Mercurial > hg > openjdk > jdk6 > jdk
changeset 1774:354f47576b5e
7199939: DSA 576 and 640 bit keys fail when initializing for No precomputed parameters
Summary: Fixed initialize(int, SecureRandom) call to not error out when no precomputed params available.
Reviewed-by: vinnie
author | valeriep |
---|---|
date | Tue, 25 Sep 2012 11:31:17 -0700 |
parents | 3f110fd94e17 |
children | 337a9d9bde72 |
files | src/share/classes/sun/security/provider/DSAKeyPairGenerator.java src/share/classes/sun/security/provider/DSAParameterGenerator.java src/share/classes/sun/security/provider/ParameterCache.java |
diffstat | 3 files changed, 18 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java Mon Jun 27 15:41:15 2016 +0100 +++ b/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java Tue Sep 25 11:31:17 2012 -0700 @@ -83,7 +83,9 @@ } public void initialize(int modlen, SecureRandom random) { - initialize(modlen, false, random); + // generate new parameters when no precomputed ones available. + initialize(modlen, true, random); + this.forceNewParameters = false; } /**
--- a/src/share/classes/sun/security/provider/DSAParameterGenerator.java Mon Jun 27 15:41:15 2016 +0100 +++ b/src/share/classes/sun/security/provider/DSAParameterGenerator.java Tue Sep 25 11:31:17 2012 -0700 @@ -113,12 +113,13 @@ throw new InvalidAlgorithmParameterException("Invalid parameter"); } DSAGenParameterSpec dsaGenParams = (DSAGenParameterSpec)genParamSpec; - if (dsaGenParams.getPrimePLength() > 2048) { + int primePLen = dsaGenParams.getPrimePLength(); + if (primePLen > 2048) { throw new InvalidParameterException - ("Prime size should be 512 - 1024, or 2048"); + ("No support for prime size " + primePLen); } // directly initialize using the already validated values - this.valueL = dsaGenParams.getPrimePLength(); + this.valueL = primePLen; this.valueN = dsaGenParams.getSubprimeQLength(); this.seedLen = dsaGenParams.getSeedLength(); this.random = random;
--- a/src/share/classes/sun/security/provider/ParameterCache.java Mon Jun 27 15:41:15 2016 +0100 +++ b/src/share/classes/sun/security/provider/ParameterCache.java Tue Sep 25 11:31:17 2012 -0700 @@ -148,9 +148,14 @@ InvalidAlgorithmParameterException { AlgorithmParameterGenerator gen = AlgorithmParameterGenerator.getInstance("DSA"); - DSAGenParameterSpec genParams = - new DSAGenParameterSpec(primeLen, subprimeLen); - gen.init(genParams, random); + // Use init(int size, SecureRandom random) for legacy DSA key sizes + if (primeLen < 1024) { + gen.init(primeLen, random); + } else { + DSAGenParameterSpec genParams = + new DSAGenParameterSpec(primeLen, subprimeLen); + gen.init(genParams, random); + } AlgorithmParameters params = gen.generateParameters(); DSAParameterSpec spec = params.getParameterSpec(DSAParameterSpec.class); return spec; @@ -161,8 +166,9 @@ dsaCache = new ConcurrentHashMap<Integer,DSAParameterSpec>(); /* - * We support precomputed parameter for 512, 768 and 1024 bit - * moduli. In this file we provide both the seed and counter + * We support precomputed parameter for legacy 512, 768 bit moduli, + * and (L, N) combinations of (1024, 160), (2048, 224), (2048, 256). + * In this file we provide both the seed and counter * value of the generation process for each of these seeds, * for validation purposes. We also include the test vectors * from the DSA specification, FIPS 186, and the FIPS 186