Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8058455

Use random/urandom instead of C_GenerateRandom

    Details

      Description

      Going through C_GenerateRandom to get random numbers is
      heavy-weight and has the side-effect of bringing in PKCS#11
      unnecessarily and impacting performance.

      Either open /dev/random or /dev/urandom and read random
      numbers from that, or call random_get_bytes or
      random_get_bytes in S12.0.

      When java.util.UUID.randomUUID is called, java.security.SecureRandom
      uses PKCS#11 to get random numbers with C_GenerateRandom. This was
      discovered by an exception thrown from an Apache app written for an
      internal project.

      07/01/2014 16:06:50.550 UTC idx22 ERROR Failed to index
      PSARC/1994/128/IAM.UI_user-level_MT_interfaces
      java.security.ProviderException: nextBytes() failed
      at sun.security.pkcs11.P11SecureRandom.implNextBytes(P11SecureRandom.java:186)
      at sun.security.pkcs11.P11SecureRandom.engineNextBytes(P11SecureRandom.java:135)
      at java.security.SecureRandom.nextBytes(SecureRandom.java:455)
      at java.util.UUID.randomUUID(UUID.java:145)
       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                coffeys Sean Coffey
                Reporter:
                shadowbug Shadow Bug
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: