You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/06/23 14:07:30 UTC

[tomcat] branch 9.0.x updated: Refactor to use a shared SecureRandom instance

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 0e4bc93  Refactor to use a shared SecureRandom instance
0e4bc93 is described below

commit 0e4bc93bdd162f078a71c9936187806108369ab2
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jun 23 14:27:35 2021 +0100

    Refactor to use a shared SecureRandom instance
    
    Inspired by an associated SpotBugs warning
---
 java/org/apache/tomcat/websocket/DigestAuthenticator.java | 9 +++++++--
 webapps/docs/changelog.xml                                | 9 +++++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/websocket/DigestAuthenticator.java b/java/org/apache/tomcat/websocket/DigestAuthenticator.java
index 1670fb0..5bd513f 100644
--- a/java/org/apache/tomcat/websocket/DigestAuthenticator.java
+++ b/java/org/apache/tomcat/websocket/DigestAuthenticator.java
@@ -30,7 +30,8 @@ import org.apache.tomcat.util.security.MD5Encoder;
 public class DigestAuthenticator extends Authenticator {
 
     public static final String schemeName = "digest";
-    private SecureRandom cnonceGenerator;
+    private static final Object cnonceGeneratorLock = new Object();
+    private static volatile SecureRandom cnonceGenerator;
     private int nonceCount = 0;
     private long cNonce;
 
@@ -59,7 +60,11 @@ public class DigestAuthenticator extends Authenticator {
 
         if (!messageQop.isEmpty()) {
             if (cnonceGenerator == null) {
-                cnonceGenerator = new SecureRandom();
+                synchronized(cnonceGeneratorLock) {
+                    if (cnonceGenerator == null) {
+                        cnonceGenerator = new SecureRandom();
+                    }
+                }
             }
 
             cNonce = cnonceGenerator.nextLong();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index eea4285..78dbdcf 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -197,6 +197,15 @@
       </update>
     </changelog>
   </subsection>
+  <subsection name="WebSocket">
+    <changelog>
+      <scode>
+        Refactor the <code>DigestAuthenticator</code> to reuse a shared
+        <code>SecureRandom</code> instance rather than create a new one to
+        generate the <code>cnonce</code> if required. (markt)
+      </scode>
+    </changelog>
+  </subsection>
   <subsection name="Web applications">
     <changelog>
       <fix>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org