java.lang.SecurityException: new SecureRandom() #151

hubertSwiecioch · 2017-05-09T09:42:25Z

General information

SDK/Library version: 2.4.2
Environment: Sandbox/Production
Android Version and Device: 4.3/ 4.2.2

Issue description

Caused by: java.lang.SecurityException: new SecureRandom() backed by wrong Provider: class com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes$LinuxPRNGSecureRandomProvider
                                                     at com.paypal.android.sdk.onetouch.core.encryption.PRNGFixes.installLinuxPRNGSecureRandom(PRNGFixes.java:115)
                                                     at com.paypal.android.sdk.onetouch.core.encryption.PRNGFixes.apply(PRNGFixes.java:46)
                                                     at com.paypal.android.sdk.onetouch.core.encryption.EncryptionUtils.<clinit>(EncryptionUtils.java:19)
                                                     at com.paypal.android.sdk.onetouch.core.encryption.OtcCrypto.generateRandom256BitKey(OtcCrypto.java:39) 
                                                     at com.paypal.android.sdk.onetouch.core.AuthorizationRequest.<init>(AuthorizationRequest.java:73) 
                                                     at com.braintreepayments.api.PayPal.getAuthorizationRequest(PayPal.java:562) 
                                                     at com.braintreepayments.api.PayPal$1.onConfigurationFetched(PayPal.java:146) 
                                                     at com.braintreepayments.api.BraintreeFragment$11.run(BraintreeFragment.java:681) 
                                                     at com.braintreepayments.api.BraintreeFragment.flushCallbacks(BraintreeFragment.java:615) 
                                                     at com.braintreepayments.api.BraintreeFragment$9.onConfigurationFetched(BraintreeFragment.java:641) 
                                                     at com.braintreepayments.api.ConfigurationManager$1.success(ConfigurationManager.java:68) 
                                                     at com.braintreepayments.api.internal.HttpClient$3.run(HttpClient.java:286)

The text was updated successfully, but these errors were encountered:

lkorth · 2017-05-09T20:12:24Z

Are you also using java-aes-crypto? There is a narrow race condition when multiple code paths attempt to set up PRNG fixes. See tozny/java-aes-crypto#11 for more details. The latest version of java-aes-crypto should synchronize correctly and prevent this issue, but if it is still occurring we could relax the check in PRNG fixes to prevent this crash.

hubertSwiecioch · 2017-05-11T06:20:45Z

I changed the library, but the problem remains the same:

com.facebook.android.crypto.keychain.SecureRandomFix$LinuxPRNGSecureRandomProvider
                                                     at com.paypal.android.sdk.onetouch.core.encryption.PRNGFixes.installLinuxPRNGSecureRandom(PRNGFixes.java:115)
                                                     at com.paypal.android.sdk.onetouch.core.encryption.PRNGFixes.apply(PRNGFixes.java:46)
                                                     at com.paypal.android.sdk.onetouch.core.encryption.EncryptionUtils.<clinit>(EncryptionUtils.java:19)
                                                     at com.paypal.android.sdk.onetouch.core.encryption.OtcCrypto.generateRandom256BitKey(OtcCrypto.java:39) 
                                                     at com.paypal.android.sdk.onetouch.core.AuthorizationRequest.<init>(AuthorizationRequest.java:73) 
                                                     at com.braintreepayments.api.PayPal.getAuthorizationRequest(PayPal.java:562) 
                                                     at com.braintreepayments.api.PayPal$1.onConfigurationFetched(PayPal.java:146) 
                                                     at com.braintreepayments.api.BraintreeFragment$11.run(BraintreeFragment.java:681) 
                                                     at com.braintreepayments.api.BraintreeFragment.flushCallbacks(BraintreeFragment.java:615) 
                                                     at com.braintreepayments.api.BraintreeFragment$9.onConfigurationFetched(BraintreeFragment.java:641) 
                                                     at com.braintreepayments.api.ConfigurationManager$1.success(ConfigurationManager.java:68) 
                                                     at com.braintreepayments.api.internal.HttpClient$3.run(HttpClient.java:286)

blu3-b1rd · 2017-06-20T21:48:22Z

Hi, I'm experiencing same issue with my app in Android 4.3, sdk version is 2.5.2:

