This is an automated email from the ASF dual-hosted git repository.
jochen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-crypto.git
The following commit(s) were added to refs/heads/master by this push:
new fcdb396 CRYPTO-160: Improve quality for methods, that
JavaCryptoRandom inherits from Random.
fcdb396 is described below
commit fcdb39680498b7959567e8edbc4f970108d014d9
Author: Jochen Wiedmann <jochen.wiedm...@gmail.com>
AuthorDate: Fri Jun 10 10:25:46 2022 +0200
CRYPTO-160: Improve quality for methods, that JavaCryptoRandom inherits
from Random.
---
pom.xml | 2 +-
src/changes/changes.xml | 22 ++++++++++-----------
.../commons/crypto/random/JavaCryptoRandom.java | 20 +++++++++++++++++++
.../crypto/random/JavaCryptoRandomTest.java | 23 +++++++++++++++++++++-
4 files changed, 53 insertions(+), 14 deletions(-)
diff --git a/pom.xml b/pom.xml
index 29bf1df..53a2d16 100644
--- a/pom.xml
+++ b/pom.xml
@@ -585,7 +585,7 @@ The following provides more details on the included
cryptographic software:
<goal>run</goal>
</goals>
<configuration>
- <target name="make">
+ <target name="make" unless="maven.make.skip">
<taskdef resource="net/sf/antcontrib/antcontrib.properties"
classpathref="maven.plugin.classpath" />
<exec executable="make" failonerror="true"
dir="${project.basedir}">
<env key="VERSION" value="${project.version}" />
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index e99c571..9643f85 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -62,6 +62,7 @@
<body>
<release version="1.1.1" date="20YY-MM-DD" description="TBD">
+ <action issue="CRYPTO-160" type="fix" dev="jochen">Enhance the quality
of JavaCryptoRandom as a subclass of Random by overwriting
Random.next(inz).</action>
<!-- FIX -->
<action issue="CRYPTO-154" type="fix">License header should be plain a
comment #113.</action>
<action type="fix" dev="ggregory" due-to="Arturo
Bernal">Fix PMD warning and don't init to defaults #128.</action>
@@ -69,28 +70,25 @@
<action type="fix" dev="ggregory" due-to="Gary
Gregory">Port from pre-Java 8 javah tool to Java 8 and up javac with the -h
option.</action>
<action type="fix" dev="ggregory" due-to="Gary
Gregory">Fix build on Java 11.</action>
<action type="fix" dev="ggregory" due-to="Gary
Gregory">Fix build on Java 17.</action>
- <!-- ADD -->
- <action type="fix" dev="ggregory" due-to="Gary
Gregory, Dependabot">Add github/codeql-action 2 #159.</action>
<!-- UPDATE -->
- <action type="update" dev="ggregory"
due-to="Dependabot, Gary Gregory">Bump actions/cache from 2.1.7 to 3.0.4
#150.</action>
<action type="update" dev="ggregory"
due-to="Dependabot">Bump actions/checkout from 2 to 3 #149.</action>
+ <action type="update" dev="ggregory"
due-to="Dependabot, Gary Gregory">Bump actions/cache from 2.1.7 to 3.0.3
#150.</action>
<action type="update" dev="ggregory" due-to="Gary
Gregory">Bump actions/setup-java from 2 to 3.</action>
+ <action type="update" dev="ggregory" due-to="Gary
Gregory">Update commons.jacoco.version 0.8.5 to 0.8.7 (Fixes Java 15
builds).</action>
<action issue="CRYPTO-155" type="update" due-to="Arturo Bernal">Minor
improvement #115, #125.</action>
<action issue="CRYPTO-151" type="update" due-to="Arturo Bernal">Migrate
to Junit 5 #114.</action>
<action type="update" dev="ggregory"
due-to="Dependabot">Bump jna from 5.5.0 to 5.11.0 #123, #139, #153.</action>
- <action type="update" dev="ggregory" due-to="Gary
Gregory">Bump commons.japicmp.version from 0.14.3 to 0.15.7.</action>
+ <action type="update" dev="ggregory" due-to="Gary
Gregory">Update commons.japicmp.version 0.14.3 -> 0.15.7.</action>
<action type="update" dev="ggregory"
due-to="Dependabot">Bump maven-checkstyle-plugin from 3.1.1 to 3.1.2
#130.</action>
- <action type="update" dev="ggregory"
due-to="Dependabot">Bump jmh.version from 1.12 to 1.35 #119, #157.</action>
+ <action type="update" dev="ggregory"
due-to="Dependabot">Bump jmh.version from 1.12 to 1.34 #119.</action>
<action type="update" dev="ggregory"
due-to="Dependabot">Bump exec-maven-plugin from 1.6.0 to 3.0.0 #121.</action>
- <action type="update" dev="ggregory"
due-to="Dependabot">Bump maven-antrun-plugin from 1.8 to 3.1.0 #120,
#158.</action>
- <action type="update" dev="ggregory" due-to="Gary
Gregory">Bump commons.japicmp.version from 0.15.2 to 0.15.7 #138.</action>
- <action type="update" dev="ggregory" due-to="Gary
Gregory">Bump jacoco-maven-plugin from 0.6.6 to 0.8.8 #138, #154.</action>
