tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cmanola...@yahoo.com
Subject Re: /dev/urandom patch
Date Wed, 18 Apr 2001 16:39:33 GMT
Hi Bojan,

It's the third ( no time ), I am deep into some charset bugs and jasper
and most developers are busy with various projects.

You may file a feature request on bugzilla, attach you patch - this way
it'll be recorded. 

Or send few more patches ( there are many open bugs, most of them are
easy to solve but require time to test and reproduce ), and you'll be
able to check in the patch yourself, as a commiter :-)

Costin

On Wed, 18 Apr 2001, Bojan Smojver wrote:

> Don't know if the patch for this was missed (since it was buried into a
> long e-mail), you guys didn't like it or just didn't have time to
> implement. Anyway, I'm doing it clean in this e-mail. Thanks to Doug
> Barnes who explained the issues of random number generation...
> 
> Here is the patch (I had to move some of the code to engineInit,
> hopefully without breaking too many things):
> -------- Cut ---------------------------------------------------------
> 
> ---jakarta-tomcat-3.3-build/src/share/org/apache/tomcat/modules/session/SessionIdGenerator.java
      
> Mon Apr 16 21:28:34 2001
> +++jakarta-tomcat-3.3-src-cvs-debug/src/share/org/apache/tomcat/modules/session/SessionIdGenerator.java
      
> Mon Apr 16 21:40:20 2001
> @@ -96,6 +96,8 @@
>      String randomClassName=null;
>      Random randomSource=null;
>      DataInputStream randomIS=null;
> +    boolean beParanoid=false;
> +    boolean useDevRandom=false;
>      
>      static Jdk11Compat jdk11Compat=Jdk11Compat.getJdkCompat();
>      
> @@ -109,18 +111,26 @@
>         randomSource=createRandomClass( randomClassName );
>      }
>  
> -    /** Use /dev/random special device. This is new code, but may
> reduce the
> -     *  big delay in generating the random
> +    /** When using special device random generator, be paranoid and
> +     *  use /dev/random. When this option is not set (default), the
> +     *  device /dev/urandom is used, which should be at least as safe
> +     *  as java.security.SecureRandom.
> +     *
> +     *  Reads to /dev/random might block until additional environmental
> +     *  noise is gathered and this can cause problems (ie. Tomcat might
> +     *  hang until such noise is generated).
> +     *  USE WITH CAUTION!!!
> +     */
> +    public void setBeParanoid( boolean p ) {
> +        beParanoid = p;
> +    }
> +    
> +
> +    /** Use special device to generate random. This is new code,
> +     *  but may reduce the big delay in generating the random.
>       */
>      public void setUseDevRandom( boolean u ) {
> -       if( ! u ) return;
> -       try {
> -           randomIS= new DataInputStream( new
> FileInputStream("/dev/random"));
> -           randomIS.readLong();
> -           log( "Opening /dev/random");
> -       } catch( IOException ex ) {
> -           randomIS=null;
> -       }
> +        useDevRandom = u;
>      }
>      
>      
> @@ -141,6 +151,23 @@
>      /** Init session management stuff for this context. 
>       */
>      public void engineInit(ContextManager cm) throws TomcatException {
> +        if( useDevRandom ){
> +            String device="/dev/urandom";
> +
> +            if( beParanoid )
> +                device="/dev/random";
> +
> +           try {
> +               randomIS= new DataInputStream( new FileInputStream(
> device ));
> +               randomIS.readLong();
> +               log( "Opening " + device );
> +           } catch( IOException ex ) {
> +               randomIS=null;
> +           }
> +        }
> +
> +       /* The following code gets executed even if randomIS is null due
> to
> +           IOException above, so we are covered */
>         if( randomSource==null && randomIS==null ) {
>             String randomClass=(String)cm.getProperty("randomClass" );
>             if( randomClass==null ) {
> @@ -261,7 +288,7 @@
>         if( devRandomIS!=null ) {
>             try {
>                 n=devRandomIS.readLong();
> -               System.out.println("Getting /dev/random " + n );
> +                System.out.println( "Getting from random device " + n
> );
>             } catch( IOException ex ) {
>                 ex.printStackTrace();
>             }
> 
> -------- Cut ---------------------------------------------------------
> 
> Bojan
> 


Mime
View raw message