We can't set the SHA1PRNG random source reliably from within Akka. See #2977

2013-02-08 16:20:40 +01:00 · 2013-02-08 16:20:40 +01:00 · a54659e5b4
commit a54659e5b4
parent a31d98340f
4 changed files with 4 additions and 21 deletions
--- a/akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala
+++ b/akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala
@ -29,8 +29,6 @@ private[akka] class SSLSettings(config: Config) {

  val SSLProtocol = Option(getString("protocol")).filter(_.length > 0)

-  val SSLRandomSource = Option(getString("sha1prng-random-source")).filter(_.length > 0)
-
  val SSLRandomNumberGenerator = Option(getString("random-number-generator")).filter(_.length > 0)

  // FIXME: Change messages to reflect new configuration
@ -58,17 +56,7 @@ private[akka] object NettySSLSupport {
  def apply(settings: SSLSettings, log: LoggingAdapter, isClient: Boolean): SslHandler =
    if (isClient) initializeClientSSL(settings, log) else initializeServerSSL(settings, log)

-  def initializeCustomSecureRandom(rngName: Option[String], sourceOfRandomness: Option[String], log: LoggingAdapter): SecureRandom = {
-    /**
-     * According to this bug report: http://bugs.sun.com/view_bug.do?bug_id=6202721
-     * Using /dev/./urandom is only necessary when using SHA1PRNG on Linux
-     * <quote>Use 'new SecureRandom()' instead of 'SecureRandom.getInstance("SHA1PRNG")'</quote> to avoid having problems
-     */
-    sourceOfRandomness foreach { path ⇒
-      System.setProperty("java.security.egd", path)
-      System.setProperty("securerandom.source", path)
-    }
-
+  def initializeCustomSecureRandom(rngName: Option[String], log: LoggingAdapter): SecureRandom = {
    val rng = rngName match {
      case Some(r @ ("AES128CounterSecureRNG" | "AES256CounterSecureRNG" | "AES128CounterInetRNG" | "AES256CounterInetRNG")) ⇒
        log.debug("SSL random number generator set to: {}", r)
@ -94,7 +82,7 @@ private[akka] object NettySSLSupport {

    def constructClientContext(settings: SSLSettings, log: LoggingAdapter, trustStorePath: String, trustStorePassword: String, protocol: String): Option[SSLContext] =
      try {
-        val rng = initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, settings.SSLRandomSource, log)
+        val rng = initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, log)
        val trustManagers: Array[TrustManager] = {
          val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm)
          trustManagerFactory.init({
@ -143,7 +131,7 @@ private[akka] object NettySSLSupport {

    def constructServerContext(settings: SSLSettings, log: LoggingAdapter, keyStorePath: String, keyStorePassword: String, protocol: String): Option[SSLContext] =
      try {
-        val rng = initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, settings.SSLRandomSource, log)
+        val rng = initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, log)
        val factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm)
        factory.init({
          val keyStore = KeyStore.getInstance(KeyStore.getDefaultType)
--- a/akka-remote/src/test/scala/akka/remote/RemotingSpec.scala
+++ b/akka-remote/src/test/scala/akka/remote/RemotingSpec.scala
@ -48,7 +48,6 @@ object RemotingSpec {
      protocol = "TLSv1"
      random-number-generator = "AES128CounterSecureRNG"
      enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA]
-      sha1prng-random-source = "/dev/./urandom"
    }

    akka {
--- a/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala
+++ b/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala
@ -48,7 +48,6 @@ object Configuration {
          protocol = "TLSv1"
          random-number-generator = "%s"
          enabled-algorithms = [%s]
-          sha1prng-random-source = "/dev/./urandom"
        }
      }
    }
@ -65,8 +64,7 @@ object Configuration {
      val fullConfig = config.withFallback(AkkaSpec.testConf).withFallback(ConfigFactory.load).getConfig("akka.remote.netty.ssl.ssl")
      val settings = new SSLSettings(fullConfig)

-      val rng = NettySSLSupport.initializeCustomSecureRandom(settings.SSLRandomNumberGenerator,
-        settings.SSLRandomSource, NoLogging)
+      val rng = NettySSLSupport.initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, NoLogging)

      rng.nextInt() // Has to work
      settings.SSLRandomNumberGenerator foreach {
--- a/akka-remote/src/test/scala/akka/remote/Ticket1978ConfigSpec.scala
+++ b/akka-remote/src/test/scala/akka/remote/Ticket1978ConfigSpec.scala
@ -19,7 +19,6 @@ class Ticket1978ConfigSpec extends AkkaSpec with ImplicitSender with DefaultTime
      protocol = "TLSv1"
      random-number-generator = "AES128CounterSecureRNG"
      enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA]
-      sha1prng-random-source = "/dev/./urandom"
    }""")

  "SSL Remoting" must {
@ -32,7 +31,6 @@ class Ticket1978ConfigSpec extends AkkaSpec with ImplicitSender with DefaultTime
      settings.SSLTrustStorePassword must be(Some("changeme"))
      settings.SSLProtocol must be(Some("TLSv1"))
      settings.SSLEnabledAlgorithms must be(Set("TLS_RSA_WITH_AES_128_CBC_SHA"))
-      settings.SSLRandomSource must be(Some("/dev/./urandom"))
      settings.SSLRandomNumberGenerator must be(Some("AES128CounterSecureRNG"))
    }
  }