[kaffe] SecureRandomTest failed
Guilhem Lavaux
guilhem at kaffe.org
Sat Jul 23 00:01:01 PDT 2005
Hi Ito,
Thanks for the analysis. Actually with your second report I have feared
that the providers in java.security were not loaded. It apparently is
the case as you have reported. It would be interesting if you have some
time for this to check what happens in java.security.Security.<clinit>
and loadProviders. I know that some exceptions are hidden there and
these functions are in charge of loading the providers.
Thanks !
Regards,
Guilhem Lavaux.
On Sat, 2005-07-23 at 07:13 +0900, Ito Kazumitsu wrote:
> > I am afraid something has changed so that Security.getProviders() returns
> >
> > gnu.java.security.provider.Gnu: name=GNU version=1.0
> >
> > before
> >
> > kaffe.security.provider.Kaffe: name=KAFFE version=1.0
>
> Yes, gnu.java.security.provider.Gnu comes first. But that depends
> on the environment.
>
> I have found two independent problems related to this issue.
>
> (1) In some environment, e.g. my case with FreeBSD 5.4-RELEASE,
> Security.getProviders() by default lists only
> gnu.java.security.provider.Gnu. So if you add
> kaffe.security.provider.Kaffe, it is listed after
> gnu.java.security.provider.Gnu.
>
> But in another environment, Security.getProviders() by default lists
> gnu.crypto.jce.GnuCrypto
> org.metastatic.jessie.provider.Jessie
> kaffe.security.provider.Kaffe
> gnu.java.security.provider.Gnu
> in this order. So if you add kaffe.security.provider.Kaffe,
> it is not added because it is already there.
> Older Kaffe on FreeBSD 5.4-RELEASE also behaved this way.
>
> (2) The SHA1PRNG algorithm provided by gnu.java.security.provider.Gnu
> is not secure enough because differnt instances always produce the
> same result. So in an environment where the problem (1) exists,
> SecureRandomTest fails.
>
> To study this problem, I patched SecureRandomTest.java for debuging.
>
> --- SecureRandomTest.java.orig Thu Feb 24 23:42:08 2005
> +++ SecureRandomTest.java Sat Jul 23 05:52:43 2005
> @@ -64,6 +64,10 @@
> byte data[];
>
> Security.addProvider(new kaffe.security.provider.Kaffe());
> + Provider[] pp = Security.getProviders();
> + for (int i=0; i < pp.length; i++) {
> + System.err.println(pp[i]);
> + }
>
> /*
> * Make sure the SecureRandom's produce different sequences after
>
> Then I tested this program on FreeBSD 5.4-RELEASE and Linux 2.6.7-co-0.6.2.
> In both cases, I used kaffe whose ChangeLog head is:
> 2005-07-22 Guilhem Lavaux <guilhem at kaffe.org>
>
> On FreeBSD 5.4-RELEASE:
> kaz at ph$ kaffe SecureRandomTest
> gnu.java.security.provider.Gnu: name=GNU version=1.0
> kaffe.security.provider.Kaffe: name=KAFFE version=1.0
> java.lang.Error: The "secure" random isn't! : lpc= 0 lpc2 = 20 data = 8bc7ec02ec7c04f87a13ec6120616ead831baeaf
> at java.lang.VMThrowable.fillInStackTrace (VMThrowable.java:native)
> at java.lang.VMThrowable.fillInStackTrace (VMThrowable.java:79)
> at java.lang.Throwable.fillInStackTrace (Throwable.java:498)
> at java.lang.Throwable.<init> (Throwable.java:159)
> at java.lang.Error.<init> (Error.java:81)
> at SecureRandomTest.checkHistory (SecureRandomTest.java:51)
> at SecureRandomTest.main (SecureRandomTest.java:89)
>
> On Linux 2.6.7-co-0.6.2:
> kaz at mini3$ kaffe SecureRandomTest
> gnu.crypto.jce.GnuCrypto: name=GNU-CRYPTO version=2.1
> org.metastatic.jessie.provider.Jessie: name=Jessie version=1.0
> kaffe.security.provider.Kaffe: name=KAFFE version=1.0
> gnu.java.security.provider.Gnu: name=GNU version=1.0
> Two SecureRandoms produce different output.
>
> _______________________________________________
> kaffe mailing list
> kaffe at kaffe.org
> http://kaffe.org/cgi-bin/mailman/listinfo/kaffe
More information about the kaffe
mailing list