From 01619683923174b57d8708e909a47afbd7e84103 Mon Sep 17 00:00:00 2001
From: Almaz Mingaleev <mingaleev@google.com>
Date: Tue, 14 Mar 2023 14:07:50 +0000
Subject: Use SecureRandom instead of java.util.Random.

The latter might be initialized in the Zygote and return the same
sequence within app restarts.

Bug: 273524418
Fix: 273524418
Test: m
Change-Id: Id85082edffb7b769bb5f78d66b561e5e097227c5
---
 .../java/android/security/keystore2/KeyStoreCryptoOperationUtils.java | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'keystore/java')

diff --git a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java
index 6fa1a694eb67..372e4cb3d72e 100644
--- a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java
+++ b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java
@@ -40,7 +40,6 @@ import java.security.InvalidKeyException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Random;
 
 /**
  * Assorted utility methods for implementing crypto operations on top of KeyStore.
@@ -50,7 +49,6 @@ import java.util.Random;
 abstract class KeyStoreCryptoOperationUtils {
 
     private static volatile SecureRandom sRng;
-    private static final Random sRandom = new Random();
 
     private KeyStoreCryptoOperationUtils() {}
 
@@ -213,7 +211,7 @@ abstract class KeyStoreCryptoOperationUtils {
         } else {
             // Keystore won't give us an operation challenge if the operation doesn't
             // need user authorization. So we make our own.
-            return sRandom.nextLong();
+            return getRng().nextLong();
         }
     }
 }
-- 
cgit v1.2.3-59-g8ed1b