JDK-5031872 : REGRESSION: Incorrect results by equal initializers in SecureRandom
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 5.0
  • Priority: P3
  • Status: Closed
  • Resolution: Not an Issue
  • OS: linux
  • CPU: x86
  • Submitted: 2004-04-14
  • Updated: 2004-04-15
  • Resolved: 2004-04-15
Related Reports
Relates :  
JDK-4705093 - Use /dev/urandom rather than /dev/random if it exists.
Description
Name: rmT116609			Date: 04/14/2004


FULL PRODUCT VERSION :
java version "1.5.0-beta"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-beta-b32c)
Java HotSpot(TM) Client VM (build 1.5.0-beta-b32c, mixed mode)


ADDITIONAL OS VERSION INFORMATION :
Suse Linux 9.0

A DESCRIPTION OF THE PROBLEM :
In the sdk 1.5-beta the function "SecureRandom.nextBytes" doesn't produce equal results when initializing "SecureRandom" with equal byte-arrays.

This problem does only exist in the jre 1.5 (beta). It works correctly in all other previous jre-versions (1.1.8 - 1.4.2) .

Reproducible on Solaris 5.9, Linux Redhat 8.0 using 1.5.0 Beta 1.
Works fine on Windows XP using 1.5.0 Beta 1.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
compile and run the sample-code in this bugreport

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
equal bytearray-contents when initializing "SecureRandom" with equal values
ACTUAL -
wrong result (different bytearray-content)


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
public class Test1 {
    
    public Test1() {
    }
    
    public static void main(String[] args) {
        Test1 me = new Test1();
        me.testMe();
    }
    
    public void testMe() {
        
        int i = 0;
        boolean b = false;
        byte bak[] = {99, -68, 123, 12, -46, -7, 37, 18, 93, -73};

        byte[] newKey1 = new byte[1024];
        java.security.SecureRandom sr1 = new java.security.SecureRandom(bak);
        sr1.nextBytes(newKey1);

        byte[] newKey2 = new byte[1024];
        java.security.SecureRandom sr2 = new java.security.SecureRandom(bak);
        sr2.nextBytes(newKey2);

        //*** compare key-content ***
        for (i = 0; i < newKey1.length; i++){
            if (newKey1[i] != newKey2[i]){
                b = true;
                break;
            }
        }
        
        if (b){
            //*** error only in jre 1.5-beta !!! ***
            System.out.println("Error: Keys are not equal!");
        }else{
            //*** works correctly in jre 1.1.8 - 1.4.2 ***
            System.out.println("Keys are equal and ok.");
        }
    }
}

---------- END SOURCE ----------

Release Regression From : 1.4.2
The above release value was the last known release where this 
bug was known to work. Since then there has been a regression.
(Incident Review ID: 249774) 
======================================================================
Comments
EVALUATION There is no requirement for SecureRandom implementations to be deterministic, in some sense it is preferable if they are not. 4705093 changed the default PRNG on Unix to such an implementation. To restore behavior to what it used to be, either: . change the code to SecureRandom sr = SecureRandom.getInstance("SHA1PRNG"); sr.setSeed(seed); Note that this should be done regardless because as is the customer program depends on a JRE implementation specific default, which makes it non-portable. . (as a temporary workaround until code is changed as described above) edit the jre/lib/security/java.security file to change securerandom.source to file:/dev/random Closing as not-a-bug. ###@###.### 2004-04-15
15-04-2004