Webrev updated at http://cr.openjdk.java.net/~weijun/8157308/webrev.01/
AbstractDrbg is an internal class so I have to patch the JDK itself. Thanks Max > On Jun 3, 2016, at 12:09 AM, Sean Mullan <sean.mul...@oracle.com> wrote: > > For the test/sun/security/provider/SecureRandom/AbstractDrbgSpec.java that > was removed, are you still getting adequate test coverage somewhere else on > the SecureRandom API tests this test was checking? > > Otherwise this looks good, though may I suggest you adjust the bug synopsis > to be less generic? How about: "Make AbstractDrbg non-Serializable". > > --Sean > > On 05/23/2016 06:39 PM, Wang Weijun wrote: >> Ping again. >> >>> 在 2016年5月19日,16:21,Wang Weijun <weijun.w...@oracle.com> 写道: >>> >>> Please take a review at >>> >>> http://cr.openjdk.java.net/~weijun/8157308/webrev.00/ >>> >>> Now that DRBG does not save any internal state during >>> serialization, all DRBG implementations (HashDrbg, HmacDrbg, >>> CtrDrbg) still extends SecureRandomSpi and contain quite some >>> @serial fields. If some of them is corrupted a deserialized DRBG >>> may run expectedly, it also prevents class evolution. >>> >>> The fix is to make AbstractDrbg no more a SecureRandomSpi child so >>> no more serializable. DRBG is still a SecureRandomSpi child and its >>> only @serial field is MoreDrbgParameters mdp. MoreDrbgParamaters is >>> also made serializable. >>> >>> One new test is added. Since AbstractDrbg is no longer a >>> SecureRandomSpi, its child class can no longer be registered in a >>> SecureRandom provider, and the AbstractDrbgSpec.java test is >>> removed. >>> >>> Thanks Max >>> >>