public
/
openhab-addons
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use SecureRandom instead of Random (#15459) 

Make sure that SecureRadom is used whenever the random number
is used for cryptographic operations, e.g. as nonce/salt.

Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
This commit is contained in:
Holger Friedrich 2023-08-20 21:29:37 +02:00 committed by GitHub
parent e86998000e
commit 95ac2eb80b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
bundles/org.openhab.binding.ipcamera/src/main/java/org/openhab/binding/ipcamera/internal/MyNettyAuthHandler.java
View File

@ -14,6 +14,7 @@ package org.openhab.binding.ipcamera.internal;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Random;
import org.eclipse.jdt.annotation.NonNullByDefault;
@ -117,7 +118,7 @@ public class MyNettyAuthHandler extends ChannelDuplexHandler {
// create the MD5 hashes
String ha1 = username + ":" + realm + ":" + password;
ha1 = calcMD5Hash(ha1);
Random random = new Random();
Random random = new SecureRandom();
String cnonce = Integer.toHexString(random.nextInt());
ncCounter = (ncCounter > 125) ? 1 : ++ncCounter;
String nc = String.format("%08X", ncCounter); // 8 digit hex number

3
bundles/org.openhab.binding.ipcamera/src/main/java/org/openhab/binding/ipcamera/internal/onvif/OnvifConnection.java
View File

@ -18,6 +18,7 @@ import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Base64;
@ -478,7 +479,7 @@ public class OnvifConnection {
}
String createNonce() {
Random nonce = new Random();
Random nonce = new SecureRandom();
return "" + nonce.nextInt();
}

3
bundles/org.openhab.binding.kostalinverter/src/main/java/org/openhab/binding/kostalinverter/internal/thirdgeneration/ThirdGenerationEncryptionHelper.java
View File

@ -17,6 +17,7 @@ import static org.openhab.binding.kostalinverter.internal.thirdgeneration.ThirdG
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import java.util.Random;
@ -105,7 +106,7 @@ final class ThirdGenerationEncryptionHelper {
* @return nonce
*/
static String createClientNonce() {
Random generator = new Random();
Random generator = new SecureRandom();
// Randomize the random generator
byte[] randomizeArray = new byte[1024];

3
bundles/org.openhab.binding.miio/src/main/java/org/openhab/binding/miio/internal/cloud/CloudUtil.java
View File

@ -24,6 +24,7 @@ import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
@ -45,7 +46,7 @@ import org.slf4j.Logger;
@NonNullByDefault
public class CloudUtil {
private static final Random RANDOM = new Random();
private static final Random RANDOM = new SecureRandom();
/**
* Saves the Xiaomi cloud device info with tokens to file

3
bundles/org.openhab.binding.millheat/src/main/java/org/openhab/binding/millheat/internal/handler/MillheatAccountHandler.java
View File

@ -15,6 +15,7 @@ package org.openhab.binding.millheat.internal.handler;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.List;
import java.util.Optional;
import java.util.Random;
@ -107,7 +108,7 @@ public class MillheatAccountHandler extends BaseBridgeHandler {
private @NonNullByDefault({}) MillheatAccountConfiguration config;
private static String getRandomString(final int sizeOfRandomString) {
final Random random = new Random();
final Random random = new SecureRandom();
final StringBuilder sb = new StringBuilder(sizeOfRandomString);
for (int i = 0; i < sizeOfRandomString; ++i) {
sb.append(ALLOWED_NONCE_CHARACTERS.charAt(random.nextInt(ALLOWED_NONCE_CHARACTERS_LENGTH)));

3
bundles/org.openhab.binding.mybmw/src/main/java/org/openhab/binding/mybmw/internal/utils/Converter.java
View File

@ -13,6 +13,7 @@
package org.openhab.binding.mybmw.internal.utils;
import java.lang.reflect.Type;
import java.security.SecureRandom;
import java.text.SimpleDateFormat;
import java.time.LocalTime;
import java.time.ZoneId;
@ -251,7 +252,7 @@ public class Converter {
public static String getRandomString(int size) {
int leftLimit = 97; // letter 'a'
int rightLimit = 122; // letter 'z'
Random random = new Random();
Random random = new SecureRandom();
String generatedString = random.ints(leftLimit, rightLimit + 1).limit(size)
.collect(StringBuilder::new, StringBuilder::appendCodePoint, StringBuilder::append).toString();

3
bundles/org.openhab.binding.satel/src/main/java/org/openhab/binding/satel/internal/protocol/Ethm1Module.java
View File

@ -20,6 +20,7 @@ import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.security.SecureRandom;
import java.util.Random;
import org.eclipse.jdt.annotation.NonNullByDefault;
@ -132,7 +133,7 @@ public class Ethm1Module extends SatelModule {
} catch (Exception e) {
throw new IOException("General encryption failure", e);
}
this.rand = new Random();
this.rand = new SecureRandom();
this.idS = 0;
this.idR = 0;
this.rollingCounter = 0;