-
Bug
-
Resolution: Fixed
-
P5
-
6
-
b20
-
x86
-
linux
-
Not verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2152955 | OpenJDK6 | Weijun Wang | P3 | Resolved | Fixed | b01 |
The JCK test api/java_security/SecureRandom/SecureRandomTests.html#misc
can hang on Linux platforms if there is no other activity on the system.
This bug appears to have been in the system for several releases.
This is caused by code in the NativePRNG.java file accessing /dev/random and blocking.
I believe these suspect code is this method.
private byte[] implGenerateSeed(int numBytes)
On some Linux systems we get an initial stream of bytes from /dev/random that can
satisfy the Seed requirement but others return nothing unless there is additional system
activity.
/java/re/jdk/6.0/latest/ws/j2se/src/solaris/classes/sun/security/provider/NativePRNG.java
Although the JRE is supposed to support selecting /dev/urandom in the java.security properties file, this code appears to ignore this selection. To attempt to work around this problem we have attempted to set the command line property:
-Djava.security.egd=file:/dev/urandom
and make sure that the java.security file contains this setting:
securerandom.source=file:/dev/urandom
This still causes hangs on several Linux boxes tested. The test can be made to pass if there is consistent mouse or keyboard activity. This is obviously not an acceptable workaround.
If the user has selected a less secure random number source (/dev/urandom), our
SecureRandom implementation should honor that and not hang.
In addition to the JCK hangs, this problem could manifest itself with unacceptable performance degredation in customer applications that would be very difficult to diagnose.
can hang on Linux platforms if there is no other activity on the system.
This bug appears to have been in the system for several releases.
This is caused by code in the NativePRNG.java file accessing /dev/random and blocking.
I believe these suspect code is this method.
private byte[] implGenerateSeed(int numBytes)
On some Linux systems we get an initial stream of bytes from /dev/random that can
satisfy the Seed requirement but others return nothing unless there is additional system
activity.
/java/re/jdk/6.0/latest/ws/j2se/src/solaris/classes/sun/security/provider/NativePRNG.java
Although the JRE is supposed to support selecting /dev/urandom in the java.security properties file, this code appears to ignore this selection. To attempt to work around this problem we have attempted to set the command line property:
-Djava.security.egd=file:/dev/urandom
and make sure that the java.security file contains this setting:
securerandom.source=file:/dev/urandom
This still causes hangs on several Linux boxes tested. The test can be made to pass if there is consistent mouse or keyboard activity. This is obviously not an acceptable workaround.
If the user has selected a less secure random number source (/dev/urandom), our
SecureRandom implementation should honor that and not hang.
In addition to the JCK hangs, this problem could manifest itself with unacceptable performance degredation in customer applications that would be very difficult to diagnose.
- backported by
-
JDK-2152955 SecureRandom hangs on Linux Systems
-
- Resolved
-
- duplicates
-
JDK-6577564 Add notes on possible block of SecureRandom.generateSeed()/nextBytes()
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-