49336618a762eff280621cf7474021e06e8521fa |
|
28-Aug-2013 |
Alex Klyubin <klyubin@google.com> |
Self-seed OpenSSL-backed SecureRandom from /dev/urandom. OpenSSL-backed SecureRandom instances do not currently self-seed. These instances are backed by OpenSSL's default RAND engine (SSLeay) which initilizes itself only once per process from /dev/urandom. As a result, these SecureRandom instances do not pull any new entropy from the Linux RNG when used. This CL makes OpenSSL-backed SecureRandom instances pull new entropy from /dev/urandom into OpenSSL's RAND engine during the self-seeding of the SecureRandom instances. This is similar to how new entropy is pulled into OpenSSL's RAND engine from /dev/urandom by OpenSSLSocketImpl. benchmark us linear runtime Before Change 21.3 ============================ After Change 537.8 ============================== Change-Id: I1d7467eac99b3627b64fbdb3e98be644581171bb
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLRandom.java
|