Re: [kaffe] SecureRandomTest failed
Hi,
Ok. The old native code was checking the error code use more basic
functions if ioctl was failing. The TARGET_* layer is just using one way
to test things. I don't know if I must curse it or bless it. Grmbl..
Let's wait for Dalibor's patch and then we'll fix that.
Thank you very much Ito !
Regards,
Guilhem Lavaux.
On Mon, 2005-07-25 at 11:39 +0900, Ito Kazumitsu wrote:
> From: Ito Kazumitsu <[EMAIL PROTECTED]>
> Subject: Re: [kaffe] SecureRandomTest failed
> Date: Sun, 24 Jul 2005 08:18:31 +0900 (JST)
>
> > java.io.IOException: Inappropriate ioctl for device
>
> I am afraid that on FreeBSD, ioctl with FIONREAD cannot
> be used for file IO.
>
> The following simple program shows errno == 25 (Inappropriate ioctl
> for device).
>
> #include
> #include
> #include
> #include
>
> int main(int argc, char* argv) {
>
> int n;
> int fd;
>
> fd = open("test.c", O_RDONLY);
> int rc = ioctl(fd,FIONREAD,&n);
> printf("%d, %d\n", rc, errno);
>
> }
>
> ___
> kaffe mailing list
> kaffe@kaffe.org
> http://kaffe.org/cgi-bin/mailman/listinfo/kaffe
___
kaffe mailing list
kaffe@kaffe.org
http://kaffe.org/cgi-bin/mailman/listinfo/kaffe
Re: [kaffe] SecureRandomTest failed
From: Ito Kazumitsu <[EMAIL PROTECTED]>
Subject: Re: [kaffe] SecureRandomTest failed
Date: Sun, 24 Jul 2005 08:18:31 +0900 (JST)
> java.io.IOException: Inappropriate ioctl for device
I am afraid that on FreeBSD, ioctl with FIONREAD cannot
be used for file IO.
The following simple program shows errno == 25 (Inappropriate ioctl
for device).
#include
#include
#include
#include
int main(int argc, char* argv) {
int n;
int fd;
fd = open("test.c", O_RDONLY);
int rc = ioctl(fd,FIONREAD,&n);
printf("%d, %d\n", rc, errno);
}
___
kaffe mailing list
kaffe@kaffe.org
http://kaffe.org/cgi-bin/mailman/listinfo/kaffe
Re: [kaffe] SecureRandomTest failed
Hi Guilhem,
From: Guilhem Lavaux <[EMAIL PROTECTED]>
Subject: Re: [kaffe] SecureRandomTest failed
Date: Sat, 23 Jul 2005 09:01:01 +0200
> Thanks for the analysis. Actually with your second report I have feared
> that the providers in java.security were not loaded. It apparently is
> the case as you have reported. It would be interesting if you have some
> time for this to check what happens in java.security.Security.
> and loadProviders. I know that some exceptions are hidden there and
> these functions are in charge of loading the providers.
Yes, inserting System.err.prinln() into java/security/Security.java,
I got:
loadProviders loading: file:///path-to-kaffe/jre/lib/security/Kaffe.security
loadProviders caught java.io.FileNotFoundException: No such file or directory
loadProviders loading: file:///path-to-kaffe/jre/lib/security/java.security
loadProviders caught java.io.IOException: Inappropriate ioctl for device
loadProviders loading: file:///path-to-kaffe/jre/lib/security/classpath.security
loadProviders caught java.io.FileNotFoundException: No such file or directory
So the cause of error is "java.io.IOException: Inappropriate ioctl for device".