new SecureRandom() backed by wrong Provider: class com.exacttarget.etpushsdk.util.AesCbcWithIntegrity$PrngFixes$LinuxPRNGSecureRandomProvider
	at com.paypal.android.sdk.onetouch.core.encryption.PRNGFixes.installLinuxPRNGSecureRandom()(PRNGFixes.java:115)
	at com.paypal.android.sdk.onetouch.core.encryption.PRNGFixes.apply()(PRNGFixes.java:46)
	at com.paypal.android.sdk.onetouch.core.encryption.EncryptionUtils.<clinit>()(EncryptionUtils.java:19)
	at com.paypal.android.sdk.onetouch.core.encryption.OtcCrypto.generateRandom256BitKey()(OtcCrypto.java:39)
	at com.paypal.android.sdk.onetouch.core.AuthorizationRequest.<init>()(AuthorizationRequest.java:73)
	at com.braintreepayments.api.PayPal.getAuthorizationRequest()(PayPal.java:562)
	at com.braintreepayments.api.PayPal$1.onConfigurationFetched()(PayPal.java:146)
	at com.braintreepayments.api.BraintreeFragment$11.run()(BraintreeFragment.java:681)
	at com.braintreepayments.api.BraintreeFragment.postOrQueueCallback()(BraintreeFragment.java:605)
	at com.braintreepayments.api.BraintreeFragment.waitForConfiguration()(BraintreeFragment.java:673)
	at com.braintreepayments.api.PayPal.authorizeAccount()(PayPal.java:121)
	at com.braintreepayments.api.PayPal.authorizeAccount()(PayPal.java:108)

lkorth · 2017-06-22T15:57:45Z

I just released a snapshot (2.5.4-SNAPSHOT) that synchronizes on java.security.Security.class to try and prevent these crashes. Please give it a try and let us know if that fixes the crash.

hubertSwiecioch · 2017-06-23T12:15:10Z

During the first tests I did not find the previous problem. If problem reproduces in further tests it will post here.

blu3-b1rd · 2017-06-26T17:52:48Z

@lkorth Having different crash now:

06-26 05:46:12.243 5476-5476/com.xxxxxxxxx E/AndroidRuntime: FATAL EXCEPTION: main
                                                           java.lang.ExceptionInInitializerError
                                                               at com.paypal.android.sdk.onetouch.core.encryption.OtcCrypto.generateRandom256BitKey(OtcCrypto.java:39)
                                                               at com.paypal.android.sdk.onetouch.core.AuthorizationRequest.<init>(AuthorizationRequest.java:73)
                                                               at com.braintreepayments.api.PayPal.getAuthorizationRequest(PayPal.java:569)
                                                               at com.braintreepayments.api.PayPal$1.onConfigurationFetched(PayPal.java:146)
                                                               at com.braintreepayments.api.BraintreeFragment$11.run(BraintreeFragment.java:681)
                                                               at com.braintreepayments.api.BraintreeFragment.postOrQueueCallback(BraintreeFragment.java:605)
                                                               at com.braintreepayments.api.BraintreeFragment.waitForConfiguration(BraintreeFragment.java:673)
                                                               at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:121)
                                                               at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:108)

lkorth · 2017-06-26T20:01:15Z

@GrzegorzFeather the ExceptionInInitializerError indicates that there is an exception in a static initializer (currently where we apply the PRNG fixes). That is with 2.5.4-SNAPSHOT? Is there any other stacktrace higher up in the log that could indicate the actual error that is happening?

blu3-b1rd · 2017-06-26T20:12:57Z

@lkorth This is the full stack trace. An additional comment the exception is not specific of the SNAPSHOT. I'm currently using v2.5.2, by simply upgrading to v2.5.4 I got this exception instead of the one posted originally in this issue

