Mercurial > hg > openjdk > jdk6 > jdk
changeset 1790:1feac981ca93
8193683: Increase the number of clones in the CloneableDigest
Reviewed-by: wetmore, xuelei, coffeys
Contributed-by: prasadarao.koppula@oracle.com
author | pkoppula |
---|---|
date | Mon, 18 Dec 2017 20:47:55 -0800 |
parents | 65141d41e005 |
children | dd2da25352d9 |
files | src/share/classes/sun/security/ssl/HandshakeHash.java |
diffstat | 1 files changed, 23 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/HandshakeHash.java Fri Dec 15 11:45:40 2017 +0000 +++ b/src/share/classes/sun/security/ssl/HandshakeHash.java Mon Dec 18 20:47:55 2017 -0800 @@ -46,7 +46,29 @@ * a hash for the certificate verify message is required. */ HandshakeHash(boolean needCertificateVerify) { - int n = needCertificateVerify ? 3 : 2; + // We may rework the code later, but for now we use hard-coded number + // of clones if the underlying MessageDigests are not cloneable. + // + // The number used here is based on the current handshake protocols and + // implementation. It may be changed if the handshake processe gets + // changed in the future, for example adding a new extension that + // requires handshake hash. Please be careful about the number of + // clones if additional handshak hash is required in the future. + // + // For the current implementation, the handshake hash is required for + // the following items: + // . CertificateVerify handshake message (optional) + // . client Finished handshake message + // . server Finished Handshake message + // . the extended Master Secret extension [RFC 7627] + // + // Note that a late call to server setNeedClientAuth dose not update + // the number of clones. We may address the issue later. + // + // Note for safe, we allocate one more clone for the current + // implementation. We may consider it more carefully in the future + // for the exactly number or rework the code in a different way. + int n = needCertificateVerify ? 5 : 4; try { md5 = CloneableDigest.getDigest("MD5", n); sha = CloneableDigest.getDigest("SHA", n);