This is my simplified test case:
$ cat URLTest.java
import java.io.*;
import java.net.URL;
public final class URLTest
{
public static void main(String[] args)
{
String filestr = args[0];
try
{
System.err.println("loading: " + filestr);
InputStream fin = new URL(filestr).openStream();
BufferedReader reader =
new BufferedReader(new InputStreamReader(fin, "ISO-8859-1"));
String line;
while ((line = reader.readLine()) != null)
{
}
}
catch (IOException e)
{
e.printStackTrace();
}
}
}
$ path-to-kaffe/bin/java URLTest
file:///path-to-kaffe/jre/lib/security/java.security
loading: file:///path-to-kaffe/jre/lib/security/java.security
java.io.IOException: Inappropriate ioctl for device
at gnu.java.nio.channels.FileChannelImpl.available (FileChannelImpl.java)
at java.io.FileInputStream.available (FileInputStream.java:165)
at java.io.FilterInputStream.available (FilterInputStream.java:129)
at java.io.BufferedInputStream.read (BufferedInputStream.java:276)
at java.io.FilterInputStream.read (FilterInputStream.java:173)
at java.io.InputStreamReader.read (InputStreamReader.java:395)
at java.io.BufferedReader.fill (BufferedReader.java:373)
at java.io.BufferedReader.readLine (BufferedReader.java:475)
at URLTest.main (URLTest.java:15)
Using URL here seems to be significant. Changing the test program so that
it uses FileInputStream instead of URL.openStream(), I got no exception.
___
kaffe mailing list
kaffe@kaffe.org
http://kaffe.org/cgi-bin/mailman/listinfo/kaffe
Re: [kaffe] SecureRandomTest failed
Hi Ito,
Thanks for the analysis. Actually with your second report I have feared
that the providers in java.security were not loaded. It apparently is
the case as you have reported. It would be interesting if you have some
time for this to check what happens in java.security.Security.
and loadProviders. I know that some exceptions are hidden there and
these functions are in charge of loading the providers.
Thanks !
Regards,
Guilhem Lavaux.
On Sat, 2005-07-23 at 07:13 +0900, Ito Kazumitsu wrote:
> > I am afraid something has changed so that Security.getProviders() returns
> >
> > gnu.java.security.provider.Gnu: name=GNU version=1.0
> >
> > before
> >
> > kaffe.security.provider.Kaffe: name=KAFFE version=1.0
>
> Yes, gnu.java.security.provider.Gnu comes first. But that depends
> on the environment.
>
> I have found two independent problems related to this issue.
>
> (1) In some environment, e.g. my case with FreeBSD 5.4-RELEASE,
> Security.getProviders() by default lists only
> gnu.java.security.provider.Gnu. So if you add
> kaffe.security.provider.Kaffe, it is listed after
> gnu.java.security.provider.Gnu.
>
> But in another environment, Security.getProviders() by default lists
> gnu.crypto.jce.GnuCrypto
> org.metastatic.jessie.provider.Jessie
> kaffe.security.provider.Kaffe
> gnu.java.security.provider.Gnu
> in this order. So if you add kaffe.security.provider.Kaffe,
> it is not added because it is already there.
> Older Kaffe on FreeBSD 5.4-RELEASE also behaved this way.
>
> (2) The SHA1PRNG algorithm provided by gnu.java.security.provider.Gnu
> is not secure enough because differnt instances always produce the
> same result. So in an environment where the problem (1) exists,
> SecureRandomTest fails.
>
> To study this problem, I patched SecureRandomTest.java for debuging.
>
> --- SecureRandomTest.java.origThu Feb 24 23:42:08 2005
> +++ SecureRandomTest.java Sat Jul 23 05:52:43 2005
> @@ -64,6 +64,10 @@
> byte data[];
>
> Security.addProvider(new kaffe.security.provider.Kaffe());
> + Provider[] pp = Security.getProviders();
> + for (int i=0; i < pp.length; i++) {
> + System.err.println(pp[i]);
> + }
>
> /*
>* Make sure the SecureRandom's produce different sequences after
>
> Then I tested this program on FreeBSD 5.4-RELEASE and Linux 2.6.7-co-0.6.2.
