Mercurial > hg > openjdk > jdk8u > jdk
changeset 12876:ddae5cb11d6c jdk8u162-b12
Merge
author | asaha |
---|---|
date | Tue, 19 Dec 2017 15:30:37 -0800 |
parents | 19a5eb7025aa (current diff) 3befcaf2833f (diff) |
children | d201d8b87f48 |
files | .hgtags |
diffstat | 2 files changed, 26 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Fri Dec 15 13:51:10 2017 -0800 +++ b/.hgtags Tue Dec 19 15:30:37 2017 -0800 @@ -833,6 +833,7 @@ 2c4e596e0cc3281fe976d9a730677c0a15113153 jdk8u161-b09 3eaad567db074e4d3df7d4088a4a029ef5ad1179 jdk8u161-b10 8d358ca3cfb813af87aa4bed5a1e7fbb678ea6be jdk8u161-b11 +76f2c555cccab8df114dd6ebb8ed7634c7ce1896 jdk8u161-b12 e03f9868f7df1e3db537f3b61704658e8a9dafb5 jdk8u162-b00 538bdf24383954cd2356e39e8081c2cb3ac27281 jdk8u162-b01 18e0bc77adafd0e5e459e381b6993bb0625b05be jdk8u162-b02
--- a/src/share/classes/sun/security/ssl/HandshakeHash.java Fri Dec 15 13:51:10 2017 -0800 +++ b/src/share/classes/sun/security/ssl/HandshakeHash.java Tue Dec 19 15:30:37 2017 -0800 @@ -104,7 +104,29 @@ * a hash for the certificate verify message is required. */ HandshakeHash(boolean needCertificateVerify) { - clonesNeeded = needCertificateVerify ? 3 : 2; + // We may rework the code later, but for now we use hard-coded number + // of clones if the underlying MessageDigests are not cloneable. + // + // The number used here is based on the current handshake protocols and + // implementation. It may be changed if the handshake processe gets + // changed in the future, for example adding a new extension that + // requires handshake hash. Please be careful about the number of + // clones if additional handshak hash is required in the future. + // + // For the current implementation, the handshake hash is required for + // the following items: + // . CertificateVerify handshake message (optional) + // . client Finished handshake message + // . server Finished Handshake message + // . the extended Master Secret extension [RFC 7627] + // + // Note that a late call to server setNeedClientAuth dose not update + // the number of clones. We may address the issue later. + // + // Note for safe, we allocate one more clone for the current + // implementation. We may consider it more carefully in the future + // for the exactly number or rework the code in a different way. + clonesNeeded = needCertificateVerify ? 5 : 4; } void update(byte[] b, int offset, int len) { @@ -226,7 +248,8 @@ if (finMD != null) return; try { - finMD = CloneableDigest.getDigest(normalizeAlgName(s), 2); + // See comment in the contructor. + finMD = CloneableDigest.getDigest(normalizeAlgName(s), 4); } catch (NoSuchAlgorithmException e) { throw new Error(e); }