[15] RFR JDK-8246613: Choose the default SecureRandom algo based on registration ordering
Lamoureux, Francois
francois.lamoureux at rsa.com
Fri Jun 5 12:25:33 UTC 2020
Likewise, planning for the future, should a new JDK property such as "jdk.securerandom.disabledAlgorithms" be implemented, which could impact the value returned from getDefaultSecureRandomAlgorithm() ?
Thanks,
François
-----Original Message-----
From: security-dev <security-dev-bounces at openjdk.java.net> On Behalf Of Prasadrao Koppula
Sent: Friday, June 5, 2020 1:44 AM
To: Valerie Peng; security-dev at openjdk.java.net
Subject: RE: [15] RFR JDK-8246613: Choose the default SecureRandom algo based on registration ordering
[EXTERNAL EMAIL]
Hi,
Looks good to me, one question
If first registered SecureRandom algo gets removed, getDefaultSecureRandomAlgorithm return stale data, a refresh required in remove?
Thanks,
Prasad.K
>-----Original Message-----
>From: Valerie Peng
>Sent: Friday, June 5, 2020 2:52 AM
>To: security-dev at openjdk.java.net
>Subject: Re: [15] RFR JDK-8246613: Choose the default SecureRandom algo
>based on registration ordering
>
>Hi, Sean,
>
>Thanks for the review and feedback. Webrev updated:
>http://cr.openjdk.java.net/~valeriep/8246613/webrev.01/
>
>getTypeAndAlgorithm(...) was not static due to an instance variable
>used by debugging output. I have removed it and made both method static.
>
>I will wait for others' review comments also.
>
>Thanks,
>Valerie
>On 6/4/2020 2:01 PM, Sean Mullan wrote:
>> On 6/4/20 3:34 PM, Valerie Peng wrote:
>>> Hi,
>>>
>>> Could someone help reviewing this fix? This change keep tracks of
>>> the first registered SecureRandom algorithm and returns it upon the
>>> request of SecureRandom class.
>>
>> This looks good to me. I would recommend that Max or someone else
>> review it as well.
>>
>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8246613
>>>
>>> Webrev: http://cr.openjdk.java.net/~valeriep/8246613/webrev.00/
>>
>> A couple of minor comments, feel free to fix or ignore.
>>
>> * SecureRandom.java
>>
>> 879 // For SUN provider, we use
>> SunEntries.DEFF_SECURE_RANDOM_ALGO
>>
>> Might as well fix the typo while you are in there: s/DEFF/DEF/
>>
>> * Provider.java
>>
>> 1156 private String parseSecureRandomPut(String name, String
>> value) {
>>
>> Could be static if you also make getTypeAndAlgorithm static, I think.
>>
>> --Sean
More information about the security-dev
mailing list