> In both cases, I used kaffe whose ChangeLog head is:
>2005-07-22 Guilhem Lavaux <[EMAIL PROTECTED]>
>
> On FreeBSD 5.4-RELEASE:
> [EMAIL PROTECTED] kaffe SecureRandomTest
> gnu.java.security.provider.Gnu: name=GNU version=1.0
> kaffe.security.provider.Kaffe: name=KAFFE version=1.0
> java.lang.Error: The "secure" random isn't! : lpc= 0 lpc2 = 20 data =
> 8bc7ec02ec7c04f87a13ec6120616ead831baeaf
>at java.lang.VMThrowable.fillInStackTrace (VMThrowable.java:native)
>at java.lang.VMThrowable.fillInStackTrace (VMThrowable.java:79)
>at java.lang.Throwable.fillInStackTrace (Throwable.java:498)
>at java.lang.Throwable. (Throwable.java:159)
>at java.lang.Error. (Error.java:81)
>at SecureRandomTest.checkHistory (SecureRandomTest.java:51)
>at SecureRandomTest.main (SecureRandomTest.java:89)
>
> On Linux 2.6.7-co-0.6.2:
> [EMAIL PROTECTED] kaffe SecureRandomTest
> gnu.crypto.jce.GnuCrypto: name=GNU-CRYPTO version=2.1
> org.metastatic.jessie.provider.Jessie: name=Jessie version=1.0
> kaffe.security.provider.Kaffe: name=KAFFE version=1.0
> gnu.java.security.provider.Gnu: name=GNU version=1.0
> Two SecureRandoms produce different output.
>
> ___
> kaffe mailing list
> kaffe@kaffe.org
> http://kaffe.org/cgi-bin/mailman/listinfo/kaffe
___
kaffe mailing list
kaffe@kaffe.org
http://kaffe.org/cgi-bin/mailman/listinfo/kaffe
Re: [kaffe] SecureRandomTest failed
> I am afraid something has changed so that Security.getProviders() returns
>
> gnu.java.security.provider.Gnu: name=GNU version=1.0
>
> before
>
> kaffe.security.provider.Kaffe: name=KAFFE version=1.0
Yes, gnu.java.security.provider.Gnu comes first. But that depends
on the environment.
I have found two independent problems related to this issue.
(1) In some environment, e.g. my case with FreeBSD 5.4-RELEASE,
Security.getProviders() by default lists only
gnu.java.security.provider.Gnu. So if you add
kaffe.security.provider.Kaffe, it is listed after
gnu.java.security.provider.Gnu.
But in another environment, Security.getProviders() by default lists
gnu.crypto.jce.GnuCrypto
org.metastatic.jessie.provider.Jessie
kaffe.security.provider.Kaffe
gnu.java.security.provider.Gnu
in this order. So if you add kaffe.security.provider.Kaffe,
it is not added because it is already there.
Older Kaffe on FreeBSD 5.4-RELEASE also behaved this way.
(2) The SHA1PRNG algorithm provided by gnu.java.security.provider.Gnu
is not secure enough because differnt instances always produce the
same result. So in an environment where the problem (1) exists,
SecureRandomTest fails.
To study this problem, I patched SecureRandomTest.java for debuging.
--- SecureRandomTest.java.orig Thu Feb 24 23:42:08 2005
+++ SecureRandomTest.java Sat Jul 23 05:52:43 2005
@@ -64,6 +64,10 @@
byte data[];
Security.addProvider(new kaffe.security.provider.Kaffe());
+ Provider[] pp = Security.getProviders();
+ for (int i=0; i < pp.length; i++) {
+ System.err.println(pp[i]);
+ }
/*
* Make sure the SecureRandom's produce different sequences after
Then I tested this program on FreeBSD 5.4-RELEASE and Linux 2.6.7-co-0.6.2.
In both cases, I used kaffe whose ChangeLog head is:
2005-07-22 Guilhem Lavaux <[EMAIL PROTECTED]>
On FreeBSD 5.4-RELEASE:
[EMAIL PROTECTED] kaffe SecureRandomTest
gnu.java.security.provider.Gnu: name=GNU version=1.0
kaffe.security.provider.Kaffe: name=KAFFE version=1.0
java.lang.Error: The "secure" random isn't! : lpc= 0 lpc2 = 20 data =
8bc7ec02ec7c04f87a13ec6120616ead831baeaf
at java.lang.VMThrowable.fillInStackTrace (VMThrowable.java:native)
at java.lang.VMThrowable.fillInStackTrace (VMThrowable.java:79)
at java.lang.Throwable.fillInStackTrace (Throwable.java:498)
at java.lang.Throwable. (Throwable.java:159)
at java.lang.Error. (Error.java:81)
at SecureRandomTest.checkHistory (SecureRandomTest.java:51)
at SecureRandomTest.main (SecureRandomTest.java:89)
On Linux 2.6.7-co-0.6.2:
[EMAIL PROTECTED] kaffe SecureRandomTest
gnu.crypto.jce.GnuCrypto: name=GNU-CRYPTO version=2.1
org.metastatic.jessie.provider.Jessie: name=Jessie version=1.0
kaffe.security.provider.Kaffe: name=KAFFE version=1.0
gnu.java.security.provider.Gnu: name=GNU version=1.0
Two SecureRandoms produce different output.
