--- a/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java Wed Dec 17 22:50:37 2008 -0800
+++ b/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java Fri Dec 19 10:35:56 2008 +0800
@@ -1427,6 +1427,10 @@
waitForClose(false);
}
+ // See comment in changeReadCiphers()
+ readCipher.dispose();
+ writeCipher.dispose();
+
// state will be set to cs_CLOSED in the finally block below
break;
@@ -1633,6 +1637,11 @@
* Clean up our side.
*/
closeSocket();
+
+ // See comment in changeReadCiphers()
+ readCipher.dispose();
+ writeCipher.dispose();
+
connectionState = (oldState == cs_APP_CLOSED) ? cs_APP_CLOSED
: cs_CLOSED;
throw closeReason;
@@ -1763,6 +1772,8 @@
// ... create decompressor
+ CipherBox oldCipher = readCipher;
+
try {
readCipher = handshaker.newReadCipher();
readMAC = handshaker.newReadMAC();
@@ -1771,6 +1782,16 @@
throw (SSLException)new SSLException
("Algorithm missing: ").initCause(e);
}
+
+ /*
+ * Dispose of any intermediate state in the underlying cipher.
+ * For PKCS11 ciphers, this will release any attached sessions,
+ * and thus make finalization faster.
+ *
+ * Since MAC's doFinal() is called for every SSL/TLS packet, it's
+ * not necessary to do the same with MAC's.
+ */
+ oldCipher.dispose();
}
// used by Handshaker
@@ -1783,6 +1804,8 @@
// ... create compressor
+ CipherBox oldCipher = writeCipher;
+
try {
writeCipher = handshaker.newWriteCipher();
writeMAC = handshaker.newWriteMAC();
@@ -1791,6 +1814,9 @@
throw (SSLException)new SSLException
("Algorithm missing: ").initCause(e);
}
+
+ // See comment above.
+ oldCipher.dispose();
}
/*