Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8157308

Make AbstractDrbg non-Serializable

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P4 P4
    • 9
    • 9
    • security-libs
    • None

      SecureRandomSpi is serializable and DRBG saves quite a lot of fields in its serialized form. If the serialized data is corrupted, unexpected error will occur when it's deserialized or used.

      We can make it simpler by only store the parameters in the serialized data. In fact, AbstractDrbg does not need to implement SecureRandomSpi at all.

            weijun Weijun Wang
            weijun Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: