From e2184d797ed843f16d650395779300098e95c70a Mon Sep 17 00:00:00 2001
From: Kate Gray <opensource@codebykate.com>
Date: Sun, 20 Jan 2019 21:45:29 -0500
Subject: [PATCH] Make SecureRandom securely random

---
 .../com/licel/jcardsim/crypto/RandomDataImpl.java    | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/main/java/com/licel/jcardsim/crypto/RandomDataImpl.java b/src/main/java/com/licel/jcardsim/crypto/RandomDataImpl.java
index 4a5165d2..5e2e7c5f 100644
--- a/src/main/java/com/licel/jcardsim/crypto/RandomDataImpl.java
+++ b/src/main/java/com/licel/jcardsim/crypto/RandomDataImpl.java
@@ -22,9 +22,13 @@
 import org.bouncycastle.crypto.prng.DigestRandomGenerator;
 import org.bouncycastle.crypto.prng.RandomGenerator;
 
+import java.security.SecureRandom;
+
 /**
  * Implementation <code>RandomData</code> based
  * on BouncyCastle CryptoAPI.
+ *
+ * Note: SecureRandom may block on *nix due to low entropy.  If necessary, configure the JVM to use /dev/urandom or egd.
  * @see RandomData
  */
 public class RandomDataImpl extends RandomData {
@@ -34,6 +38,14 @@ public class RandomDataImpl extends RandomData {
     public RandomDataImpl(byte algorithm) {
         this.algorithm = algorithm;
         this.engine = new DigestRandomGenerator(new SHA1Digest());
+
+        // ALG_SECURE_RANDOM should not be consistent with each run
+        if (ALG_SECURE_RANDOM == algorithm) {
+            SecureRandom randomGenerator = new SecureRandom();
+            byte[] seed = new byte[32];
+            randomGenerator.nextBytes(seed);
+            this.engine.addSeedMaterial(seed);
+        }
     }
 
     public void generateData(byte[] buffer, short offset, short length) throws CryptoException {