1 /*
   2  * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package java.security;
  27 
  28 import java.util.*;
  29 import java.util.regex.*;
  30 
  31 import java.security.Provider.Service;
  32 
  33 import sun.security.jca.*;
  34 import sun.security.jca.GetInstance.Instance;
  35 import sun.security.util.Debug;
  36 
  37 /**
  38  * This class provides a cryptographically strong random number
  39  * generator (RNG).
  40  *
  41  * <p>A cryptographically strong random number
  42  * minimally complies with the statistical random number generator tests
  43  * specified in
  44  * <a href="http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf">
  45  * <i>FIPS 140-2, Security Requirements for Cryptographic Modules</i></a>,
  46  * section 4.9.1.
  47  * Additionally, SecureRandom must produce non-deterministic output.
  48  * Therefore any seed material passed to a SecureRandom object must be
  49  * unpredictable, and all SecureRandom output sequences must be
  50  * cryptographically strong, as described in
  51  * <a href="http://tools.ietf.org/html/rfc4086">
  52  * <i>RFC 4086: Randomness Requirements for Security</i></a>.
  53  *
  54  * <p>A caller obtains a SecureRandom instance via the
  55  * no-argument constructor or one of the {@code getInstance} methods:
  56  *
  57  * <pre>
  58  *      SecureRandom random = new SecureRandom();
  59  * </pre>
  60  *
  61  * <p> Many SecureRandom implementations are in the form of a pseudo-random
  62  * number generator (PRNG), which means they use a deterministic algorithm
  63  * to produce a pseudo-random sequence from a true random seed.
  64  * Other implementations may produce true random numbers,
  65  * and yet others may use a combination of both techniques.
  66  *
  67  * <p> Typical callers of SecureRandom invoke the following methods
  68  * to retrieve random bytes:
  69  *
  70  * <pre>
  71  *      SecureRandom random = new SecureRandom();
  72  *      byte[] bytes = new byte[20];
  73  *      random.nextBytes(bytes);
  74  * </pre>
  75  *
  76  * <p> Callers may also invoke the {@code generateSeed} method
  77  * to generate a given number of seed bytes (to seed other random number
  78  * generators, for example):
  79  * <pre>
  80  *      byte[] seed = random.generateSeed(20);
  81  * </pre>
  82  *
  83  * Note: Depending on the implementation, the {@code generateSeed} and
  84  * {@code nextBytes} methods may block as entropy is being gathered,
  85  * for example, if they need to read from /dev/random on various Unix-like
  86  * operating systems.
  87  *
  88  * @see java.security.SecureRandomSpi
  89  * @see java.util.Random
  90  *
  91  * @author Benjamin Renaud
  92  * @author Josh Bloch
  93  */
  94 
  95 public class SecureRandom extends java.util.Random {
  96 
  97     private static final Debug pdebug =
  98                         Debug.getInstance("provider", "Provider");
  99     private static final boolean skipDebug =
 100         Debug.isOn("engine=") && !Debug.isOn("securerandom");
 101 
 102     /**
 103      * The provider.
 104      *
 105      * @serial
 106      * @since 1.2
 107      */
 108     private Provider provider = null;
 109 
 110     /**
 111      * The provider implementation.
 112      *
 113      * @serial
 114      * @since 1.2
 115      */
 116     private SecureRandomSpi secureRandomSpi = null;
 117 
 118     /*
 119      * The algorithm name of null if unknown.
 120      *
 121      * @serial
 122      * @since 1.5
 123      */
 124     private String algorithm;
 125 
 126     // Seed Generator
 127     private static volatile SecureRandom seedGenerator;
 128 
 129     /**
 130      * Constructs a secure random number generator (RNG) implementing the
 131      * default random number algorithm.
 132      *
 133      * <p> This constructor traverses the list of registered security Providers,
 134      * starting with the most preferred Provider.
 135      * A new SecureRandom object encapsulating the
 136      * SecureRandomSpi implementation from the first
 137      * Provider that supports a SecureRandom (RNG) algorithm is returned.
 138      * If none of the Providers support a RNG algorithm,
 139      * then an implementation-specific default is returned.
