[crac] RFR: Reseed NativePRNG on checkpoint restore
Alexey Bakhtin
abakhtin at openjdk.java.net
Fri Dec 24 09:11:50 UTC 2021
On Fri, 24 Dec 2021 06:37:17 GMT, Michael Bien <duke at openjdk.java.net> wrote:
>> NativePRNG should be re-seeded during checkpoint/restore because it uses SHA1PRNG secure random for additional seed. It is seeded at initialization, so it is not re-seeded automatically during checkpoint/restore
>> Also, the internal buffer should be cleared at the checkpoint.
>
> src/java.base/unix/classes/sun/security/provider/NativePRNG.java line 595:
>
>> 593: for(int i=0; i<nextBuffer.length; i++) {
>> 594: nextBuffer[i] = 0;
>> 595: }
>
> could use Arrays.fill
Yes. Thank you. I will update
-------------
PR: https://git.openjdk.java.net/crac/pull/9
More information about the crac-dev
mailing list