From a5af5837377bcad2adc674a0682717d24a436f69 Mon Sep 17 00:00:00 2001 From: Takahiro Nagao Date: Mon, 2 Dec 2024 21:41:12 +0900 Subject: [PATCH] Fix hang-up due to blocking PRNG returned by SecureRandom.getInstanceStrong() Signed-off-by: Takahiro Nagao --- .../persistence/config/SystemProperties.java | 13 +++++++++++++ .../internal/security/JCEEncryptor.java | 15 +++++++++++---- .../internal/security/PrivilegedAccessHelper.java | 2 ++ 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/config/SystemProperties.java b/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/config/SystemProperties.java index 3db1f43a980..b6c5f2f3db1 100644 --- a/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/config/SystemProperties.java +++ b/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/config/SystemProperties.java @@ -1,5 +1,6 @@ /* * Copyright (c) 1998, 2024 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2024 Contributors to the Eclipse Foundation. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0 which is available at @@ -271,6 +272,18 @@ public final class SystemProperties { */ public static final String ASM_SERVICE = "eclipselink.asm.service"; + /** + *

+ * This property control the random number generator (RNG) used for password encryption. + *

+ * Allowed Values (case sensitive String): + *

+ */ + public static final String SECURITY_ENCRYPTOR_USE_STRONG_RANDOM_NUMBER_GENERATOR = "eclipselink.security.encryptor.use.strong.random.number.generator"; + private SystemProperties() { // no instance please } diff --git a/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/JCEEncryptor.java b/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/JCEEncryptor.java index a9aaac65a2c..d5d21d55bc0 100644 --- a/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/JCEEncryptor.java +++ b/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/JCEEncryptor.java @@ -1,5 +1,6 @@ /* * Copyright (c) 1998, 2024 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2024 Contributors to the Eclipse Foundation. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0 which is available at @@ -14,6 +15,7 @@ // Oracle - initial API and implementation from Oracle TopLink package org.eclipse.persistence.internal.security; +import org.eclipse.persistence.config.SystemProperties; import org.eclipse.persistence.exceptions.ConversionException; import org.eclipse.persistence.exceptions.ValidationException; import org.eclipse.persistence.internal.helper.Helper; @@ -125,10 +127,15 @@ private static SecretKey getAESGCMMultitasker() throws Exception { private static byte[] getIvGCM() { byte[] ivGCM = new byte[IV_GCM_LENGTH]; SecureRandom random = null; - try { - random = SecureRandom.getInstanceStrong(); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); + String useStrongRNG = PrivilegedAccessHelper.getSystemProperty(SystemProperties.SECURITY_ENCRYPTOR_USE_STRONG_RANDOM_NUMBER_GENERATOR); + if (Boolean.parseBoolean(useStrongRNG)) { + try { + random = SecureRandom.getInstanceStrong(); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + } else { + random = new SecureRandom(); } random.nextBytes(ivGCM); return ivGCM; diff --git a/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/PrivilegedAccessHelper.java b/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/PrivilegedAccessHelper.java index bfa0213eebb..59edd0d08ac 100644 --- a/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/PrivilegedAccessHelper.java +++ b/foundation/org.eclipse.persistence.core/src/main/java/org/eclipse/persistence/internal/security/PrivilegedAccessHelper.java @@ -1,5 +1,6 @@ /* * Copyright (c) 1998, 2024 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2024 Contributors to the Eclipse Foundation. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0 which is available at @@ -73,6 +74,7 @@ public class PrivilegedAccessHelper { SystemProperties.CONCURRENCY_MANAGER_ACQUIRE_WAIT_TIME, SystemProperties.CONCURRENCY_MANAGER_BUILD_OBJECT_COMPLETE_WAIT_TIME, SystemProperties.CONCURRENCY_MANAGER_MAX_SLEEP_TIME, SystemProperties.CONCURRENCY_MANAGER_MAX_FREQUENCY_DUMP_TINY_MESSAGE, SystemProperties.CONCURRENCY_MANAGER_MAX_FREQUENCY_DUMP_MASSIVE_MESSAGE, SystemProperties.CONCURRENCY_MANAGER_ALLOW_INTERRUPTED_EXCEPTION, SystemProperties.CONCURRENCY_MANAGER_ALLOW_CONCURRENCY_EXCEPTION, SystemProperties.CONCURRENCY_MANAGER_ALLOW_STACK_TRACE_READ_LOCK, + SystemProperties.SECURITY_ENCRYPTOR_USE_STRONG_RANDOM_NUMBER_GENERATOR, ServerPlatformBase.JMX_REGISTER_RUN_MBEAN_PROPERTY, ServerPlatformBase.JMX_REGISTER_DEV_MBEAN_PROPERTY, XMLPlatformFactory.XML_PLATFORM_PROPERTY}; private final static Set legalPropertiesSet = Set.of(legalProperties);