 140      *
 141      * <p> Note that the list of registered providers may be retrieved via
 142      * the {@link Security#getProviders() Security.getProviders()} method.
 143      *
 144      * <p> See the SecureRandom section in the <a href=
 145      * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
 146      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
 147      * for information about standard RNG algorithm names.
 148      *
 149      * <p> The returned SecureRandom object has not been seeded.  To seed the
 150      * returned object, call the {@code setSeed} method.
 151      * If {@code setSeed} is not called, the first call to
 152      * {@code nextBytes} will force the SecureRandom object to seed itself.
 153      * This self-seeding will not occur if {@code setSeed} was
 154      * previously called.
 155      */
 156     public SecureRandom() {
 157         /*
 158          * This call to our superclass constructor will result in a call
 159          * to our own {@code setSeed} method, which will return
 160          * immediately when it is passed zero.
 161          */
 162         super(0);
 163         getDefaultPRNG(false, null);
 164     }
 165 
 166     /**
 167      * Constructs a secure random number generator (RNG) implementing the
 168      * default random number algorithm.
 169      * The SecureRandom instance is seeded with the specified seed bytes.
 170      *
 171      * <p> This constructor traverses the list of registered security Providers,
 172      * starting with the most preferred Provider.
 173      * A new SecureRandom object encapsulating the
 174      * SecureRandomSpi implementation from the first
 175      * Provider that supports a SecureRandom (RNG) algorithm is returned.
 176      * If none of the Providers support a RNG algorithm,
 177      * then an implementation-specific default is returned.
 178      *
 179      * <p> Note that the list of registered providers may be retrieved via
 180      * the {@link Security#getProviders() Security.getProviders()} method.
 181      *
 182      * <p> See the SecureRandom section in the <a href=
 183      * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
 184      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
 185      * for information about standard RNG algorithm names.
 186      *
 187      * @param seed the seed.
 188      */
 189     public SecureRandom(byte[] seed) {
 190         super(0);
 191         getDefaultPRNG(true, seed);
 192     }
 193 
 194     private void getDefaultPRNG(boolean setSeed, byte[] seed) {
 195         String prng = getPrngAlgorithm();
 196         if (prng == null) {
 197             // bummer, get the SUN implementation
 198             prng = "SHA1PRNG";
 199             this.secureRandomSpi = new sun.security.provider.SecureRandom();
 200             this.provider = Providers.getSunProvider();
 201             if (setSeed) {
 202                 this.secureRandomSpi.engineSetSeed(seed);
 203             }
 204         } else {
 205             try {
 206                 SecureRandom random = SecureRandom.getInstance(prng);
 207                 this.secureRandomSpi = random.getSecureRandomSpi();
 208                 this.provider = random.getProvider();
 209                 if (setSeed) {
 210                     this.secureRandomSpi.engineSetSeed(seed);
 211                 }
 212             } catch (NoSuchAlgorithmException nsae) {
 213                 // never happens, because we made sure the algorithm exists
 214                 throw new RuntimeException(nsae);
 215             }
 216         }
 217         // JDK 1.1 based implementations subclass SecureRandom instead of
 218         // SecureRandomSpi. They will also go through this code path because
 219         // they must call a SecureRandom constructor as it is their superclass.
 220         // If we are dealing with such an implementation, do not set the
 221         // algorithm value as it would be inaccurate.
 222         if (getClass() == SecureRandom.class) {
 223             this.algorithm = prng;
 224         }
 225     }
 226 
 227     /**
 228      * Creates a SecureRandom object.
 229      *
 230      * @param secureRandomSpi the SecureRandom implementation.
 231      * @param provider the provider.
 232      */
 233     protected SecureRandom(SecureRandomSpi secureRandomSpi,
 234                            Provider provider) {
 235         this(secureRandomSpi, provider, null);
 236     }
 237 
 238     private SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider,
 239             String algorithm) {
 240         super(0);
 241         this.secureRandomSpi = secureRandomSpi;
 242         this.provider = provider;
 243         this.algorithm = algorithm;
 244 
 245         if (!skipDebug && pdebug != null) {
 246             pdebug.println("SecureRandom." + algorithm +
 247                 " algorithm from: " + this.provider.getName());
 248         }
 249     }
 250 
 251     /**
 252      * Returns a SecureRandom object that implements the specified
 253      * Random Number Generator (RNG) algorithm.
