[14] RFR JDK-8228613 "java.security.Provider#getServices order is no longer deterministic"
Weijun Wang
weijun.wang at oracle.com
Sun Aug 11 02:32:59 UTC 2019
The spec for SecureRandom has:
/**
* Constructs a secure random number generator (RNG) implementing the
* default random number algorithm.
*
* ....
*/
public SecureRandom() {
What does "the default random number algorithm" mean?
I suggest we invent some new concepts in a CSR first.
Or, if we simply want to keep the expected behavior, I feel a little uncomfortable to make the "DEFAULT" alias visible to the public. Can we make all these logic internal? Maybe like this?
+ if (p.getName().equals("SUN")) {
+ return SunEntries.DEFAULT; // and assign DEFAULT somewhere in SunEntries
+ }
--Max
> On Aug 7, 2019, at 8:59 AM, Valerie Peng <valerie.peng at oracle.com> wrote:
>
>
> Anyone can help review this fix? SUN provider supports multiple impls of SecureRandom and rely on the ordering of the set returned by Provider.getServices() to choose the most preferred RNG algo for new SecureRandom() calls. Instead of maintaining the ordering, I think it's faster and more robust to use an alias "DEFAULT" to indicate the most preferred RNG algo for SUN provider.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8228613
>
> Webrev: http://cr.openjdk.java.net/~valeriep/8228613/webrev.00/
>
> Thanks,
> Valerie
More information about the security-dev
mailing list