changeset 5912:4fcbddfd97f0

7199939: DSA 576 and 640 bit keys fail when initializing for No precomputed parameters Summary: Fixed initialize(int, SecureRandom) call to not error out when no precomputed params available. Reviewed-by: vinnie
author valeriep
date Tue, 25 Sep 2012 11:31:17 -0700
parents f0aa997ad78b
children a58585051c4b
files src/share/classes/sun/security/provider/DSAKeyPairGenerator.java src/share/classes/sun/security/provider/DSAParameterGenerator.java src/share/classes/sun/security/provider/ParameterCache.java
diffstat 3 files changed, 18 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java	Tue Sep 25 11:27:42 2012 -0700
+++ b/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java	Tue Sep 25 11:31:17 2012 -0700
@@ -82,7 +82,9 @@
     }
 
     public void initialize(int modlen, SecureRandom random) {
-        initialize(modlen, false, random);
+        // generate new parameters when no precomputed ones available.
+        initialize(modlen, true, random);
+        this.forceNewParameters = false;
     }
 
     /**
--- a/src/share/classes/sun/security/provider/DSAParameterGenerator.java	Tue Sep 25 11:27:42 2012 -0700
+++ b/src/share/classes/sun/security/provider/DSAParameterGenerator.java	Tue Sep 25 11:31:17 2012 -0700
@@ -116,12 +116,13 @@
             throw new InvalidAlgorithmParameterException("Invalid parameter");
         }
         DSAGenParameterSpec dsaGenParams = (DSAGenParameterSpec) genParamSpec;
-        if (dsaGenParams.getPrimePLength() > 2048) {
+        int primePLen = dsaGenParams.getPrimePLength();
+        if (primePLen > 2048) {
             throw new InvalidParameterException
-                ("Prime size should be 512 - 1024, or 2048");
+                ("No support for prime size " + primePLen);
         }
         // directly initialize using the already validated values
-        this.valueL = dsaGenParams.getPrimePLength();
+        this.valueL = primePLen;
         this.valueN = dsaGenParams.getSubprimeQLength();
         this.seedLen = dsaGenParams.getSeedLength();
         this.random = random;
--- a/src/share/classes/sun/security/provider/ParameterCache.java	Tue Sep 25 11:27:42 2012 -0700
+++ b/src/share/classes/sun/security/provider/ParameterCache.java	Tue Sep 25 11:31:17 2012 -0700
@@ -146,9 +146,14 @@
                    InvalidAlgorithmParameterException {
         AlgorithmParameterGenerator gen =
                 AlgorithmParameterGenerator.getInstance("DSA");
-        DSAGenParameterSpec genParams =
-            new DSAGenParameterSpec(primeLen, subprimeLen);
-        gen.init(genParams, random);
+        // Use init(int size, SecureRandom random) for legacy DSA key sizes
+        if (primeLen < 1024) {
+            gen.init(primeLen, random);
+        } else {
+            DSAGenParameterSpec genParams =
+                new DSAGenParameterSpec(primeLen, subprimeLen);
+            gen.init(genParams, random);
+        }
         AlgorithmParameters params = gen.generateParameters();
         DSAParameterSpec spec = params.getParameterSpec(DSAParameterSpec.class);
         return spec;
@@ -159,8 +164,9 @@
         dsaCache = new ConcurrentHashMap<Integer,DSAParameterSpec>();
 
         /*
-         * We support precomputed parameter for 512, 768 and 1024 bit
-         * moduli. In this file we provide both the seed and counter
+         * We support precomputed parameter for legacy 512, 768 bit moduli,
+         * and (L, N) combinations of (1024, 160), (2048, 224), (2048, 256).
+         * In this file we provide both the seed and counter
          * value of the generation process for each of these seeds,
          * for validation purposes. We also include the test vectors
          * from the DSA specification, FIPS 186, and the FIPS 186