 254      *
 255      * <p> This method traverses the list of registered security Providers,
 256      * starting with the most preferred Provider.
 257      * A new SecureRandom object encapsulating the
 258      * SecureRandomSpi implementation from the first
 259      * Provider that supports the specified algorithm is returned.
 260      *
 261      * <p> Note that the list of registered providers may be retrieved via
 262      * the {@link Security#getProviders() Security.getProviders()} method.
 263      *
 264      * <p> The returned SecureRandom object has not been seeded.  To seed the
 265      * returned object, call the {@code setSeed} method.
 266      * If {@code setSeed} is not called, the first call to
 267      * {@code nextBytes} will force the SecureRandom object to seed itself.
 268      * This self-seeding will not occur if {@code setSeed} was
 269      * previously called.
 270      *
 271      * @implNote
 272      * The JDK Reference Implementation additionally uses the
 273      * {@code jdk.security.provider.preferred} property to determine
 274      * the preferred provider order for the specified algorithm. This
 275      * may be different than the order of providers returned by
 276      * {@link Security#getProviders() Security.getProviders()}.
 277      *
 278      * @param algorithm the name of the RNG algorithm.
 279      * See the SecureRandom section in the <a href=
 280      * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
 281      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
 282      * for information about standard RNG algorithm names.
 283      *
 284      * @return the new SecureRandom object.
 285      *
 286      * @exception NoSuchAlgorithmException if no Provider supports a
 287      *          SecureRandomSpi implementation for the
 288      *          specified algorithm.
 289      *
 290      * @see Provider
 291      *
 292      * @since 1.2
 293      */
 294     public static SecureRandom getInstance(String algorithm)
 295             throws NoSuchAlgorithmException {
 296         Instance instance = GetInstance.getInstance("SecureRandom",
 297             SecureRandomSpi.class, algorithm);
 298         return new SecureRandom((SecureRandomSpi)instance.impl,
 299             instance.provider, algorithm);
 300     }
 301 
 302     /**
 303      * Returns a SecureRandom object that implements the specified
 304      * Random Number Generator (RNG) algorithm.
 305      *
 306      * <p> A new SecureRandom object encapsulating the
 307      * SecureRandomSpi implementation from the specified provider
 308      * is returned.  The specified provider must be registered
 309      * in the security provider list.
 310      *
 311      * <p> Note that the list of registered providers may be retrieved via
 312      * the {@link Security#getProviders() Security.getProviders()} method.
 313      *
 314      * <p> The returned SecureRandom object has not been seeded.  To seed the
 315      * returned object, call the {@code setSeed} method.
 316      * If {@code setSeed} is not called, the first call to
 317      * {@code nextBytes} will force the SecureRandom object to seed itself.
 318      * This self-seeding will not occur if {@code setSeed} was
 319      * previously called.
 320      *
 321      * @param algorithm the name of the RNG algorithm.
 322      * See the SecureRandom section in the <a href=
 323      * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
 324      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
 325      * for information about standard RNG algorithm names.
 326      *
 327      * @param provider the name of the provider.
 328      *
 329      * @return the new SecureRandom object.
 330      *
 331      * @exception NoSuchAlgorithmException if a SecureRandomSpi
 332      *          implementation for the specified algorithm is not
 333      *          available from the specified provider.
 334      *
 335      * @exception NoSuchProviderException if the specified provider is not
 336      *          registered in the security provider list.
 337      *
 338      * @exception IllegalArgumentException if the provider name is null
 339      *          or empty.
