> On Apr 20, 2016, at 12:00 PM, Wang Weijun <weijun.w...@oracle.com> wrote: > >> src/java.base/share/classes/sun/security/provider/AbstractDrbg.java >> =================================================================== >> line 66-68: My understanding is that ... >> >> I would suggest rewords or remove this sentence. "Not used much" does >> not mean needing no synchronization. > > Of course. > > Precisely engineNextBytes() should synchronize on both states and > configuration, and engineGenerateSeed() should synchronize only on > configuration. But since engineGenerateSeed() is not used a lot, I don't > think it's not worth coding it with a special synchronize(configuration) so > both now just synchronize on "this". > >> As you have add synchronized >> keyword for engineGenerateSeed, I may suggest you remove lines 63-68, >> and move 57-61 to class description. > > I'll move 57-61 to class description, and would like to keep 63-68 there, and > update the words "does not need to be synchronized" to "does not need to be > synchronized on the internal states".
I rethink about this and decide to make a big change. Instead of from its own entropy source (in most cases just another DRBG), AbstractDrbg#engineGenerateSeed will read from SeedGenerator (the ultimate entropy source of all DRBGs) directly. Thus it is totally unrelated to this DRBG and the synchronized modifier will be removed. 63-68 will go too. This is modeled after SHA1PRNG. Thanks Max
