Details
-
Enhancement
-
Resolution: Fixed
-
P4
-
None
-
b27
Description
As pointed out in https://github.com/openjdk/jdk/pull/10160, some tests are unnecessarily setting java.security.egd; this should be cleaned up.
Setting java.security.egd to file:/dev/./urandom was necessary prior to JDK-6425477, which was fixed in JDK8.
We should double check, but I believe by default most of these cases were written back when SHA1PRNG was the default SecureRandom, and thus would need to be seeded from /dev/random which could block upon exhausting internal entropy. Newer cases might have been written by folks who were familiar with the "file:/dev/./urandom" workaround, which IIRC, no longer applies in JDK 8+. Since NativePRNG is the default in Linux, most of these override calls can probably just be removed.
java.security.egd is only used by SecureRandom#generateSeed, which is used for seeding non-native PRNGs and for seeding regular RNGs when java.util.secureRandomSeed=true
Setting java.security.egd to file:/dev/./urandom was necessary prior to JDK-6425477, which was fixed in JDK8.
We should double check, but I believe by default most of these cases were written back when SHA1PRNG was the default SecureRandom, and thus would need to be seeded from /dev/random which could block upon exhausting internal entropy. Newer cases might have been written by folks who were familiar with the "file:/dev/./urandom" workaround, which IIRC, no longer applies in JDK 8+. Since NativePRNG is the default in Linux, most of these override calls can probably just be removed.
java.security.egd is only used by SecureRandom#generateSeed, which is used for seeding non-native PRNGs and for seeding regular RNGs when java.util.secureRandomSeed=true
Attachments
Issue Links
- relates to
-
JDK-8296384 [TESTBUG] sun/security/provider/SecureRandom/AbstractDrbg/SpecTest.java intermittently timeout
-
- Resolved
-
-
-
- Resolved
-
