Re: java.lang.InternalError: Unexpected CryptoAPI failure generating seed

Christopher Schultz Tue, 25 Apr 2023 07:24:38 -0700

Thomas,

On 4/21/23 15:04, Thomas Worster wrote:

That document is mostly about a corrupted install in Weblogic, but after
that, it suggests making sure you are using the urandom (non-blocking)
random number generator.

This is Tomcat's Standard(Session)Manager generating a sessionidentifier. It should be using a "fast" PRNG and not thepotentially-slow one. Specifically, it uses SHA1PRNG by default.

There was a recent change to specifically request the SecureRandom seedbefore handing control over to the application, but I believe that isunrelated to the problem being experienced, here.

If you're using the blocking RNG, it would explain why the issue is
not easily repeatable.

-Djava.security.egd=file:/dev/./urandom

This hasn't been required since like Java 1.7. Also, Tomcat's code usesalternate configuration mechanisms and the value of java.security.egdshould not affect it.

I can't recall if the format of that string is the same in Windows, but it
should be similar.


It doesn't matter.

-chris

On Fri, Apr 21, 2023 at 2:15 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

Harri,

On 4/21/23 04:39, Harri Pesonen wrote:

No, I think that I have seen this only once now, but of course it might

have happened more than once.

Googling says that other people have seen this as well, but very

randomly.

Apparently the problem happens in Windows function, but JNI call does

not tell the reason for failure.

This happened in AWS cloud, perhaps the server was busy or something.
Or there is some kind of bug in JDK.
Probably this would need JDK developer to look at.
There might be solution here:
https://support.oracle.com/knowledge/Middleware/1492450_1.html#FIX
But I can't see it. 😊


I can't see it, either; I'm not an Oracle customer.


If this is rare, and Tomcat can't really do anything about it, I would
say "monitor your servers and restart them if necessary."

Sorry... it doesn't look like we really have any other choices, here.

-chris

-----Original Message-----
From: Christopher Schultz <ch...@christopherschultz.net>
Sent: torstai 20. huhtikuuta 2023 19.35
To: users@tomcat.apache.org
Subject: Re: java.lang.InternalError: Unexpected CryptoAPI failure

generating seed


Harri,

On 4/18/23 07:43, Harri Pesonen wrote:

Hello, we have:

Tomcat/8.5.83
Windows Server 2016
java.version=11.0.12
java.vendor=Azul Systems, Inc.
sun.arch.data.model=64

Sometimes Tomcat fails to start our application because of this error:

06:45:58.230 ERR> (Catalina-startStop-1)

(org.apache.catalina.startup.HostConfig#deployDescriptors) Error waiting
for multi-thread deployment of deployment descriptors to complete

java.util.concurrent.ExecutionException: java.lang.InternalError:

Unexpected CryptoAPI failure generating seed

at

java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)

at

java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)

at

org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:594)

at

org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:472)

at

org.apache.catalina.startup.HostConfig.start(HostConfig.java:1610)

at

org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:318)

at

org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)

at

org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)

at

org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366)

at

org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:962)

at

org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:833)

at

org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)

at

org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1427)

at

org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1417)

at

java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)

at

java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)

at

java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)

at

java.base/java.lang.Thread.run(Thread.java:829)

Caused by: java.lang.InternalError: Unexpected CryptoAPI failure

generating seed

at

java.base/sun.security.provider.NativeSeedGenerator.getSeedBytes(NativeSeedGenerator.java:62)

at

java.base/sun.security.provider.SeedGenerator.generateSeed(SeedGenerator.java:144)

at

java.base/sun.security.provider.SecureRandom$SeederHolder.<clinit>(SecureRandom.java:204)

at

java.base/sun.security.provider.SecureRandom.engineNextBytes(SecureRandom.java:222)

at

java.base/java.security.SecureRandom.nextBytes(SecureRandom.java:751)

at

java.base/java.security.SecureRandom.next(SecureRandom.java:808)

at

java.base/java.util.Random.nextInt(Random.java:329)

at

org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom(SessionIdGeneratorBase.java:290)

at

org.apache.catalina.util.SessionIdGeneratorBase.getRandomBytes(SessionIdGeneratorBase.java:222)

at

org.apache.catalina.util.StandardSessionIdGenerator.generateSessionId(StandardSessionIdGenerator.java:34)

at

org.apache.catalina.util.SessionIdGeneratorBase.generateSessionId(SessionIdGeneratorBase.java:214)

at

org.apache.catalina.util.SessionIdGeneratorBase.startInternal(SessionIdGeneratorBase.java:310)

at

org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)

at

org.apache.catalina.session.ManagerBase.startInternal(ManagerBase.java:670)

at

org.apache.catalina.session.StandardManager.startInternal(StandardManager.java:352)

at

org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)

at

org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5250)

at

org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)

at

org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:753)

at

org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:727)

at

org.apache.catalina.core.StandardHost.addChild(StandardHost.java:695)

at

org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:673)

at

org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1881)

at

java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)

                                ... 4 more

I googled and Java is calling Windows function and it fails.
There seems to be no fix for this problem.
Does anyone have any idea what is happening, and how to workaround?


That's a very weird error. Does it happen all the time?

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: java.lang.InternalError: Unexpected CryptoAPI failure generating seed

Reply via email to