> On Jun 3, 2016, at 10:02 PM, Sean Mullan <sean.mul...@oracle.com> wrote: > > On 06/03/2016 02:12 AM, Wang Weijun wrote: >> Webrev updated at >> >> http://cr.openjdk.java.net/~weijun/8157308/webrev.01/ >> >> AbstractDrbg is an internal class so I have to patch the JDK itself. > > Hmm, ok, but why didn't you need to do that for the previous version of this > test?
The reason is that the SecureRandomSpi implementation S needs to call impl.engineNextBytes() and this engineNextBytes method is not public. Before this change, there is no need to add this layer because AbstractDrbg itself is a SecureRandomSpi. Therefore, just like DRBG.java, S needs to be put in the same package as AbstractDrbg to be able to call the method. --Max > > --Sean > >> >> Thanks >> Max >> >>> On Jun 3, 2016, at 12:09 AM, Sean Mullan <sean.mul...@oracle.com> wrote: >>> >>> For the test/sun/security/provider/SecureRandom/AbstractDrbgSpec.java that >>> was removed, are you still getting adequate test coverage somewhere else on >>> the SecureRandom API tests this test was checking? >>> >>> Otherwise this looks good, though may I suggest you adjust the bug synopsis >>> to be less generic? How about: "Make AbstractDrbg non-Serializable". >>> >>> --Sean >>> >>> On 05/23/2016 06:39 PM, Wang Weijun wrote: >>>> Ping again. >>>> >>>>> 在 2016年5月19日,16:21,Wang Weijun <weijun.w...@oracle.com> 写道: >>>>> >>>>> Please take a review at >>>>> >>>>> http://cr.openjdk.java.net/~weijun/8157308/webrev.00/ >>>>> >>>>> Now that DRBG does not save any internal state during >>>>> serialization, all DRBG implementations (HashDrbg, HmacDrbg, >>>>> CtrDrbg) still extends SecureRandomSpi and contain quite some >>>>> @serial fields. If some of them is corrupted a deserialized DRBG >>>>> may run expectedly, it also prevents class evolution. >>>>> >>>>> The fix is to make AbstractDrbg no more a SecureRandomSpi child so >>>>> no more serializable. DRBG is still a SecureRandomSpi child and its >>>>> only @serial field is MoreDrbgParameters mdp. MoreDrbgParamaters is >>>>> also made serializable. >>>>> >>>>> One new test is added. Since AbstractDrbg is no longer a >>>>> SecureRandomSpi, its child class can no longer be registered in a >>>>> SecureRandom provider, and the AbstractDrbgSpec.java test is >>>>> removed. >>>>> >>>>> Thanks Max >>>>> >>>> >>