 340      *
 341      * @see Provider
 342      *
 343      * @since 1.2
 344      */
 345     public static SecureRandom getInstance(String algorithm, String provider)
 346             throws NoSuchAlgorithmException, NoSuchProviderException {
 347         Instance instance = GetInstance.getInstance("SecureRandom",
 348             SecureRandomSpi.class, algorithm, provider);
 349         return new SecureRandom((SecureRandomSpi)instance.impl,
 350             instance.provider, algorithm);
 351     }
 352 
 353     /**
 354      * Returns a SecureRandom object that implements the specified
 355      * Random Number Generator (RNG) algorithm.
 356      *
 357      * <p> A new SecureRandom object encapsulating the
 358      * SecureRandomSpi implementation from the specified Provider
 359      * object is returned.  Note that the specified Provider object
 360      * does not have to be registered in the provider list.
 361      *
 362      * <p> The returned SecureRandom object has not been seeded.  To seed the
 363      * returned object, call the {@code setSeed} method.
 364      * If {@code setSeed} is not called, the first call to
 365      * {@code nextBytes} will force the SecureRandom object to seed itself.
 366      * This self-seeding will not occur if {@code setSeed} was
 367      * previously called.
 368      *
 369      * @param algorithm the name of the RNG algorithm.
 370      * See the SecureRandom section in the <a href=
 371      * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
 372      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
 373      * for information about standard RNG algorithm names.
 374      *
 375      * @param provider the provider.
 376      *
 377      * @return the new SecureRandom object.
 378      *
 379      * @exception NoSuchAlgorithmException if a SecureRandomSpi
 380      *          implementation for the specified algorithm is not available
 381      *          from the specified Provider object.
 382      *
 383      * @exception IllegalArgumentException if the specified provider is null.
 384      *
 385      * @see Provider
 386      *
 387      * @since 1.4
 388      */
 389     public static SecureRandom getInstance(String algorithm,
 390             Provider provider) throws NoSuchAlgorithmException {
 391         Instance instance = GetInstance.getInstance("SecureRandom",
 392             SecureRandomSpi.class, algorithm, provider);
 393         return new SecureRandom((SecureRandomSpi)instance.impl,
 394             instance.provider, algorithm);
 395     }
 396 
 397     /**
 398      * Returns the SecureRandomSpi of this SecureRandom object.
 399      */
 400     SecureRandomSpi getSecureRandomSpi() {
 401         return secureRandomSpi;
 402     }
 403 
 404     /**
 405      * Returns the provider of this SecureRandom object.
 406      *
 407      * @return the provider of this SecureRandom object.
 408      */
 409     public final Provider getProvider() {
 410         return provider;
 411     }
 412 
 413     /**
 414      * Returns the name of the algorithm implemented by this SecureRandom
 415      * object.
 416      *
 417      * @return the name of the algorithm or {@code unknown}
 418      *          if the algorithm name cannot be determined.
 419      * @since 1.5
 420      */
 421     public String getAlgorithm() {
 422         return Objects.toString(algorithm, "unknown");
 423     }
 424 
 425     /**
 426      * Reseeds this random object. The given seed supplements, rather than
 427      * replaces, the existing seed. Thus, repeated calls are guaranteed
 428      * never to reduce randomness.
 429      *
 430      * @param seed the seed.
 431      *
 432      * @see #getSeed
 433      */
 434     public synchronized void setSeed(byte[] seed) {
 435         secureRandomSpi.engineSetSeed(seed);
 436     }
 437 
 438     /**
 439      * Reseeds this random object, using the eight bytes contained
 440      * in the given {@code long seed}. The given seed supplements,
 441      * rather than replaces, the existing seed. Thus, repeated calls
 442      * are guaranteed never to reduce randomness.
 443      *
 444      * <p>This method is defined for compatibility with
 445      * {@code java.util.Random}.
 446      *
 447      * @param seed the seed.
 448      *
 449      * @see #getSeed
 450      */
 451     @Override
 452     public void setSeed(long seed) {
 453         /*
 454          * Ignore call from super constructor (as well as any other calls
 455          * unfortunate enough to be passing 0).  It's critical that we
 456          * ignore call from superclass constructor, as digest has not
 457          * yet been initialized at that point.
 458          */
 459         if (seed != 0) {
 460             secureRandomSpi.engineSetSeed(longToByteArray(seed));
 461         }
 462     }
 463 
 464     /**
 465      * Generates a user-specified number of random bytes.