- <action type="update" dev="ggregory" due-to="Gary
Gregory">Bump commons.javadoc.version from 3.2.0 to 3.4.0 #138.</action>
+ <action type="update" dev="ggregory"
due-to="Dependabot">Bump maven-antrun-plugin from 1.8 to 3.0.0 #120.</action>
+ <action type="update" dev="ggregory" due-to="Gary
Gregory">Bump commons.japicmp.version 0.15.2 -> 0.15.7 #138.</action>
+ <action type="update" dev="ggregory" due-to="Gary
Gregory">Bump jacoco-maven-plugin 0.6.6 -> 0.8.8 #138, #154.</action>
+ <action type="update" dev="ggregory" due-to="Gary
Gregory">Bump commons.javadoc.version 3.2.0 -> 3.3.2 #138.</action>
<action type="update" dev="ggregory" due-to="Gary
Gregory">Bump maven-pmd-plugin from 3.14.0 to 3.16.0 #140.</action>
<action type="update" dev="ggregory"
due-to="Dependabot">Bump taglist-maven-plugin from 2.4 to 3.0.0 #147.</action>
- <action type="update" dev="ggregory"
due-to="Dependabot">Bump spotbugs-maven-plugin from 4.5.3.0 to 4.7.0.0 #152,
#160.</action>
- <action type="update" dev="ggregory" due-to="Gary
Gregory">Bump commons-parent from 52 to 53.</action>
- <action type="update" dev="ggregory" due-to="Gary
Gregory">Bump commons.surefire.version from 3.0.0-M5 to 3.0.0-M7.</action>
+ <action type="update" dev="ggregory"
due-to="Dependabot">Bump spotbugs-maven-plugin from 4.5.3.0 to 4.6.0.0
#152.</action>
</release>
<release version="1.1.0" date="2020-08-28" description="Minor release
(Java 8 and OpenSSL 1.1.1)">
<action issue="CRYPTO-59" type="add">Support Galois/Counter Mode
(GCM).</action>
diff --git
a/src/main/java/org/apache/commons/crypto/random/JavaCryptoRandom.java
b/src/main/java/org/apache/commons/crypto/random/JavaCryptoRandom.java
index 519eb65..5e65cea 100644
--- a/src/main/java/org/apache/commons/crypto/random/JavaCryptoRandom.java
+++ b/src/main/java/org/apache/commons/crypto/random/JavaCryptoRandom.java
@@ -22,6 +22,8 @@ import java.security.SecureRandom;
import java.util.Properties;
import java.util.Random;
+import org.apache.commons.crypto.utils.Utils;
+
/**
* A CryptoRandom of Java implementation.
*/
@@ -76,4 +78,22 @@ class JavaCryptoRandom extends Random implements
CryptoRandom {
public void nextBytes(final byte[] bytes) {
instance.nextBytes(bytes);
}
+
+ /**
+ * Overrides Random#next(). Generates an integer containing the
+ * user-specified number of random bits(right justified, with leading
+ * zeros).
+ *
+ * @param numBits number of random bits to be generated, where 0
+ * {@literal <=} {@code numBits} {@literal <=} 32.
+ * @return int an {@code int} containing the user-specified number of
+ * random bits (right justified, with leading zeros).
+ */
+ @Override
+ protected int next(final int numBits) {
+ Utils.checkArgument(numBits >= 0 && numBits <= 32);
+ // Can't simply invoke instance.next(bits) here, because that
is package protected.
+ // But, this should do.
+ return instance.nextInt() >>> (Integer.SIZE - numBits);
+ }
}
diff --git
a/src/test/java/org/apache/commons/crypto/random/JavaCryptoRandomTest.java
b/src/test/java/org/apache/commons/crypto/random/JavaCryptoRandomTest.java
index 0f942c2..12f29ae 100644
--- a/src/test/java/org/apache/commons/crypto/random/JavaCryptoRandomTest.java
+++ b/src/test/java/org/apache/commons/crypto/random/JavaCryptoRandomTest.java
@@ -17,13 +17,19 @@
*/
package org.apache.commons.crypto.random;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.security.GeneralSecurityException;
import java.util.Properties;
+import java.util.Random;
-public class JavaCryptoRandomTest extends AbstractRandomTest {
+import org.apache.commons.crypto.utils.Utils;
+import org.junit.jupiter.api.Test;
+public class JavaCryptoRandomTest extends AbstractRandomTest {
@Override
public CryptoRandom getCryptoRandom() throws GeneralSecurityException {
final Properties props = new Properties();
@@ -37,4 +43,19 @@ public class JavaCryptoRandomTest extends AbstractRandomTest
{
return random;
}
+ @Test
+ public void testNextIntIsntActuallyRandomNextInt() throws Exception {
+ final CryptoRandom cr = getCryptoRandom();
+ final Random r = (Random) cr;
+ final long seed = 1654421930011l; // System.getCurrentMillis() on
2022-June-05, 11:39
+ final Random otherRandom = new Random(seed);
+ final Random otherRandom2 = new Random();
+ otherRandom2.setSeed(seed);
+ r.setSeed(seed);
+ final long l1 = r.nextLong();
+ final long l2 = otherRandom.nextLong();
+ final long l3 = otherRandom2.nextLong();
+ assertEquals(l2, l3);
+ assertNotEquals(l1, l2);
+ }
}