___
kaffe mailing list
kaffe@kaffe.org
http://kaffe.org/cgi-bin/mailman/listinfo/kaffe
Re: [kaffe] SecureRandomTest failed
> Today's regression test failure:
>
> [EMAIL PROTECTED] cat test/regression/SecureRandomTest.fail
> java.lang.Error: The "secure" random isn't! : lpc= 0 lpc2 = 20 data =
> 8bc7ec02ec7c04f87a13ec6120616ead831baeaf
I am afraid something has changed so that Security.getProviders() returns
gnu.java.security.provider.Gnu: name=GNU version=1.0
before
kaffe.security.provider.Kaffe: name=KAFFE version=1.0
With an older kaffe whose ChangeLog head is
2005-06-29 Guilhem Lavaux <[EMAIL PROTECTED]>,
with which SecureRandomTest passed, I can reproduce the error
by forcing SecureRandomTest to use gnu.java.security.provider.Gnu.
Change the lines in SecureRandomTest.java that read
sr = SecureRandom.getInstance("SHA1PRNG");
to
sr = SecureRandom.getInstance("SHA1PRNG", "GNU");
and you will see the same error.
___
kaffe mailing list
kaffe@kaffe.org
http://kaffe.org/cgi-bin/mailman/listinfo/kaffe
[kaffe] SecureRandomTest failed
Hi, Today's regression test failure: [EMAIL PROTECTED] cat test/regression/SecureRandomTest.fail java.lang.Error: The "secure" random isn't! : lpc= 0 lpc2 = 20 data = 8bc7ec02ec7c04f87a13ec6120616ead831baeaf at java.lang.VMThrowable.fillInStackTrace (VMThrowable.java:native) at java.lang.VMThrowable.fillInStackTrace (VMThrowable.java:79) at java.lang.Throwable.fillInStackTrace (Throwable.java:498) at java.lang.Throwable. (Throwable.java:159) at java.lang.Error. (Error.java:81) at SecureRandomTest.checkHistory (SecureRandomTest.java:51) at SecureRandomTest.main (SecureRandomTest.java:85) [EMAIL PROTECTED] /disk/kaz/work/kaffe-inst/bin/kaffe -fullversion kaffe VM "1.1.x-cvs" Copyright (c) 1996-2005 Kaffe.org project contributors (please see the source code for a full list of contributors). All rights reserved. Portions Copyright (c) 1996-2002 Transvirtual Technologies, Inc. The Kaffe virtual machine is free software, licensed under the terms of the GNU General Public License. Kaffe.org is a an independent, free software community project, not directly affiliated with Transvirtual Technologies, Inc. Kaffe is a Trademark of Transvirtual Technologies, Inc. Kaffe comes with ABSOLUTELY NO WARRANTY. Engine: Just-in-time v3 Version: 1.1.x-cvs Java Version: 1.4 Heap defaults: minimum size: 5 MB, maximum size: unlimited Stack default size: 256 KB Configuration/Compilation options: ) Compile date : Thu Jul 21 00:08:47 JST 2005 Compile host : ph.maczuka.gcd.org Install prefix : /disk/kaz/work/kaffe-inst Thread system: unix-pthreads Garbage Collector: kaffe-gc CC : gcc CFLAGS : -g -O2 -Wall -D_THREAD_SAFE -pthread LDFLAGS : ChangeLog head : 2005-07-20 Wolfgang Baer <[EMAIL PROTECTED]> [EMAIL PROTECTED] uname -a FreeBSD ph.maczuka.gcd.org 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May 8 10:21:06 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 ___ kaffe mailing list kaffe@kaffe.org http://kaffe.org/cgi-bin/mailman/listinfo/kaffe