 466      *
 467      * <p> If a call to {@code setSeed} had not occurred previously,
 468      * the first call to this method forces this SecureRandom object
 469      * to seed itself.  This self-seeding will not occur if
 470      * {@code setSeed} was previously called.
 471      *
 472      * @param bytes the array to be filled in with random bytes.
 473      */
 474     @Override
 475     public void nextBytes(byte[] bytes) {
 476         secureRandomSpi.engineNextBytes(bytes);
 477     }
 478 
 479     /**
 480      * Generates an integer containing the user-specified number of
 481      * pseudo-random bits (right justified, with leading zeros).  This
 482      * method overrides a {@code java.util.Random} method, and serves
 483      * to provide a source of random bits to all of the methods inherited
 484      * from that class (for example, {@code nextInt},
 485      * {@code nextLong}, and {@code nextFloat}).
 486      *
 487      * @param numBits number of pseudo-random bits to be generated, where
 488      * {@code 0 <= numBits <= 32}.
 489      *
 490      * @return an {@code int} containing the user-specified number
 491      * of pseudo-random bits (right justified, with leading zeros).
 492      */
 493     @Override
 494     protected final int next(int numBits) {
 495         int numBytes = (numBits+7)/8;
 496         byte[] b = new byte[numBytes];
 497         int next = 0;
 498 
 499         nextBytes(b);
 500         for (int i = 0; i < numBytes; i++) {
 501             next = (next << 8) + (b[i] & 0xFF);
 502         }
 503 
 504         return next >>> (numBytes*8 - numBits);
 505     }
 506 
 507     /**
 508      * Returns the given number of seed bytes, computed using the seed
 509      * generation algorithm that this class uses to seed itself.  This
 510      * call may be used to seed other random number generators.
 511      *
 512      * <p>This method is only included for backwards compatibility.
 513      * The caller is encouraged to use one of the alternative
 514      * {@code getInstance} methods to obtain a SecureRandom object, and
 515      * then call the {@code generateSeed} method to obtain seed bytes
 516      * from that object.
 517      *
 518      * @param numBytes the number of seed bytes to generate.
 519      *
 520      * @return the seed bytes.
 521      *
 522      * @see #setSeed
 523      */
 524     public static byte[] getSeed(int numBytes) {
 525         SecureRandom seedGen = seedGenerator;
 526         if (seedGen == null) {
 527             seedGen = new SecureRandom();
 528             seedGenerator = seedGen;
 529         }
 530         return seedGen.generateSeed(numBytes);
 531     }
 532 
 533     /**
 534      * Returns the given number of seed bytes, computed using the seed
 535      * generation algorithm that this class uses to seed itself.  This
 536      * call may be used to seed other random number generators.
 537      *
 538      * @param numBytes the number of seed bytes to generate.
 539      *
 540      * @return the seed bytes.
 541      */
 542     public byte[] generateSeed(int numBytes) {
 543         return secureRandomSpi.engineGenerateSeed(numBytes);
 544     }
 545 
 546     /**
 547      * Helper function to convert a long into a byte array (least significant
 548      * byte first).
 549      */
 550     private static byte[] longToByteArray(long l) {
 551         byte[] retVal = new byte[8];
 552 
 553         for (int i = 0; i < 8; i++) {
 554             retVal[i] = (byte) l;
 555             l >>= 8;
 556         }
 557 
 558         return retVal;
 559     }
 560 
 561     /**
 562      * Gets a default PRNG algorithm by looking through all registered
 563      * providers. Returns the first PRNG algorithm of the first provider that
 564      * has registered a SecureRandom implementation, or null if none of the
 565      * registered providers supplies a SecureRandom implementation.
 566      */
 567     private static String getPrngAlgorithm() {
 568         for (Provider p : Providers.getProviderList().providers()) {
 569             for (Service s : p.getServices()) {
 570                 if (s.getType().equals("SecureRandom")) {
 571                     return s.getAlgorithm();
 572                 }
 573             }
 574         }
 575         return null;
 576     }
 577 
 578     /*
 579      * Lazily initialize since Pattern.compile() is heavy.
