Mercurial > hg > openjdk > jdk8u > jdk
changeset 12874:76f2c555ccca jdk8u161-b12
8193683: Increase the number of clones in the CloneableDigest
Reviewed-by: wetmore, xuelei, coffeys
Contributed-by: prasadarao.koppula@oracle.com
author | pkoppula |
---|---|
date | Mon, 18 Dec 2017 20:47:55 -0800 |
parents | c8ea457b727c |
children | 3befcaf2833f |
files | src/share/classes/sun/security/ssl/HandshakeHash.java |
diffstat | 1 files changed, 25 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/HandshakeHash.java Fri Dec 15 08:42:48 2017 -0800 +++ b/src/share/classes/sun/security/ssl/HandshakeHash.java Mon Dec 18 20:47:55 2017 -0800 @@ -104,7 +104,29 @@ * a hash for the certificate verify message is required. */ HandshakeHash(boolean needCertificateVerify) { - clonesNeeded = needCertificateVerify ? 3 : 2; + // We may rework the code later, but for now we use hard-coded number + // of clones if the underlying MessageDigests are not cloneable. + // + // The number used here is based on the current handshake protocols and + // implementation. It may be changed if the handshake processe gets + // changed in the future, for example adding a new extension that + // requires handshake hash. Please be careful about the number of + // clones if additional handshak hash is required in the future. + // + // For the current implementation, the handshake hash is required for + // the following items: + // . CertificateVerify handshake message (optional) + // . client Finished handshake message + // . server Finished Handshake message + // . the extended Master Secret extension [RFC 7627] + // + // Note that a late call to server setNeedClientAuth dose not update + // the number of clones. We may address the issue later. + // + // Note for safe, we allocate one more clone for the current + // implementation. We may consider it more carefully in the future + // for the exactly number or rework the code in a different way. + clonesNeeded = needCertificateVerify ? 5 : 4; } void update(byte[] b, int offset, int len) { @@ -226,7 +248,8 @@ if (finMD != null) return; try { - finMD = CloneableDigest.getDigest(normalizeAlgName(s), 2); + // See comment in the contructor. + finMD = CloneableDigest.getDigest(normalizeAlgName(s), 4); } catch (NoSuchAlgorithmException e) { throw new Error(e); }