Mercurial > hg > icedtea7-forest-aarch64 > jdk

changeset 8195:d318d83c4e74

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
PR2094, RH1163501: 2048-bit DH upper bound too small for Fedora infrastructure
author andrew
date Mon, 24 Nov 2014 23:28:38 +0000
parents 510e41a26c10
children 3620a98d0295
files src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java
diffstat 3 files changed, 25 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java	Wed Nov 12 21:21:39 2014 +0000
+++ b/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java	Mon Nov 24 23:28:38 2014 +0000
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014 Red Hat Inc.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -80,10 +81,10 @@
      * @param random the source of randomness
      */
     public void initialize(int keysize, SecureRandom random) {
-        if ((keysize < 512) || (keysize > 2048) || (keysize % 64 != 0)) {
+        if ((keysize < 512) || (keysize > 4096) || (keysize % 64 != 0)) {
             throw new InvalidParameterException("Keysize must be multiple "
                                                 + "of 64, and can only range "
-                                                + "from 512 to 2048 "
+                                                + "from 512 to 4096 "
                                                 + "(inclusive)");
         }
         this.pSize = keysize;
@@ -115,11 +116,11 @@
 
         params = (DHParameterSpec)algParams;
         pSize = params.getP().bitLength();
-        if ((pSize < 512) || (pSize > 2048) ||
+        if ((pSize < 512) || (pSize > 4096) ||
             (pSize % 64 != 0)) {
             throw new InvalidAlgorithmParameterException
                 ("Prime size must be multiple of 64, and can only range "
-                 + "from 512 to 2048 (inclusive)");
+                 + "from 512 to 4096 (inclusive)");
         }
 
         // exponent size is optional, could be 0
--- a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java	Wed Nov 12 21:21:39 2014 +0000
+++ b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java	Mon Nov 24 23:28:38 2014 +0000
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014 Red Hat Inc.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -68,10 +69,10 @@
      * @param random the source of randomness
      */
     protected void engineInit(int keysize, SecureRandom random) {
-        if ((keysize < 512) || (keysize > 2048) || (keysize % 64 != 0)) {
+        if ((keysize < 512) || (keysize > 4096) || (keysize % 64 != 0)) {
             throw new InvalidParameterException("Keysize must be multiple "
                                                 + "of 64, and can only range "
-                                                + "from 512 to 2048 "
+                                                + "from 512 to 4096 "
                                                 + "(inclusive)");
         }
         this.primeSize = keysize;
@@ -100,10 +101,10 @@
             DHGenParameterSpec dhParamSpec = (DHGenParameterSpec)genParamSpec;
 
             primeSize = dhParamSpec.getPrimeSize();
-            if ((primeSize<512) || (primeSize>2048) || (primeSize%64 != 0)) {
+            if ((primeSize<512) || (primeSize>4096) || (primeSize%64 != 0)) {
                 throw new InvalidAlgorithmParameterException
                     ("Modulus size must be multiple of 64, and can only range "
-                     + "from 512 to 2048 (inclusive)");
+                     + "from 512 to 4096 (inclusive)");
             }
 
             exponentSize = dhParamSpec.getExponentSize();
--- a/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java	Wed Nov 12 21:21:39 2014 +0000
+++ b/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java	Mon Nov 24 23:28:38 2014 +0000
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014 Red Hat Inc.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -58,7 +59,7 @@
      */
     private enum Sizes {
         two56(256), three84(384), five12(512), seven68(768), ten24(1024),
-        twenty48(2048);
+        twenty48(2048), forty96(4096);
 
         private final int intSize;
         private final BigInteger bigIntValue;
@@ -130,6 +131,19 @@
         kp = kpg.generateKeyPair();
         checkKeyPair(kp, Sizes.twenty48, Sizes.five12);
 
+        kpg.initialize(Sizes.forty96.getIntSize());
+        kp = kpg.generateKeyPair();
+        checkKeyPair(kp, Sizes.forty96, Sizes.twenty48);
+
+        publicKey = (DHPublicKey)kp.getPublic();
+        p = publicKey.getParams().getP();
+        g = publicKey.getParams().getG();
+
+        // test w/ all values specified
+        kpg.initialize(new DHParameterSpec(p, g, Sizes.ten24.getIntSize()));
+        kp = kpg.generateKeyPair();
+        checkKeyPair(kp, Sizes.forty96, Sizes.ten24);
+
         System.out.println("OK");
     }