Andrew Purtell created HBASE-14089:
--------------------------------------
Summary: Remove unused draw of system entropy from
RecoverableZooKeeper
Key: HBASE-14089
URL: https://issues.apache.org/jira/browse/HBASE-14089
Project: HBase
Issue Type: Bug
Reporter: Andrew Purtell
Assignee: Andrew Purtell
Priority: Minor
Fix For: 2.0.0, 0.98.14, 1.2.0, 1.1.2, 1.3.0, 1.0.3
I had a look at instances where we use SecureRandom, which could block if
insufficient entropy, in the 0.98 and master branch code. (Random in contrast
is a PRNG seeded by System#nanoTime, it doesn't draw from system entropy.) Most
uses are in encryption related code, our native encryption and SSL, but we do
also use SecureRandom for salting znode metadata in
RecoverableZooKeeper#appendMetadata, which is called whenever we do setData.
Conceivably we could block unexpectedly when constructing data to write out to
a znode if entropy gets too low until more is available. Those salt values are
never used and so appear to serve no purpose. We should remove the use of
SecureRandom here and just pad with zeros for backwards compatibility.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
