-
-
Save idletekz/612206434dfee0e595889378013c557d to your computer and use it in GitHub Desktop.
unexpected cryptoapi failure generating seed
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
java.lang.InternalError: Unexpected CryptoAPI failure generating seed | |
at sun.security.provider.NativeSeedGenerator.getSeedBytes(Unknown Source) | |
at sun.security.provider.SeedGenerator.generateSeed(Unknown Source) | |
at sun.security.provider.SecureRandom.engineGenerateSeed(Unknown Source) | |
oracle provided solution, | |
The issue seems in the random number generator which is used to seed cryptography . | |
1.) Add following system property in setDomainEnv.cmd / setDomainEnv.sh in the JAVA_OPTIONS used on server startup - | |
-Djava.security.egd=file:/dev/./urandom | |
e.g- | |
JAVA_OPTIONS="${JAVA_OPTIONS} -Djava.security.egd=file:/dev/./urandom" | |
export JAVA_OPTIONS | |
On Windows systems, the URLs file:/dev/random and file:/dev/urandom enables use of the Microsoft CryptoAPI seed functionality. | |
=============== | |
https://sottamjr.blogspot.com/2012/10/javalanginternalerror-unexpected.html | |
java.lang.InternalError: Unexpected CryptoAPI failure generating seed | |
Throwable: java.lang.InternalError: Unexpected CryptoAPI failure generating seed | |
Stack Trace: | |
java.lang.InternalError: Unexpected CryptoAPI failure generating seed | |
at sun.security.provider.NativeSeedGenerator.getSeedBytes(NativeSeedGenerator.java:43) | |
at sun.security.provider.SeedGenerator.generateSeed(SeedGenerator.java:117) | |
at sun.security.provider.SecureRandom.engineGenerateSeed(SecureRandom.java:114) | |
at java.security.SecureRandom.generateSeed(SecureRandom.java:495) | |
While generating seed to create random numbers, the exception is being thrown form the method bellow: | |
{ | |
// fill array as a side effect | |
if (nativeGenerateSeed(result) == false) { | |
// should never happen if constructor check succeeds | |
throw new InternalError | |
("Unexpected CryptoAPI failure generating seed"); | |
} | |
} | |
ref: sun.security.provider.NativeSeedGenerator | |
To generate random numbers, SSL security code relies upon entropy on a machine. Entropy is activity of the machine,If entropy is minimal or non-existent, then the random number generator will be slow and security operations may time out. | |
The class generates seeds for strong cryptographically number generator. It uses two techniques: | |
Computing current system activity: | |
Default, produced by counting the number of times the VM manages to loop in a perioud of time. Does not reflect machine load, and a number of sleeper threads are generated to add entropy. | |
Entropy gathering device: | |
Alternative, is to acquire material from entropy gathering device, such as /dev/random. By setting the "securerandom.source" security property of the /lib/security/java.security file. | |
Use the bellow command that starts the Java process as a possible solution: | |
-Djava.security.egd=file:///dev/urandom | |
or | |
-Djava.security.egd=file:/dev/./urandom | |
For further information, see Sun bugs 6202721 and 6521844 at: | |
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6202721 | |
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6521844 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment