-
Bug
-
Resolution: Fixed
-
P4
-
11, 17, 21
-
b15
-
generic
-
generic
-
Verified
The following report was submitted by
Fabrice Benhamouda (https://github.com/fabrice102):
The OpenJDK allows cryptographic providers to register `SecureRandom` algorithms and to specify, through the attribute "ThreadSafe" whether the implementation is thread safe. When this attribute is not set to true, OpenJDK synchronize all calls to `nextBytes()` (and other methods). See the [SecureRandom documentation](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/SecureRandom.html).
If a provider registers an alias for the `SecureRandom` algorithm with "ThreadSafe=true", then `SecureRandom` instances using the alias do not honor the `ThreadSafe` attribute.
This is because attributes of services are converted to attributes at the provider level, using the naming convention: `Service.Algorithm Attribute`. Thus, setting the "ThreadSafe" attribute leads to setting `SecureRandom.MainAlgorithmName ThreadSafe=true`, but not `SecureRandom.AliasName ThreadSafe=true`.
This impacts anyone instantiating a `SecureRandom` (whose provider algorithm is marked "ThreadSafe") through an alias name and using it concurrently in many threads. Note that this does not impact users who instantiate `SecureRandom` as `new SecureRandom()` , as those users would get the main algorithm name and not the alias.
An example of this issue along with a benchmark and potential fix in the provider itself (for the Amazon Corretto Crypto Provider) can be found here: An example is the benchmark of ACCP. See https://github.com/corretto/amazon-corretto-crypto-provider/pull/376
A workaround for users of impacted providers is to use the main algorithm name and not the alias. A workaround for developers of providers is to manually add the missing attribute like in https://github.com/corretto/amazon-corretto-crypto-provider/pull/376
A better solution would be to:
* Handle the "ThreadSafe" attribute like the "SupportedKeyFormats/SupportedKeyClasses" attributes in `java.security.Provider`. That is, convert the "ThreadSafe" attribute into a field that can then be checked whether the alias name is used or the main name is used.
* Change `java.security.SecureRandom#getThreadSafe` to follow aliases.
Fabrice Benhamouda (https://github.com/fabrice102):
The OpenJDK allows cryptographic providers to register `SecureRandom` algorithms and to specify, through the attribute "ThreadSafe" whether the implementation is thread safe. When this attribute is not set to true, OpenJDK synchronize all calls to `nextBytes()` (and other methods). See the [SecureRandom documentation](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/SecureRandom.html).
If a provider registers an alias for the `SecureRandom` algorithm with "ThreadSafe=true", then `SecureRandom` instances using the alias do not honor the `ThreadSafe` attribute.
This is because attributes of services are converted to attributes at the provider level, using the naming convention: `Service.Algorithm Attribute`. Thus, setting the "ThreadSafe" attribute leads to setting `SecureRandom.MainAlgorithmName ThreadSafe=true`, but not `SecureRandom.AliasName ThreadSafe=true`.
This impacts anyone instantiating a `SecureRandom` (whose provider algorithm is marked "ThreadSafe") through an alias name and using it concurrently in many threads. Note that this does not impact users who instantiate `SecureRandom` as `new SecureRandom()` , as those users would get the main algorithm name and not the alias.
An example of this issue along with a benchmark and potential fix in the provider itself (for the Amazon Corretto Crypto Provider) can be found here: An example is the benchmark of ACCP. See https://github.com/corretto/amazon-corretto-crypto-provider/pull/376
A workaround for users of impacted providers is to use the main algorithm name and not the alias. A workaround for developers of providers is to manually add the missing attribute like in https://github.com/corretto/amazon-corretto-crypto-provider/pull/376
A better solution would be to:
* Handle the "ThreadSafe" attribute like the "SupportedKeyFormats/SupportedKeyClasses" attributes in `java.security.Provider`. That is, convert the "ThreadSafe" attribute into a field that can then be checked whether the alias name is used or the main name is used.
* Change `java.security.SecureRandom#getThreadSafe` to follow aliases.
- relates to
-
JDK-7004967 SecureRandom should be more explicit about threading
- Closed
- links to
-
Commit(master) openjdk/jdk/56387a09
-
Review(master) openjdk/jdk/20916