06-26 08:04:40.108 23672-23672/com.xxxxxxxxx E/AndroidRuntime: FATAL EXCEPTION: main
                                                             java.lang.ExceptionInInitializerError
                                                                 at com.paypal.android.sdk.onetouch.core.encryption.OtcCrypto.generateRandom256BitKey(OtcCrypto.java:39)
                                                                 at com.paypal.android.sdk.onetouch.core.AuthorizationRequest.<init>(AuthorizationRequest.java:73)
                                                                 at com.braintreepayments.api.PayPal.getAuthorizationRequest(PayPal.java:569)
                                                                 at com.braintreepayments.api.PayPal$1.onConfigurationFetched(PayPal.java:146)
                                                                 at com.braintreepayments.api.BraintreeFragment$11.run(BraintreeFragment.java:681)
                                                                 at com.braintreepayments.api.BraintreeFragment.postOrQueueCallback(BraintreeFragment.java:605)
                                                                 at com.braintreepayments.api.BraintreeFragment.waitForConfiguration(BraintreeFragment.java:673)
                                                                 at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:121)
                                                                 at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:108)
                                                                 at com.xxxxxxxxx.payments.PaymentsActivity$5.onBTClientTokenReceived(PaymentsActivity.java:247)
                                                                 at com.xxxxxxxxx.payments.utils.PaymentsUtils.notifyBTClientTokenReceived(PaymentsUtils.java:141)
                                                                 at com.xxxxxxxxx.payments.utils.PaymentsUtils.access$000(PaymentsUtils.java:52)
                                                                 at com.xxxxxxxxx.payments.utils.PaymentsUtils$1.onSuccess(PaymentsUtils.java:128)
                                                                 at com.xxxxxxxxx.payments.utils.PaymentsUtils$1.onSuccess(PaymentsUtils.java:125)
                                                                 at com.xxxxxxxxx.network.retrofit.SHNetworkManager$4.run(SHNetworkManager.java:116)
                                                                 at android.os.Handler.handleCallback(Handler.java:730)
                                                                 at android.os.Handler.dispatchMessage(Handler.java:92)
                                                                 at android.os.Looper.loop(Looper.java:137)
                                                                 at android.app.ActivityThread.main(ActivityThread.java:5103)
                                                                 at java.lang.reflect.Method.invokeNative(Native Method)
                                                                 at java.lang.reflect.Method.invoke(Method.java:525)
                                                                 at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:737)
                                                                 at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:553)
                                                                 at dalvik.system.NativeStart.main(Native Method)
                                                              Caused by: java.lang.SecurityException: new SecureRandom() backed by wrong Provider: class com.exacttarget.etpushsdk.util.AesCbcWithIntegrity$PrngFixes$LinuxPRNGSecureRandomProvider
                                                                 at com.paypal.android.sdk.onetouch.core.encryption.PRNGFixes.installLinuxPRNGSecureRandom(PRNGFixes.java:121)
                                                                 at com.paypal.android.sdk.onetouch.core.encryption.PRNGFixes.apply(PRNGFixes.java:46)
                                                                 at com.paypal.android.sdk.onetouch.core.encryption.EncryptionUtils.<clinit>(EncryptionUtils.java:19)
                                                                 at com.paypal.android.sdk.onetouch.core.encryption.OtcCrypto.generateRandom256BitKey(OtcCrypto.java:39) 
                                                                 at com.paypal.android.sdk.onetouch.core.AuthorizationRequest.<init>(AuthorizationRequest.java:73) 
                                                                 at com.braintreepayments.api.PayPal.getAuthorizationRequest(PayPal.java:569) 
                                                                 at com.braintreepayments.api.PayPal$1.onConfigurationFetched(PayPal.java:146) 
                                                                 at com.braintreepayments.api.BraintreeFragment$11.run(BraintreeFragment.java:681) 
                                                                 at com.braintreepayments.api.BraintreeFragment.postOrQueueCallback(BraintreeFragment.java:605) 
                                                                 at com.braintreepayments.api.BraintreeFragment.waitForConfiguration(BraintreeFragment.java:673) 
                                                                 at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:121) 
                                                                 at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:108) 
                                                                 at com.xxxxxxxxx.payments.PaymentsActivity$5.onBTClientTokenReceived(PaymentsActivity.java:247) 
                                                                 at com.xxxxxxxxx.payments.utils.PaymentsUtils.notifyBTClientTokenReceived(PaymentsUtils.java:141) 
                                                                 at com.xxxxxxxxx.payments.utils.PaymentsUtils.access$000(PaymentsUtils.java:52) 
                                                                 at com.xxxxxxxxx.payments.utils.PaymentsUtils$1.onSuccess(PaymentsUtils.java:128) 
                                                                 at com.xxxxxxxxx.payments.utils.PaymentsUtils$1.onSuccess(PaymentsUtils.java:125) 
                                                                 at com.xxxxxxxxx.network.retrofit.SHNetworkManager$4.run(SHNetworkManager.java:116) 
                                                                 at android.os.Handler.handleCallback(Handler.java:730) 
                                                                 at android.os.Handler.dispatchMessage(Handler.java:92) 
                                                                 at android.os.Looper.loop(Looper.java:137) 
                                                                 at android.app.ActivityThread.main(ActivityThread.java:5103) 
                                                                 at java.lang.reflect.Method.invokeNative(Native Method) 
                                                                 at java.lang.reflect.Method.invoke(Method.java:525) 
                                                                 at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:737) 
                                                                 at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:553) 
                                                                 at dalvik.system.NativeStart.main(Native Method)

lkorth · 2017-06-27T15:00:25Z

@GrzegorzFeather the crash you posted has the same root issue, it just happens to be wrapped in the ExceptionInInitializerError. Please try the 2.5.4-SNAPSHOT, it contains a fix that should hopefully fix the crash. @hubertSwiecioch already mentioned that it fixed it for them in the first round of testing.

