RFR: 8325506: Ensure randomness is only read from provided SecureRandom object
Kevin Driver
kdriver at openjdk.org
Thu Feb 8 20:56:02 UTC 2024
On Thu, 8 Feb 2024 16:34:00 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Many crypto service classes require a `SecureRandom` object at initialization. This test goes through each of them and calculates (generate, encrypt, sign,...) twice with the same `SecureRandom` object and ensures the output is the same.
See above comment, but otherwise, this looks solid.
test/lib/jdk/test/lib/security/SeededSecureRandom.java line 36:
> 34: * system property to this recorded seed to reproduce the failure.
> 35: */
> 36: public class SeededSecureRandom extends SecureRandom {
Do you see any value in bringing this "helper class" from test over to the actual public API? Just a suggestion.
-------------
Marked as reviewed by kdriver (Committer).
PR Review: https://git.openjdk.org/jdk/pull/17776#pullrequestreview-1871237962
PR Review Comment: https://git.openjdk.org/jdk/pull/17776#discussion_r1483577625
More information about the core-libs-dev
mailing list