For the test/sun/security/provider/SecureRandom/AbstractDrbgSpec.java
that was removed, are you still getting adequate test coverage somewhere
else on the SecureRandom API tests this test was checking?
Otherwise this looks good, though may I suggest you adjust the bug
synopsis to be less generic? How about: "Make AbstractDrbg
non-Serializable".
--Sean
On 05/23/2016 06:39 PM, Wang Weijun wrote:
Ping again.
在 2016年5月19日,16:21,Wang Weijun <weijun.w...@oracle.com> 写道:
Please take a review at
http://cr.openjdk.java.net/~weijun/8157308/webrev.00/
Now that DRBG does not save any internal state during
serialization, all DRBG implementations (HashDrbg, HmacDrbg,
CtrDrbg) still extends SecureRandomSpi and contain quite some
@serial fields. If some of them is corrupted a deserialized DRBG
may run expectedly, it also prevents class evolution.
The fix is to make AbstractDrbg no more a SecureRandomSpi child so
no more serializable. DRBG is still a SecureRandomSpi child and its
only @serial field is MoreDrbgParameters mdp. MoreDrbgParamaters is
also made serializable.
One new test is added. Since AbstractDrbg is no longer a
SecureRandomSpi, its child class can no longer be registered in a
SecureRandom provider, and the AbstractDrbgSpec.java test is
removed.
Thanks Max
