Re: [kaffe] SecureRandomTest failed

[Ito Kazumitsu]

> I am afraid something has changed so that Security.getProviders() returns
> 
>     gnu.java.security.provider.Gnu: name=GNU version=1.0
> 
>   before
> 
>     kaffe.security.provider.Kaffe: name=KAFFE version=1.0

Yes, gnu.java.security.provider.Gnu comes first. But that depends
on the environment.

I have found two independent problems related to this issue.

  (1) In some environment, e.g. my case with FreeBSD 5.4-RELEASE,
      Security.getProviders() by default lists only
      gnu.java.security.provider.Gnu. So if you add
      kaffe.security.provider.Kaffe, it is listed after
      gnu.java.security.provider.Gnu.

      But in another environment, Security.getProviders() by default lists
         gnu.crypto.jce.GnuCrypto
         org.metastatic.jessie.provider.Jessie
         kaffe.security.provider.Kaffe
         gnu.java.security.provider.Gnu
      in this order. So if you add kaffe.security.provider.Kaffe,
      it is not added because it is already there.
      Older Kaffe on FreeBSD 5.4-RELEASE also behaved this way. 

  (2) The SHA1PRNG algorithm provided by gnu.java.security.provider.Gnu
      is not secure enough because differnt instances always produce the
      same result. So in an environment where the problem (1) exists,
      SecureRandomTest fails.

To study this problem, I patched SecureRandomTest.java for debuging.

--- SecureRandomTest.java.orig  Thu Feb 24 23:42:08 2005
+++ SecureRandomTest.java       Sat Jul 23 05:52:43 2005
@@ -64,6 +64,10 @@
        byte data[];
 
        Security.addProvider(new kaffe.security.provider.Kaffe());
+       Provider[] pp = Security.getProviders();
+       for (int i=0; i < pp.length; i++) {
+         System.err.println(pp[i]);
+       }
        
        /*
         * Make sure the SecureRandom's produce different sequences after

Then I tested this program on FreeBSD 5.4-RELEASE and Linux 2.6.7-co-0.6.2.
In both cases, I used kaffe whose ChangeLog head is:
   2005-07-22  Guilhem Lavaux  <[EMAIL PROTECTED]>

On FreeBSD 5.4-RELEASE:
[EMAIL PROTECTED] kaffe SecureRandomTest
gnu.java.security.provider.Gnu: name=GNU version=1.0
kaffe.security.provider.Kaffe: name=KAFFE version=1.0
java.lang.Error: The "secure" random isn't! : lpc=  0 lpc2 = 20 data = 
8bc7ec02ec7c04f87a13ec6120616ead831baeaf
   at java.lang.VMThrowable.fillInStackTrace (VMThrowable.java:native)
   at java.lang.VMThrowable.fillInStackTrace (VMThrowable.java:79)
   at java.lang.Throwable.fillInStackTrace (Throwable.java:498)
   at java.lang.Throwable.<init> (Throwable.java:159)
   at java.lang.Error.<init> (Error.java:81)
   at SecureRandomTest.checkHistory (SecureRandomTest.java:51)
   at SecureRandomTest.main (SecureRandomTest.java:89)

On Linux 2.6.7-co-0.6.2:
[EMAIL PROTECTED] kaffe SecureRandomTest
gnu.crypto.jce.GnuCrypto: name=GNU-CRYPTO version=2.1
org.metastatic.jessie.provider.Jessie: name=Jessie version=1.0
kaffe.security.provider.Kaffe: name=KAFFE version=1.0
gnu.java.security.provider.Gnu: name=GNU version=1.0
Two SecureRandoms produce different output.

_______________________________________________
kaffe mailing list
kaffe@kaffe.org
http://kaffe.org/cgi-bin/mailman/listinfo/kaffe