file

@ -7,7 +7,6 @@ package akka.remote.artery.tcp
import java.security.SecureRandom import java.security.SecureRandom
import akka.annotation.InternalApi import akka.annotation.InternalApi
import akka.event.LogMarker
import akka.event.MarkerLoggingAdapter import akka.event.MarkerLoggingAdapter
import com.typesafe.config.Config import com.typesafe.config.Config
@ -16,8 +15,6 @@ import com.typesafe.config.Config
*/ */
@InternalApi private[akka] object SecureRandomFactory { @InternalApi private[akka] object SecureRandomFactory {
val GeneratorSha1Prng = "SHA1PRNG"
val GeneratorNativePrng = "NativePRNG"
val GeneratorJdkSecureRandom = "SecureRandom" val GeneratorJdkSecureRandom = "SecureRandom"
/** /**
@ -35,22 +32,12 @@ import com.typesafe.config.Config
def createSecureRandom(randomNumberGenerator: String, log: MarkerLoggingAdapter): SecureRandom = { def createSecureRandom(randomNumberGenerator: String, log: MarkerLoggingAdapter): SecureRandom = {
val rng = randomNumberGenerator match { val rng = randomNumberGenerator match {
case s @ (GeneratorSha1Prng | GeneratorNativePrng) =>
log.debug("SSL random number generator set to: {}", s)
// SHA1PRNG needs /dev/urandom to be the source on Linux to prevent problems with /dev/random blocking
// However, this also makes the seed source insecure as the seed is reused to avoid blocking (not a problem on FreeBSD).
SecureRandom.getInstance(s)
case "" | GeneratorJdkSecureRandom => case "" | GeneratorJdkSecureRandom =>
log.debug("SSL random number generator set to [SecureRandom]") log.debug("Using platform default SecureRandom algorithm for SSL")
new SecureRandom
case unknown =>
log.warning(
LogMarker.Security,
"Unknown SSL random number generator [{}] falling back to SecureRandom",
unknown)
new SecureRandom new SecureRandom
case custom =>
log.debug("Using {} SecureRandom algorithm for SSL", custom)
SecureRandom.getInstance(custom)
} }
rng.nextInt() // prevent stall on first access rng.nextInt() // prevent stall on first access
rng rng