RFR 8156501: DRBG not synchronized at reseeding
Xuelei Fan
xuelei.fan at oracle.com
Thu May 12 01:31:41 UTC 2016
Looks fine to me except a minor comment:
AbstractDrbg.java
=================
54 * Since 8098581, there is no more synchronized keyword on
SecureRandom APIs.
55 * An implementation is required to protect shared access to
instantiate states
56 * (instantiated, nonce) and DRBG states (v, c, key, reseedCounter).
This looks more like a code review description and may not suitable in
source code as the code reader may not want to search for 8098581 and
look back the history. I would suggest remove these lines.
Thanks,
Xuelei
On 5/12/2016 9:16 AM, Wang Weijun wrote:
> Ping again, and webrev updated at
>
> http://cr.openjdk.java.net/~weijun/8156501/webrev.01/
>
> Volatile keyword added to reseedCounter.
>
> Thanks
> Max
>
>> On May 9, 2016, at 11:51 AM, Wang Weijun <weijun.wang at oracle.com> wrote:
>>
>> Hi All
>>
>> Please review the fix at
>>
>> http://cr.openjdk.java.net/~weijun/8156501/webrev.00
>>
>> Many thanks to Siba for discovering this problem. I have only benchmarked nextBytes() before.
>>
>> Some clarifications:
>>
>> 1. No need to synchronize configure anymore() because it's always called inside a constructor.
>>
>> 2. synchronized-between-double-check in engineNextBytes() to protect reseedCounter.
>>
>> Thanks
>> Max
>>
>
More information about the security-dev
mailing list