Mercurial > hg > openjdk > jdk6 > jdk
changeset 1773:3f110fd94e17
8147969: Print size of DH keysize when errors are encountered
Reviewed-by: coffeys
| author | snikandrova |
|---|---|
| date | Mon, 27 Jun 2016 15:41:15 +0100 |
| parents | 8e761917a52c |
| children | 354f47576b5e |
| files | src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java src/share/classes/sun/security/ssl/ServerHandshaker.java |
| diffstat | 4 files changed, 53 insertions(+), 35 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java Tue Oct 08 11:07:31 2013 -0700 +++ b/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java Mon Jun 27 15:41:15 2016 +0100 @@ -71,6 +71,17 @@ initialize(DEF_DH_KEY_SIZE, null); } + private static void checkKeySize(int keysize) + throws InvalidParameterException { + + if ((keysize < 512) || (keysize > 2048) || ((keysize & 0x3F) != 0)) { + throw new InvalidParameterException( + "DH key size must be multiple of 64, and can only range " + + "from 512 to 2048 (inclusive). " + + "The specific key size " + keysize + " is not supported"); + } + } + /** * Initializes this key pair generator for a certain keysize and source of * randomness. @@ -80,12 +91,8 @@ * @param random the source of randomness */ public void initialize(int keysize, SecureRandom random) { - if ((keysize < 512) || (keysize > 2048) || (keysize % 64 != 0)) { - throw new InvalidParameterException("Keysize must be multiple " - + "of 64, and can only range " - + "from 512 to 2048 " - + "(inclusive)"); - } + checkKeySize(keysize); + this.pSize = keysize; this.lSize = 0; this.random = random; @@ -115,11 +122,10 @@ params = (DHParameterSpec)algParams; pSize = params.getP().bitLength(); - if ((pSize < 512) || (pSize > 2048) || - (pSize % 64 != 0)) { - throw new InvalidAlgorithmParameterException - ("Prime size must be multiple of 64, and can only range " - + "from 512 to 2048 (inclusive)"); + try { + checkKeySize(pSize); + } catch (InvalidParameterException ipe) { + throw new InvalidAlgorithmParameterException(ipe.getMessage()); } // exponent size is optional, could be 0
--- a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java Tue Oct 08 11:07:31 2013 -0700 +++ b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java Mon Jun 27 15:41:15 2016 +0100 @@ -60,12 +60,13 @@ private SecureRandom random = null; private static void checkKeySize(int keysize) - throws InvalidAlgorithmParameterException { - if ((keysize != 2048) && + throws InvalidParameterException { + if ((keysize != 2048) && ((keysize < 512) || (keysize > 1024) || (keysize % 64 != 0))) { - throw new InvalidAlgorithmParameterException( - "Keysize must be multiple of 64 ranging from " - + "512 to 1024 (inclusive), or 2048"); + throw new InvalidParameterException( + "DH key size must be multiple of 64 and range " + + "from 512 to 1024 (inclusive), or 2048. " + + "The specific key size " + keysize + " is not supported"); } } @@ -79,11 +80,7 @@ */ protected void engineInit(int keysize, SecureRandom random) { // Re-uses DSA parameters and thus have the same range - try { - checkKeySize(keysize); - } catch (InvalidAlgorithmParameterException ex) { - throw new InvalidParameterException(ex.getMessage()); - } + checkKeySize(keysize); this.primeSize = keysize; this.random = random; } @@ -112,7 +109,11 @@ primeSize = dhParamSpec.getPrimeSize(); // Re-uses DSA parameters and thus have the same range - checkKeySize(primeSize); + try { + checkKeySize(primeSize); + } catch (InvalidParameterException ipe) { + throw new InvalidAlgorithmParameterException(ipe.getMessage()); + } exponentSize = dhParamSpec.getExponentSize(); if (exponentSize <= 0) {
--- a/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java Tue Oct 08 11:07:31 2013 -0700 +++ b/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java Mon Jun 27 15:41:15 2016 +0100 @@ -240,29 +240,34 @@ // check native range first if ((minKeySize != -1) && (keySize < minKeySize)) { throw new InvalidAlgorithmParameterException(algorithm + - " key must be at least " + minKeySize + " bits"); + " key must be at least " + minKeySize + " bits. " + + "The specific key size " + keySize + " is not supported"); } if ((maxKeySize != -1) && (keySize > maxKeySize)) { throw new InvalidAlgorithmParameterException(algorithm + - " key must be at most " + maxKeySize + " bits"); + " key must be at most " + maxKeySize + " bits. " + + "The specific key size " + keySize + " is not supported"); } // check our own algorithm-specific limits also if (algorithm.equals("EC")) { if (keySize < 112) { - throw new InvalidAlgorithmParameterException - ("Key size must be at least 112 bit"); + throw new InvalidAlgorithmParameterException( + "EC key size must be at least 112 bit. " + + "The specific key size " + keySize + " is not supported"); } if (keySize > 2048) { // sanity check, nobody really wants keys this large - throw new InvalidAlgorithmParameterException - ("Key size must be at most 2048 bit"); + throw new InvalidAlgorithmParameterException( + "EC key size must be at most 2048 bit. " + + "The specific key size " + keySize + " is not supported"); } } else { // RSA, DH, DSA if (keySize < 512) { - throw new InvalidAlgorithmParameterException - ("Key size must be at least 512 bit"); + throw new InvalidAlgorithmParameterException(algorithm + + " key size must be at least 512 bit. " + + "The specific key size " + keySize + " is not supported"); } if (algorithm.equals("RSA")) { BigInteger tmpExponent = rsaPublicExponent; @@ -283,8 +288,10 @@ if (algorithm.equals("DH") && (params != null)) { // sanity check, nobody really wants keys this large if (keySize > 64 * 1024) { - throw new InvalidAlgorithmParameterException - ("Key size must be at most 65536 bit"); + throw new InvalidAlgorithmParameterException( + "DH key size must be at most 65536 bit. " + + "The specific key size " + + keySize + " is not supported"); } } else { // this restriction is in the spec for DSA @@ -294,7 +301,9 @@ ((keySize > 1024) || ((keySize & 0x3f) != 0))) { throw new InvalidAlgorithmParameterException(algorithm + " key must be multiples of 64 if less than 1024 bits" + - ", or 2048 bits"); + ", or 2048 bits. " + + "The specific key size " + + keySize + " is not supported"); } } }
--- a/src/share/classes/sun/security/ssl/ServerHandshaker.java Tue Oct 08 11:07:31 2013 -0700 +++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java Mon Jun 27 15:41:15 2016 +0100 @@ -143,8 +143,10 @@ customizedDHKeySize = parseUnsignedInt(property); if (customizedDHKeySize < 1024 || customizedDHKeySize > 2048) { throw new IllegalArgumentException( - "Customized DH key size should be positive integer " + - "between 1024 and 2048 bits, inclusive"); + "Unsupported customized DH key size: " + + customizedDHKeySize + ". " + + "The key size can only range from 1024" + + " to 2048 (inclusive)"); } } catch (NumberFormatException nfe) { throw new IllegalArgumentException(