From 9596418d3363d3e757676c0b6a8f2d35a9d1cb18 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Mon, 11 Oct 2021 18:01:56 +0100
Subject: [PATCH] Merge pull request from GHSA-3f99-hvg4-qjwj

* fix double String.fromCharCode

* use crypto module if available

Co-authored-by: Julian Gruber <julian@juliangruber.com>
---
 index.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/index.js b/index.js
index 6be61c9..d0557e3 100644
--- a/index.js
+++ b/index.js
@@ -756,7 +756,11 @@ util.createBuffer = function(input, encoding) {
  */
 
 var prng = forge.prng = {};
-var crypto = null;
+
+var crypto;
+try {
+  crypto = require('crypto');
+} catch (_) {}
 
 prng.create = function(plugin) {
   var ctx = {
@@ -1005,7 +1009,7 @@ prng.create = function(plugin) {
           // throw in more pseudo random
           next = seed >>> (i << 3);
           next ^= Math.floor(Math.random() * 0xFF);
-          b.putByte(String.fromCharCode(next & 0xFF));
+          b.putByte(next & 0xFF);
         }
       }
     }