[crac] RFR: Reseed secure random on checkpoint restore [v4]

Anton Kozlov akozlov at openjdk.java.net
Fri Jan 21 15:00:22 UTC 2022


On Tue, 18 Jan 2022 15:42:38 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:

>> Proposed changes in the SecureRandom implementation allow invalidating and reseeding SHA1PRNG secure random during checkpoint/restore. SHA1PRNG can be invalidated and reseeded in case of being created with a default embedded seed generator. Also, SHA1PRNG is used as an additional seed generator to the SUN NativePRNG implementation, so it is desirable to have reseeded SHA1PRNG after restore.
>> Two jtreg tests added: 
>> - verify if no deadlocks introduced by checkpoint/restore
>> - verify if SHA1PRNG is reseeded if created with default embedded seed generator
>
> Alexey Bakhtin has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update object lock during checkpoint/restore

src/java.base/share/classes/jdk/crac/CheckpointException.java line 32:

> 30:  * Suppresses exceptions thrown during checkpoint notification.
> 31:  */
> 32: public class CheckpointException extends RuntimeException {

This is a severe change and it makes CheckpointException unchecked. We want users to provide explicit handling of CheckpointException, please revert.

src/java.base/share/classes/sun/security/provider/SecureRandom.java line 169:

> 167:         objLock.lock();
> 168:         try {
> 169:             // verify if objLock is already acquired in beforeCheckpoint

Probably "check if objLock has not been already acquired in beforeCheckpoint" ?

src/java.base/share/classes/sun/security/provider/SecureRandom.java line 216:

> 214:     }
> 215: 
> 216:     private void invalidate() {

I would like to have "assert objLock.isHeldByCurrentThread()" or another "objLock.lock()" here. This method is called from SeederHolder.beforeCheckpoint. There is no race here only if that executes after seeder's beforeCheckpoint and in the same thread. While it is so, additional safety would not harm.

-------------

PR: https://git.openjdk.java.net/crac/pull/7


More information about the crac-dev mailing list