RFR: 8293326: jdk/sun/security/tools/jarsigner/compatibility/SignTwice.java slow on Windows
Bradford Wetmore
wetmore at openjdk.org
Mon Sep 5 17:29:39 UTC 2022
On Mon, 5 Sep 2022 09:29:49 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> This patch enables SignTwice test to complete faster on Windows machines.
>
> The test starts `keytool` and `jarsigner` a number of times, passing `-J-Djava.security.egd=file:/dev/./urandom` to the started process, presumably to avoid blocking on VMs with insufficient entropy. This works fine on machines where `/dev/./urandom` is actually present. On Windows it makes the JVM use `ThreadedSeedGenerator`, which is very slow compared to the other options.
>
> The fix removes `java.security.egd` setting on Windows machines.
>
> Alternatively we could change the egd to use `file:/dev/urandom` (without the `/./` part); this also fixes the Windows problem. Is the `/./` part still needed? If I understand correctly, it was a workaround for some JDK7 bug.
test/jdk/sun/security/tools/jarsigner/compatibility/Compatibility.java line 1044:
> 1042: } else {
> 1043: cmd = new String[args.length + 4];
> 1044: cmd[3] = "-J-Djava.security.egd=file:/dev/./urandom";
IIRC, this is a workaround for an old issue which no longer applies after JDK-6425477. By default NativePRNG generates from /dev/urandom, only grabbing seed data from /dev/random.
I believe the egd workaround can be completely removed unless there's something that asks for NativePRNGBlocking.
-------------
PR: https://git.openjdk.org/jdk/pull/10160
More information about the security-dev
mailing list