HPE Community
Operating System - Linux
1751843 Members
5810 Online
108782 Solutions
New Discussion юеВ

Appserver does not start if KRNG11i patch is there

 
Saritha_1
Occasional Contributor

тАО08-12-2005 02:02 AM

тАО08-12-2005 02:02 AM

Appserver does not start if KRNG11i patch is there

We have some issue with Patch named KRNG11i over HP-UX. When we have this patch installed on our machine,our appserver don't comes up giving Error something like shown below: ========================= java.lang.ExceptionInInitializerError
at com.sun.enterprise.admin.server.core.channel.AdminChannel.getPreviousSeed(AdminChannel.java:253)
at com.sun.enterprise.admin.server.core.channel.AdminChannel.createSharedSecret(AdminChannel.java:108)
at com.sun.enterprise.ee.nodeagent.NodeAgentMain.startup(NodeAgentMain.java:115)
at com.sun.enterprise.ee.nodeagent.NodeAgentMain.main(NodeAgentMain.java:190)
Caused by: java.security.ProviderException: setSeed() failed
at sun.security.provider.NativePRNG$RandomIO.implSetSeed(NativePRNG.java:253)
at sun.security.provider.NativePRNG$RandomIO.access$100(NativePRNG.java:108)
at sun.security.provider.NativePRNG.engineSetSeed(NativePRNG.java:92)
at java.security.SecureRandom.setSeed(SecureRandom.java:400)
at com.sun.enterprise.server.J2EEServer.(J2EEServer.java:84)
... 4 more
Caused by: java.io.IOException: No such device (errno:19)
at java.io.FileOutputStream.writeBytes(Native Method)
at java.io.FileOutputStream.write(FileOutputStream.java:247)
at sun.security.provider.NativePRNG$RandomIO.implSetSeed(NativePRNG.java:251)

======================================

As it is clear from exception trace , origin of this exception is J2EEServer (line no. 84 ), where it is trying to do setSeed(). For this java use algorithm named "NativePRNG" in which it reads random bytes directly from /dev/urandom. Now the concern is this NativePRNG algorith is not implemented for HP-UX , so it dont works on HP-UX and it gives exception. Due to exsistence of KRNG11i , it always gives peference to urandom device for random no. generation which is installed by this patch , which is the cause of above exception.

Now we have one fix , for which we may need to change following : Fix suggestion : =====================================
Orginal code ~~~~~~~~~~~~~~~~
public static final SecureRandom secureRandom = new SecureRandom();
static {
secureRandom.setSeed(System.currentTimeMillis());
}
Suggested fix is : ~~~~~~~~~~~~~~~~
try{
SecureRandom random = SecureRandom.getInstance("SHAiPRNG");
random.setSeed(System.currentTimeMillis());
System.out.println("Executed Successfully");
} catch(Exception e){ System.out.println("No Such Algorithm");} ========================================

Implies we want to just change the algorithm used for random no. generation. But we dont know the actual impact.

Now my question is if we do as said above,
can anyone tell what could be the impact?
Any better solution than this?

Thanks
Saritha
0 Kudos
Reply
3 REPLIES 3
RAC_1
Honored Contributor

тАО08-12-2005 02:11 AM

тАО08-12-2005 02:11 AM

Re: Appserver does not start if KRNG11i patch is there

The error No such device (errno:19)

makes me think that do you have device files /dev/urandom and /dev/random with appropriate perms??
There is no substitute to HARDWORK
0 Kudos
Reply
Saritha_1
Occasional Contributor

тАО08-29-2005 12:54 AM

тАО08-29-2005 12:54 AM

Re: Appserver does not start if KRNG11i patch is there

we have /dev/random and /dev/urandom with appropriate permissions
0 Kudos
Reply
RAC_1
Honored Contributor

тАО08-29-2005 01:34 AM

тАО08-29-2005 01:34 AM

Re: Appserver does not start if KRNG11i patch is there

If you do not use KRNG for anything else, you may set KRNG driver to N and get rid of /dev/random and /dev/urandom.
(As I am aware latest version of ssh do use that) Check release for details.

This way your application server would use it's own PRNG machanism and should hev no problems.

Also, dos apps server have a setting that you can use to use it's native PRNG first, else KRNG??
There is no substitute to HARDWORK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.