[15] RFR JDK-8246613: Choose the default SecureRandom algo based on registration ordering

Lamoureux, Francois francois.lamoureux at rsa.com
Fri Jun 5 12:25:33 UTC 2020

Likewise, planning for the future, should a new JDK property such as "jdk.securerandom.disabledAlgorithms" be implemented, which could impact the value returned from getDefaultSecureRandomAlgorithm() ?


-----Original Message-----
From: security-dev <security-dev-bounces at openjdk.java.net> On Behalf Of Prasadrao Koppula
Sent: Friday, June 5, 2020 1:44 AM
To: Valerie Peng; security-dev at openjdk.java.net
Subject: RE: [15] RFR JDK-8246613: Choose the default SecureRandom algo based on registration ordering



Looks good to me, one question
If first registered SecureRandom algo gets removed, getDefaultSecureRandomAlgorithm return stale data, a refresh required in remove?


>-----Original Message-----
>From: Valerie Peng
>Sent: Friday, June 5, 2020 2:52 AM
>To: security-dev at openjdk.java.net
>Subject: Re: [15] RFR JDK-8246613: Choose the default SecureRandom algo 
>based on registration ordering
>Hi, Sean,
>Thanks for the review and feedback. Webrev updated:
>getTypeAndAlgorithm(...) was not static due to an instance variable 
>used by debugging output. I have removed it and made both method static.
>I will wait for others' review comments also.
>On 6/4/2020 2:01 PM, Sean Mullan wrote:
>> On 6/4/20 3:34 PM, Valerie Peng wrote:
>>> Hi,
>>> Could someone help reviewing this fix? This change keep tracks of 
>>> the first registered SecureRandom algorithm and returns it upon the 
>>> request of SecureRandom class.
>> This looks good to me. I would recommend that Max or someone else 
>> review it as well.
>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8246613
>>> Webrev: http://cr.openjdk.java.net/~valeriep/8246613/webrev.00/
>> A couple of minor comments, feel free to fix or ignore.
>> * SecureRandom.java
>> 879             // For SUN provider, we use 
>> Might as well fix the typo while you are in there: s/DEFF/DEF/
>> * Provider.java
>> 1156     private String parseSecureRandomPut(String name, String
>> value) {
>> Could be static if you also make getTypeAndAlgorithm static, I think.
>> --Sean

More information about the security-dev mailing list