RFR: JDK-8047769 SecureRandom should be more frugal with file descriptors
Peter Levart
peter.levart at gmail.com
Thu Dec 18 13:23:35 UTC 2014
Hi,
I propose a patch for the following issue:
https://bugs.openjdk.java.net/browse/JDK-8047769
Here's the webrev:
http://cr.openjdk.java.net/~plevart/jdk9-dev/FileInputStreamPool.8047769/webrev.01/
The patch uses a package-private FileInputStreamPool class that caches
open FileInputStream(s) so that at most one file descriptor is open for
a particular file. Reading from shared unbuffered FileInputStream in
multiple threads should be safe, right? If not, some synchronization on
Java side will be necessary. This should not impact concurrent
performance much since we are using the streams to read from /dev/random
or /dev/urandom which are secure random generators with shared state and
must therefore have their own internal synchronization.
52 jtreg tests in sun/security/provider pass with or without this patch,
3 tests that fail are:
sun/security/provider/PolicyFile/GrantAllPermToExtWhenNoPolicy.java:
Make sure that when no system policy and user policy files exist, the
built-in default policy will be used, which - amongst other things -
grants standard extensions the AllPermission.
sun/security/provider/PolicyParser/ExtDirsChange.java: standard
extensions path is hard-coded in default system policy file
sun/security/provider/PolicyParser/PrincipalExpansionError.java: parser
incorrectly ignores a principal if the principal name expands to nothing.
...they are unrelated to this patch - seems to be caused by recent
layout changes for modular runtime images.
Regards, Peter
More information about the security-dev
mailing list