 580      * Effective Java (2nd Edition), Item 71.
 581      */
 582     private static final class StrongPatternHolder {
 583         /*
 584          * Entries are alg:prov separated by ,
 585          * Allow for prepended/appended whitespace between entries.
 586          *
 587          * Capture groups:
 588          *     1 - alg
 589          *     2 - :prov (optional)
 590          *     3 - prov (optional)
 591          *     4 - ,nextEntry (optional)
 592          *     5 - nextEntry (optional)
 593          */
 594         private static Pattern pattern =
 595             Pattern.compile(
 596                 "\\s*([\\S&&[^:,]]*)(\\:([\\S&&[^,]]*))?\\s*(\\,(.*))?");
 597     }
 598 
 599     /**
 600      * Returns a {@code SecureRandom} object that was selected by using
 601      * the algorithms/providers specified in the {@code
 602      * securerandom.strongAlgorithms} {@link Security} property.
 603      * <p>
 604      * Some situations require strong random values, such as when
 605      * creating high-value/long-lived secrets like RSA public/private
 606      * keys.  To help guide applications in selecting a suitable strong
 607      * {@code SecureRandom} implementation, Java distributions
 608      * include a list of known strong {@code SecureRandom}
 609      * implementations in the {@code securerandom.strongAlgorithms}
 610      * Security property.
 611      * <p>
 612      * Every implementation of the Java platform is required to
 613      * support at least one strong {@code SecureRandom} implementation.
 614      *
 615      * @return a strong {@code SecureRandom} implementation as indicated
 616      * by the {@code securerandom.strongAlgorithms} Security property
 617      *
 618      * @throws NoSuchAlgorithmException if no algorithm is available
 619      *
 620      * @see Security#getProperty(String)
 621      *
 622      * @since 1.8
 623      */
 624     public static SecureRandom getInstanceStrong()
 625             throws NoSuchAlgorithmException {
 626 
 627         String property = AccessController.doPrivileged(
 628             new PrivilegedAction<>() {
 629                 @Override
 630                 public String run() {
 631                     return Security.getProperty(
 632                         "securerandom.strongAlgorithms");
 633                 }
 634             });
 635 
 636         if ((property == null) || (property.length() == 0)) {
 637             throw new NoSuchAlgorithmException(
 638                 "Null/empty securerandom.strongAlgorithms Security Property");
 639         }
 640 
 641         String remainder = property;
 642         while (remainder != null) {
 643             Matcher m;
 644             if ((m = StrongPatternHolder.pattern.matcher(
 645                     remainder)).matches()) {
 646 
 647                 String alg = m.group(1);
 648                 String prov = m.group(3);
 649 
 650                 try {
 651                     if (prov == null) {
 652                         return SecureRandom.getInstance(alg);
 653                     } else {
 654                         return SecureRandom.getInstance(alg, prov);
 655                     }
 656                 } catch (NoSuchAlgorithmException |
 657                         NoSuchProviderException e) {
 658                 }
 659                 remainder = m.group(5);
 660             } else {
 661                 remainder = null;
 662             }
 663         }
 664 
 665         throw new NoSuchAlgorithmException(
 666             "No strong SecureRandom impls available: " + property);
 667     }
 668 
 669     // Declare serialVersionUID to be compatible with JDK1.1
 670     static final long serialVersionUID = 4940670005562187L;
 671 
 672     // Retain unused values serialized from JDK1.1
 673     /**
 674      * @serial
 675      */
 676     private byte[] state;
 677     /**
 678      * @serial
 679      */
 680     private MessageDigest digest = null;
 681     /**
 682      * @serial
 683      *
 684      * We know that the MessageDigest class does not implement
 685      * java.io.Serializable.  However, since this field is no longer
 686      * used, it will always be NULL and won't affect the serialization
 687      * of the SecureRandom class itself.
 688      */
 689     private byte[] randomBytes;
 690     /**
 691      * @serial
 692      */
 693     private int randomBytesUsed;
 694     /**
 695      * @serial
 696      */
 697     private long counter;
 698 }