[kaffe] SHA1PRNG synchronization w/ reseed

Mon Jan 19 14:56:01 PST 2004

'lo all,

an app I'm working on is gobbling up entropy like there's no tomorrow,
 and
I've run into the following intermittently:

java.lang.ArrayIndexOutOfBoundsException
   at java.lang.System.arraycopy (System.java)
   at kaffe.security.provider.SHA1PRNG.engineNextBytes (SHA1PRNG.java:153)
   at java.security.SecureRandom.nextBytes (SecureRandom.java:76)
   at java.security.SecureRandom.next (SecureRandom.java:83)
   at java.util.Random.nextInt (Random.java:108)

After doing a little digging it seems that the SHA1PRNG impl isn't 
threadsafe (this.data, this.dataPos, and counter are updated during 
engineNextBytes, and this.seed as well as this.seedPos are updated during

engineSetSeed)

The following trivial patch should take care of the issue.  Yeah, ideally
the engine could have a pool of SHA1PRNGs and pull data from an available
one (requiring synchronization only on the pool alloc/dealloc instead
of
the engine object itself), but one thing at a time :)

hth,
=jr

Index: SHA1PRNG.java
===================================================================
RCS file: /cvs/kaffe/kaffe/libraries/javalib/kaffe/security/provider/SHA1PRNG.java,
v
retrieving revision 1.6
diff -u -r1.6 SHA1PRNG.java

--- SHA1PRNG.java       20 Feb 2003 13:52:10 -0000      1.6
+++ SHA1PRNG.java       19 Jan 2004 21:28:02 -0000
@@ -47,27 +47,27 @@
        /**
         * The "true" random seed.
         */
-       private byte seed[] = new byte[SEED_SIZE];
+       private volatile byte seed[] = new byte[SEED_SIZE];

        /**
         * Uh...
         */
-       private int seedPos = 0;
+       private volatile int seedPos = 0;

        /**
         * The random data, we only use the first SEED_SIZE bytes.
         */
-       private byte data[] = new byte[DATA_SIZE];
+       private volatile byte data[] = new byte[DATA_SIZE];

        /**
         * The position in data pointing to the first unused bytes.
         */
-       private int dataPos = 0;
+       private volatile int dataPos = 0;

        /**
         * Counter that is added into the data to be digested.
         */
-       private long counter = 0;
+       private volatile long counter = 0;

        /**
         * Construct an initialize an SHA1PRNG pseudo-random number generator.
@@ -95,7 +95,7 @@
                }
        }

-       protected void engineSetSeed(byte[] otherSeed)
+       protected synchronized void engineSetSeed(byte[] otherSeed)
        {
                try
                {
@@ -114,7 +114,7 @@
                }
        }





Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427


