# HG changeset patch # User valeriep # Date 1348597877 25200 # Node ID 7b3d199dbe40dd89b64aaafe0e2806fa6ebaaefe # Parent 399ff208e0a887390cba1684f55068d592b34fb2 7199939: DSA 576 and 640 bit keys fail when initializing for No precomputed parameters Summary: Fixed initialize(int, SecureRandom) call to not error out when no precomputed params available. Reviewed-by: vinnie diff -r 399ff208e0a8 -r 7b3d199dbe40 src/share/classes/sun/security/provider/DSAKeyPairGenerator.java --- a/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java Wed Nov 22 18:18:48 2017 +0000 +++ b/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java Tue Sep 25 11:31:17 2012 -0700 @@ -82,7 +82,9 @@ } public void initialize(int modlen, SecureRandom random) { - initialize(modlen, false, random); + // generate new parameters when no precomputed ones available. + initialize(modlen, true, random); + this.forceNewParameters = false; } /** diff -r 399ff208e0a8 -r 7b3d199dbe40 src/share/classes/sun/security/provider/DSAParameterGenerator.java --- a/src/share/classes/sun/security/provider/DSAParameterGenerator.java Wed Nov 22 18:18:48 2017 +0000 +++ b/src/share/classes/sun/security/provider/DSAParameterGenerator.java Tue Sep 25 11:31:17 2012 -0700 @@ -117,12 +117,13 @@ throw new InvalidAlgorithmParameterException("Invalid parameter"); } DSAGenParameterSpec dsaGenParams = (DSAGenParameterSpec) genParamSpec; - if (dsaGenParams.getPrimePLength() > 2048) { + int primePLen = dsaGenParams.getPrimePLength(); + if (primePLen > 2048) { throw new InvalidParameterException - ("Prime size should be 512 - 1024, or 2048"); + ("No support for prime size " + primePLen); } // directly initialize using the already validated values - this.valueL = dsaGenParams.getPrimePLength(); + this.valueL = primePLen; this.valueN = dsaGenParams.getSubprimeQLength(); this.seedLen = dsaGenParams.getSeedLength(); this.random = random; diff -r 399ff208e0a8 -r 7b3d199dbe40 src/share/classes/sun/security/provider/ParameterCache.java --- a/src/share/classes/sun/security/provider/ParameterCache.java Wed Nov 22 18:18:48 2017 +0000 +++ b/src/share/classes/sun/security/provider/ParameterCache.java Tue Sep 25 11:31:17 2012 -0700 @@ -148,9 +148,14 @@ InvalidAlgorithmParameterException { AlgorithmParameterGenerator gen = AlgorithmParameterGenerator.getInstance("DSA"); - DSAGenParameterSpec genParams = - new DSAGenParameterSpec(primeLen, subprimeLen); - gen.init(genParams, random); + // Use init(int size, SecureRandom random) for legacy DSA key sizes + if (primeLen < 1024) { + gen.init(primeLen, random); + } else { + DSAGenParameterSpec genParams = + new DSAGenParameterSpec(primeLen, subprimeLen); + gen.init(genParams, random); + } AlgorithmParameters params = gen.generateParameters(); DSAParameterSpec spec = params.getParameterSpec(DSAParameterSpec.class); return spec; @@ -161,8 +166,9 @@ dsaCache = new ConcurrentHashMap(); /* - * We support precomputed parameter for 512, 768 and 1024 bit - * moduli. In this file we provide both the seed and counter + * We support precomputed parameter for legacy 512, 768 bit moduli, + * and (L, N) combinations of (1024, 160), (2048, 224), (2048, 256). + * In this file we provide both the seed and counter * value of the generation process for each of these seeds, * for validation purposes. We also include the test vectors * from the DSA specification, FIPS 186, and the FIPS 186