blu3-b1rd · 2017-06-28T18:13:00Z

@lkorth using 2.5.4-SNAPSHOT did not fix the issue for me, I get same stacktrace I posted in my previous comment:

06-28 06:02:10.635 13683-13683/com.xxxxxxxxxx E/AndroidRuntime: FATAL EXCEPTION: main
                                                             java.lang.ExceptionInInitializerError
                                                                 at com.paypal.android.sdk.onetouch.core.encryption.OtcCrypto.generateRandom256BitKey(OtcCrypto.java:39)
                                                                 at com.paypal.android.sdk.onetouch.core.AuthorizationRequest.<init>(AuthorizationRequest.java:73)
                                                                 at com.braintreepayments.api.PayPal.getAuthorizationRequest(PayPal.java:569)
                                                                 at com.braintreepayments.api.PayPal$1.onConfigurationFetched(PayPal.java:146)
                                                                 at com.braintreepayments.api.BraintreeFragment$11.run(BraintreeFragment.java:681)
                                                                 at com.braintreepayments.api.BraintreeFragment.postOrQueueCallback(BraintreeFragment.java:605)
                                                                 at com.braintreepayments.api.BraintreeFragment.waitForConfiguration(BraintreeFragment.java:673)
                                                                 at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:121)
                                                                 at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:108)
Caused by: java.lang.SecurityException: new SecureRandom() backed by wrong Provider: class com.exacttarget.etpushsdk.util.AesCbcWithIntegrity$PrngFixes$LinuxPRNGSecureRandomProvider
                                                                 at com.paypal.android.sdk.onetouch.core.encryption.PRNGFixes.installLinuxPRNGSecureRandom(PRNGFixes.java:121)
                                                                 at com.paypal.android.sdk.onetouch.core.encryption.PRNGFixes.apply(PRNGFixes.java:46)
                                                                 at com.paypal.android.sdk.onetouch.core.encryption.EncryptionUtils.<clinit>(EncryptionUtils.java:19)
                                                                 at com.paypal.android.sdk.onetouch.core.encryption.OtcCrypto.generateRandom256BitKey(OtcCrypto.java:39) 
                                                                 at com.paypal.android.sdk.onetouch.core.AuthorizationRequest.<init>(AuthorizationRequest.java:73) 
                                                                 at com.braintreepayments.api.PayPal.getAuthorizationRequest(PayPal.java:569) 
                                                                 at com.braintreepayments.api.PayPal$1.onConfigurationFetched(PayPal.java:146) 
                                                                 at com.braintreepayments.api.BraintreeFragment$11.run(BraintreeFragment.java:681) 
                                                                 at com.braintreepayments.api.BraintreeFragment.postOrQueueCallback(BraintreeFragment.java:605) 
                                                                 at com.braintreepayments.api.BraintreeFragment.waitForConfiguration(BraintreeFragment.java:673) 
                                                                 at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:121) 
                                                                 at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:108)

lkorth · 2017-06-29T15:38:34Z

@GrzegorzFeather thanks for testing 2.5.4-SNAPSHOT. I was finally able to reproduce the issue and have made another fix for the crash. Please try 2.5.5-SNAPSHOT and let us know if it fixes your crash.

blu3-b1rd · 2017-06-29T18:11:22Z

Hi @lkorth it is still crashing for me on a clean build :/ If this serves any help, I also have the data-collector dependency in my project:

