RFR: JDK-8047769 SecureRandom should be more frugal with file descriptors

Peter Levart peter.levart at gmail.com
Thu Dec 18 13:23:35 UTC 2014


I propose a patch for the following issue:


Here's the webrev:


The patch uses a package-private FileInputStreamPool class that caches 
open FileInputStream(s) so that at most one file descriptor is open for 
a particular file. Reading from shared unbuffered FileInputStream in 
multiple threads should be safe, right? If not, some synchronization on 
Java side will be necessary. This should not impact concurrent 
performance much since we are using the streams to read from /dev/random 
or /dev/urandom which are secure random generators with shared state and 
must therefore have their own internal synchronization.

52 jtreg tests in sun/security/provider pass with or without this patch, 
3 tests that fail are:

Make sure that when no system policy and user policy files exist, the 
built-in default policy will be used, which - amongst other things - 
grants standard extensions the AllPermission.
sun/security/provider/PolicyParser/ExtDirsChange.java: standard 
extensions path is hard-coded in default system policy file
sun/security/provider/PolicyParser/PrincipalExpansionError.java: parser 
incorrectly ignores a principal if the principal name expands to nothing.

...they are unrelated to this patch - seems to be caused by recent 
layout changes for modular runtime images.

Regards, Peter

More information about the security-dev mailing list