RFR: 8329754: The ThreadSafe attribute is ignored for SecureRandom algorithm aliases [v2]
Artur Barashev
duke at openjdk.org
Mon Sep 9 15:22:09 UTC 2024
On Mon, 9 Sep 2024 14:19:02 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Adding more tests for algorithm alias
>
> test/jdk/java/security/SecureRandom/ThreadSafe.java line 77:
>
>> 75: //Bad. Alias of S2, should fail because S2 is marked as ThreadSafe
>> 76: put("alg.Alias.SecureRandom.AliasS2", "S2");
>> 77:
>
> What about an alias for S1? I assume since the attribute is by default false the test will still pass. Just want to see it confirmed again.
>
> Also, please add an alias for S4. Let's see if the test still pass for the new-service-with-an-alias case.
Good idea, added more tests. Alternatively we could re-work the `GetInstance` utility class to store the real algo name, but then we should update all the callers of that class to use the real algorithm and not the (possible) alias name. Not sure how safe it would be, some callers probably use the alias name for logging and debugging.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20916#discussion_r1750463337
More information about the security-dev
mailing list