JDK-6366924 : REGRESSION: securerandom.source and/or java.security.egd dont work in 1.5.0_05
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 5.0
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: linux
  • CPU: x86
  • Submitted: 2005-12-23
  • Updated: 2011-05-18
  • Resolved: 2006-01-05
Related Reports
Duplicate :  
Description
FULL PRODUCT VERSION :
java version "1.5.0_05"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_05-b05)
Java HotSpot(TM) Client VM (build 1.5.0_05-b05, mixed mode)


ADDITIONAL OS VERSION INFORMATION :
Linux localhost 2.4.21-4.EL #1 Fri Oct 3 18:13:58 EDT 2003 i686 i686 i386 GNU/Linux

EXTRA RELEVANT SYSTEM CONFIGURATION :
default installation

A DESCRIPTION OF THE PROBLEM :
In previous JDK versions 1.4.x the effect of specifying

securerandom.source=file:/dev/urandom
or the system property -Djava.security.egd=file:/dev/urandom

would allow a Linux system with low entropy to run code that makes use of java.security.SecureRandom#generateSeed() calls to generate properly seeded instances of SecureRandom. This is no longer the case in J2SE 5.0. It appears that the internals always use /dev/random in addition or instead of the specified /dev/urandom. As a result applications that depend on this functionality appear to hang indefinitely during low mouse/keyboard activity times.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Execute the following code snippet in JDK 1.4.2 and JDK 1.5.0 with the command line option: -Djava.security.egd=file:/dev/urandom


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Process runs counting to 1000 and exits.
ACTUAL -
Process runs to completion very fast in JDK 1.4.2 running on Linux.

Process hangs when ran on JDK 1.5.0 and will slowly produce more output as keyboard and/or mouse activity produces entropy. Much like what happens on 1.4.2 with /dev/random.



ERROR MESSAGES/STACK TRACES THAT OCCUR :
None, process hung waiting for entropy from /dev/random

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------

import java.security.SecureRandom;

public class Test {
  public static void main(String args[]) throws Exception {
    SecureRandom rnd = SecureRandom.getInstance("SHA1PRNG");
    for (int i=0; i < 1000; i++) {
      rnd.generateSeed(256);
      System.out.println("Got " + i);
    }
  }
}


---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
In Linux execute the following as root:

mv /dev/random /dev/random.real
ln -s /dev/urandom /dev/random

Release Regression From : 1.4.2
The above release value was the last known release where this 
bug was known to work. Since then there has been a regression.

Comments
EVALUATION Note that it is dangerous to read seed bytes from /dev/urandom when /dev/random blocks. Blocking is an indication that the kernel entropy pool is empty and then /dev/urandom will only return pseudo random bytes. The real issue is in the Linux kernel and that is what needs to be fixed. Anyway, the underlying issue is the same as 6202721, closing as duplicate.
05-01-2006