RFR: 8276550: Use SHA256 hash in build.tools.depend.Depend
Andrew John Hughes
andrew at openjdk.java.net
Wed Nov 3 21:03:13 UTC 2021
On Wed, 3 Nov 2021 11:54:39 GMT, Aleksey Shipilev <shade at openjdk.org> wrote:
> [JDK-8182285](https://bugs.openjdk.java.net/browse/JDK-8182285) added the incremental build capabilities for modules, by hashing the APIs of each module.
>
> The original change uses MD5, which is quite weak, and [JDK-8214483](https://bugs.openjdk.java.net/browse/JDK-8214483) allows `MessageDigest` to have no MD5 implementation. This is the cause of some build failures when using a FIPS-compliant boot JDK that has no MD5 implementation. I suggest we switch to the latest available hash instead.
>
> Additional testing:
> - [x] Linux x86_64 fastdebug build completes
> - [x] Linux x86_64 fastdebug build times do not regress
SHA-256 is the right choice here from the small list of required algorithms in the boot JDK. MD5 has already been removed from the list of required algorithms and SHA-1 deprecation for JARs is planned: https://java.com/en/jre-jdk-cryptoroadmap.html
-------------
Marked as reviewed by andrew (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/6231
More information about the build-dev
mailing list