You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Gary Gregory (JIRA)" <ji...@apache.org> on 2016/11/26 18:07:58 UTC

[jira] [Commented] (CRYPTO-133) OpenSslCryptoRandomNative.nextRandBytes not thread safe

    [ https://issues.apache.org/jira/browse/CRYPTO-133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15698291#comment-15698291 ] 

Gary Gregory commented on CRYPTO-133:
-------------------------------------

Maybe what we need is clear Javadoc on what is thread-safe now. Then we can evolve from there and see if we want to make changes to make some code thread-safe. Otherwise, user's can just create separate objects for not thread-safe code.

> OpenSslCryptoRandomNative.nextRandBytes not thread safe
> -------------------------------------------------------
>
>                 Key: CRYPTO-133
>                 URL: https://issues.apache.org/jira/browse/CRYPTO-133
>             Project: Commons Crypto
>          Issue Type: Bug
>            Reporter: Hendrik Saly
>
> Seems that AbstractRandomTest.testRandomBytesMultiThreaded is failing for OpenSslCryptoRandomNative.nextRandBytes.
> Testcase throws exceptions like
> {code}
> java.lang.IllegalArgumentException: The nextRandBytes method failed
> 	at org.apache.commons.crypto.random.OpenSslCryptoRandom.nextBytes(OpenSslCryptoRandom.java:108)
> 	at org.apache.commons.crypto.random.AbstractRandomTest.checkRandomBytes(AbstractRandomTest.java:94)
> 	at org.apache.commons.crypto.random.AbstractRandomTest.access$000(AbstractRandomTest.java:30)
> 	at org.apache.commons.crypto.random.AbstractRandomTest$1.run(AbstractRandomTest.java:63)
> {code}
> When adding a 'synchronized' modifier to OpenSslCryptoRandomNative.nextRandBytes it works.
> So IMHO there are two bugs that need to be resolved:
> 1) fix testcase AbstractRandomTest.testRandomBytesMultiThreaded in that way that it fails when exception are thrown
> 2) fix OpenSslCryptoRandomNative.nextRandBytes no be thread safe (of course not by adding 'synchronized', seems like locks_setup() is broken somehow in https://github.com/apache/commons-crypto/blob/master/src/main/native/org/apache/commons/crypto/random/OpenSslCryptoRandomNative.c#L299 
> The testcase can be fixed with something like this
> {code}
>     @Test(timeout = 120000)
>     public void testRandomBytesMultiThreaded() throws Exception {
>         final int threadCount = 100;
>         final AtomicBoolean hasErrors = new AtomicBoolean();
>         try (final CryptoRandom random = getCryptoRandom()) {
>             final List<Thread> threads = new ArrayList<>(threadCount);
>             for (int i = 0; i < threadCount; i++) {
>                 Thread t = new Thread(new Runnable() {
>                     @Override
>                     public void run() {
>                         try {
> 							checkRandomBytes(random, 10);
> 							checkRandomBytes(random, 1000);
> 							checkRandomBytes(random, 100000);
> 						} catch (Exception e) {
> 							hasErrors.set(true);
> 							e.printStackTrace();
> 						}
>                     }
>                 });
>                 t.start();
>                 threads.add(t);
>             }
>             for (Thread t : threads) {
>                 if (!t.getState().equals(State.NEW)) {
>                     t.join();
>                 }
>             }
>             
>             if(hasErrors.get()) {
>             	Assert.fail();
>             }
>         }
>     }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)