Changed DRBG creation to give priority to getInstanceStrong() (the age of QRNGs is upon us!)

dghgit · dghgit · commit b737d45c3c7b · 2024-07-01T17:19:19.000+10:00
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java
@@ -223,7 +223,8 @@ public EntropySource get(int bitsRequired)
 
     // unfortunately new SecureRandom() can cause a regress and it's the only reliable way of getting access
     // to the JVM's seed generator.
-    private static EntropySourceProvider createInitialEntropySource()
+
+    private static EntropySourceProvider createCoreEntropySourceProvider()
     {
         boolean hasGetInstanceStrong = AccessController.doPrivileged(new PrivilegedAction<Boolean>()
         {
@@ -254,20 +255,25 @@ public SecureRandom run()
                     }
                     catch (Exception e)
                     {
-                        return new CoreSecureRandom(findSource());
+                        return null;
                     }
                 }
             });
 
+            if (strong == null)
+            {
+                return createInitialEntropySource();
+            }
+
             return new IncrementalEntropySourceProvider(strong, true);
         }
         else
         {
-            return new IncrementalEntropySourceProvider(new CoreSecureRandom(findSource()), true);
+            return createInitialEntropySource();
         }
     }
 
-    private static EntropySourceProvider createCoreEntropySourceProvider()
+    private static EntropySourceProvider createInitialEntropySource()
     {
         String source = AccessController.doPrivileged(new PrivilegedAction<String>()
         {
@@ -279,7 +285,7 @@ public String run()
 
         if (source == null)
         {
-            return createInitialEntropySource();
+            return new IncrementalEntropySourceProvider(new CoreSecureRandom(findSource()), true);
         }
         else
         {
@@ -289,7 +295,7 @@ public String run()
             }
             catch (Exception e)
             {
-                return createInitialEntropySource();
+                return new IncrementalEntropySourceProvider(new CoreSecureRandom(findSource()), true);
             }
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -223,7 +223,8 @@ public EntropySource get(int bitsRequired)`
`223`	`223`
`224`	`224`	`// unfortunately new SecureRandom() can cause a regress and it's the only reliable way of getting access`
`225`	`225`	`// to the JVM's seed generator.`
`226`		`- private static EntropySourceProvider createInitialEntropySource()`
	`226`	`+`
	`227`	`+ private static EntropySourceProvider createCoreEntropySourceProvider()`
`227`	`228`	`{`
`228`	`229`	`boolean hasGetInstanceStrong = AccessController.doPrivileged(new PrivilegedAction<Boolean>()`
`229`	`230`	`{`
`@@ -254,20 +255,25 @@ public SecureRandom run()`
`254`	`255`	`}`
`255`	`256`	`catch (Exception e)`
`256`	`257`	`{`
`257`		`- return new CoreSecureRandom(findSource());`
	`258`	`+ return null;`
`258`	`259`	`}`
`259`	`260`	`}`
`260`	`261`	`});`
`261`	`262`
	`263`	`+ if (strong == null)`
	`264`	`+ {`
	`265`	`+ return createInitialEntropySource();`
	`266`	`+ }`
	`267`	`+`
`262`	`268`	`return new IncrementalEntropySourceProvider(strong, true);`
`263`	`269`	`}`
`264`	`270`	`else`
`265`	`271`	`{`
`266`		`- return new IncrementalEntropySourceProvider(new CoreSecureRandom(findSource()), true);`
	`272`	`+ return createInitialEntropySource();`
`267`	`273`	`}`
`268`	`274`	`}`
`269`	`275`
`270`		`- private static EntropySourceProvider createCoreEntropySourceProvider()`
	`276`	`+ private static EntropySourceProvider createInitialEntropySource()`
`271`	`277`	`{`
`272`	`278`	`String source = AccessController.doPrivileged(new PrivilegedAction<String>()`
`273`	`279`	`{`
`@@ -279,7 +285,7 @@ public String run()`
`279`	`285`
`280`	`286`	`if (source == null)`
`281`	`287`	`{`
`282`		`- return createInitialEntropySource();`
	`288`	`+ return new IncrementalEntropySourceProvider(new CoreSecureRandom(findSource()), true);`
`283`	`289`	`}`
`284`	`290`	`else`
`285`	`291`	`{`
`@@ -289,7 +295,7 @@ public String run()`
`289`	`295`	`}`
`290`	`296`	`catch (Exception e)`
`291`	`297`	`{`
`292`		`- return createInitialEntropySource();`
	`298`	`+ return new IncrementalEntropySourceProvider(new CoreSecureRandom(findSource()), true);`
`293`	`299`	`}`
`294`	`300`	`}`
`295`	`301`	`}`