Skip to content

Instantly share code, notes, and snippets.

@idletekz
Last active July 18, 2018 16:48
Show Gist options
  • Save idletekz/612206434dfee0e595889378013c557d to your computer and use it in GitHub Desktop.
Save idletekz/612206434dfee0e595889378013c557d to your computer and use it in GitHub Desktop.
unexpected cryptoapi failure generating seed
java.lang.InternalError: Unexpected CryptoAPI failure generating seed
at sun.security.provider.NativeSeedGenerator.getSeedBytes(Unknown Source)
at sun.security.provider.SeedGenerator.generateSeed(Unknown Source)
at sun.security.provider.SecureRandom.engineGenerateSeed(Unknown Source)
oracle provided solution,
The issue seems in the random number generator which is used to seed cryptography .
1.) Add following system property in setDomainEnv.cmd / setDomainEnv.sh in the JAVA_OPTIONS used on server startup -
-Djava.security.egd=file:/dev/./urandom
e.g-
JAVA_OPTIONS="${JAVA_OPTIONS} -Djava.security.egd=file:/dev/./urandom"
export JAVA_OPTIONS
On Windows systems, the URLs file:/dev/random and file:/dev/urandom enables use of the Microsoft CryptoAPI seed functionality.
===============
https://sottamjr.blogspot.com/2012/10/javalanginternalerror-unexpected.html
java.lang.InternalError: Unexpected CryptoAPI failure generating seed
Throwable: java.lang.InternalError: Unexpected CryptoAPI failure generating seed
Stack Trace:
java.lang.InternalError: Unexpected CryptoAPI failure generating seed
at sun.security.provider.NativeSeedGenerator.getSeedBytes(NativeSeedGenerator.java:43)
at sun.security.provider.SeedGenerator.generateSeed(SeedGenerator.java:117)
at sun.security.provider.SecureRandom.engineGenerateSeed(SecureRandom.java:114)
at java.security.SecureRandom.generateSeed(SecureRandom.java:495)
While generating seed to create random numbers, the exception is being thrown form the method bellow:
{
// fill array as a side effect
if (nativeGenerateSeed(result) == false) {
// should never happen if constructor check succeeds
throw new InternalError
("Unexpected CryptoAPI failure generating seed");
}
}
ref: sun.security.provider.NativeSeedGenerator
To generate random numbers, SSL security code relies upon entropy on a machine. Entropy is activity of the machine,If entropy is minimal or non-existent, then the random number generator will be slow and security operations may time out.
The class generates seeds for strong cryptographically number generator. It uses two techniques:
Computing current system activity:
Default, produced by counting the number of times the VM manages to loop in a perioud of time. Does not reflect machine load, and a number of sleeper threads are generated to add entropy.
Entropy gathering device:
Alternative, is to acquire material from entropy gathering device, such as /dev/random. By setting the "securerandom.source" security property of the /lib/security/java.security file.
Use the bellow command that starts the Java process as a possible solution:
-Djava.security.egd=file:///dev/urandom
or
-Djava.security.egd=file:/dev/./urandom
For further information, see Sun bugs 6202721 and 6521844 at:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6202721
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6521844
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment