"Blocking operation" during SSLEngineImpl.unwrap()

Alan Bateman Alan.Bateman at oracle.com
Fri Aug 7 18:24:11 UTC 2020


On 07/08/2020 18:27, Anthony Scarpino wrote:
> Well if there were a bug it's with NativePRNG as the operation is 
> suppose to be non-blocking.  Even so, /dev/urandom is nonblocking.  
> The only reason this looks to have been detected by the tool is 
> because it's a blocking read op.  This all seems like an extremely 
> unlikely situation.  I don't see this as something SSLEngine should be 
> compensating for.
Right, /dev/random is blocking, /dev/urandom is non-blocking. I just 
checked BlockHound and it seems to have the names of private methods in 
the java.io and java.net classes and I think instruments these methods 
on the assumption that they are blocking calls. The list seems to have 
been generated from an older JDK too, not really in sync with release 
JDK releases. So not clear to me that there is really an issue here.

-Alan


More information about the security-dev mailing list