06-29 14:07:18.930 3081-3081/com.xxxxxxxxx E/AndroidRuntime: FATAL EXCEPTION: main
                                                           java.lang.ExceptionInInitializerError
                                                               at com.paypal.android.sdk.onetouch.core.encryption.OtcCrypto.generateRandom256BitKey(OtcCrypto.java:39)
                                                               at com.paypal.android.sdk.onetouch.core.AuthorizationRequest.<init>(AuthorizationRequest.java:73)
                                                               at com.braintreepayments.api.PayPal.getAuthorizationRequest(PayPal.java:569)
                                                               at com.braintreepayments.api.PayPal$1.onConfigurationFetched(PayPal.java:146)
                                                               at com.braintreepayments.api.BraintreeFragment$11.run(BraintreeFragment.java:681)
                                                               at com.braintreepayments.api.BraintreeFragment.postOrQueueCallback(BraintreeFragment.java:605)
                                                               at com.braintreepayments.api.BraintreeFragment.waitForConfiguration(BraintreeFragment.java:673)
                                                               at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:121)
                                                               at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:108)
                                                            Caused by: java.lang.SecurityException: new SecureRandom() backed by wrong Provider: class com.exacttarget.etpushsdk.util.AesCbcWithIntegrity$PrngFixes$LinuxPRNGSecureRandomProvider
                                                               at com.paypal.android.sdk.onetouch.core.encryption.PRNGFixes.installLinuxPRNGSecureRandom(PRNGFixes.java:121)
                                                               at com.paypal.android.sdk.onetouch.core.encryption.PRNGFixes.apply(PRNGFixes.java:46)
                                                               at com.paypal.android.sdk.onetouch.core.encryption.EncryptionUtils.<clinit>(EncryptionUtils.java:19)
                                                               at com.paypal.android.sdk.onetouch.core.encryption.OtcCrypto.generateRandom256BitKey(OtcCrypto.java:39) 
                                                               at com.paypal.android.sdk.onetouch.core.AuthorizationRequest.<init>(AuthorizationRequest.java:73) 
                                                               at com.braintreepayments.api.PayPal.getAuthorizationRequest(PayPal.java:569) 
                                                               at com.braintreepayments.api.PayPal$1.onConfigurationFetched(PayPal.java:146) 
                                                               at com.braintreepayments.api.BraintreeFragment$11.run(BraintreeFragment.java:681) 
                                                               at com.braintreepayments.api.BraintreeFragment.postOrQueueCallback(BraintreeFragment.java:605) 
                                                               at com.braintreepayments.api.BraintreeFragment.waitForConfiguration(BraintreeFragment.java:673) 
                                                               at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:121) 
                                                               at com.braintreepayments.api.PayPal.authorizeAccount(PayPal.java:108)

crookedneighbor · 2018-01-10T20:34:27Z

@GrzegorzFeather are you still experiencing issues with the latest version of the SDK?

sdcoffey · 2018-01-31T19:17:30Z

Hey @GrzegorzFeather,

I'm going to close this due to inactivity. Please @ me on this issue if you're still experiencing issue and I'll reopen it.

lkorth closed this as completed in cbcca9e Jun 27, 2017

lkorth reopened this Jun 28, 2017

lkorth closed this as completed in 0140f6e Jul 7, 2017

lkorth reopened this Jul 12, 2017

sdcoffey closed this as completed Jan 31, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

java.lang.SecurityException: new SecureRandom() #151

java.lang.SecurityException: new SecureRandom() #151

hubertSwiecioch commented May 9, 2017 •

edited by lkorth

Loading

lkorth commented May 9, 2017

hubertSwiecioch commented May 11, 2017 •

edited by lkorth

Loading

blu3-b1rd commented Jun 20, 2017

lkorth commented Jun 22, 2017

hubertSwiecioch commented Jun 23, 2017

blu3-b1rd commented Jun 26, 2017 •

edited

Loading

lkorth commented Jun 26, 2017

blu3-b1rd commented Jun 26, 2017 •

edited

Loading

lkorth commented Jun 27, 2017

blu3-b1rd commented Jun 28, 2017

lkorth commented Jun 29, 2017

blu3-b1rd commented Jun 29, 2017

crookedneighbor commented Jan 10, 2018

sdcoffey commented Jan 31, 2018

java.lang.SecurityException: new SecureRandom() #151

java.lang.SecurityException: new SecureRandom() #151

Comments

hubertSwiecioch commented May 9, 2017 • edited by lkorth Loading

General information

Issue description

lkorth commented May 9, 2017

hubertSwiecioch commented May 11, 2017 • edited by lkorth Loading

blu3-b1rd commented Jun 20, 2017

lkorth commented Jun 22, 2017

hubertSwiecioch commented Jun 23, 2017

blu3-b1rd commented Jun 26, 2017 • edited Loading

lkorth commented Jun 26, 2017

blu3-b1rd commented Jun 26, 2017 • edited Loading

lkorth commented Jun 27, 2017

blu3-b1rd commented Jun 28, 2017

lkorth commented Jun 29, 2017

blu3-b1rd commented Jun 29, 2017

crookedneighbor commented Jan 10, 2018

sdcoffey commented Jan 31, 2018

hubertSwiecioch commented May 9, 2017 •

edited by lkorth

Loading

hubertSwiecioch commented May 11, 2017 •

edited by lkorth

Loading

blu3-b1rd commented Jun 26, 2017 •

edited

Loading

blu3-b1rd commented Jun 26, 2017 •

edited

Loading