JDK-6998583 : NativeSeedGenerator is making 8192 byte read requests from entropy pool on each init.
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6-pool
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • OS: linux
  • CPU: generic
  • Submitted: 2010-11-09
  • Updated: 2013-03-22
  • Resolved: 2011-03-02
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6 JDK 7 Other
5.0u29Fixed 6u21Fixed 7Fixed OpenJDK6Fixed
Related Reports
Relates :  
Description
A simple testcase shows that we read a minimum of 8192 bytes from entropy pool each time we call generateSeed on the solaris/unix NativeSeedGenerator.
Added 6u23-waive-approve keyword, since it's not a stopper for 6u23.  Here is the email thread about this issue:

It is too late for 6u23, which is targeted to ship in 3 weeks.  Once we have a fix, we can consider if it is too risky for 6u24.

jeannette

On Nov 11, 2010, at 4:46 AM, Mike Schoen wrote:

> This particular bug was not raised by Exalogic.  We had the same entropy issue but resolved the problem by adding network activity as an entropy source in the EL kernel. 
>
> This specific instance of the problem was raised by fusion apps provisioning. I have also seen the EM team raise the issue on several occasions in the context of running tests in the farm. 
>
> In any case I don't think we can push a resolution to May and we will need this resolved in both HS and JRockit.  
>
> On Nov 10, 2010, at 10:08 PM, Roger Calnan <###@###.###> wrote:
>
>> I'd agree that this isn't a stopper for 6u23 or PS3. my understanding is that it is Exalogic that is having 
>> the problem and will need an update to JRockit rather than Java SE.   We should get the fix into Java SE with 
>> the fix going out via 6u25 (May), we can provide an earlier Java SE release as necessary for the JavaSE based 
>> Exalogic release of FMW apps.
>>
>> Roger
>>
>>
>> Begin forwarded message:
>>
>>> From: Mike Schoen <###@###.###>
>>> Date: 11 November 2010 03:28:42 CET
>>> To: ###@###.###
>>> Cc: Tracy Barbaro <###@###.###>,  Jeannette Hung <###@###.###>, Se��n Coffey <###@###.###>,  Ranjit Lingaiah <###@###.###>, ###@###.###, Calnan Roger <###@###.###>,  Naggi Asmar <###@###.###>, Mike Schoen <###@###.###>
>>> Subject: Re: P1 6998583 - stopper for 6u23 ?
>>>
>>> This is not a stopper for the FMW 11gR1 PS3 release.  This problem has been around for a while and I doubt that we would slip PS3 to accommodate picking up a new JDK at this stage.
>>>
>>> However, the problem is starting to surface more and more regularly in various environments.  If the root cause is in the JDK we will most likely want a fix ASAP and it may be considered a stopper for the fusion Apps release.  Assuming you have a fix in hand I have a few questions:
>>>
>>> 1) What is the impact to 6u23 if you take this fix (i.e. is there a slip, how much, are there customers waiting for the original date, etc.)?
>>>
>>> 2) If this fix does not make 6u23 what and when is the next delivery vehicle for this fix?
>>>
>>> Copying Naggi so he can weigh in on this also.
>>>
>>> MJS

Comments
EVALUATION http://hg.openjdk.java.net/jdk7/build/jdk/rev/43ae1a1cc7a4
25-12-2010

EVALUATION NativeSeedGenerator is using BufferedInputStream to read from /dev/random. BufferedInputStream buffer 8192 bytes by default. We should modify so that only the requested number of bytes are read from the random pool. (use FileInputStream)
09-11-2010