7199939: DSA 576 and 640 bit keys fail when initializing for No precomputed parameters
Summary: Fixed initialize(int, SecureRandom) call to not error out when no precomputed params available.
Reviewed-by: vinnie
--- a/jdk/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java Tue Sep 25 11:27:42 2012 -0700
+++ b/jdk/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java Tue Sep 25 11:31:17 2012 -0700
@@ -82,7 +82,9 @@
}
public void initialize(int modlen, SecureRandom random) {
- initialize(modlen, false, random);
+ // generate new parameters when no precomputed ones available.
+ initialize(modlen, true, random);
+ this.forceNewParameters = false;
}
/**
--- a/jdk/src/share/classes/sun/security/provider/DSAParameterGenerator.java Tue Sep 25 11:27:42 2012 -0700
+++ b/jdk/src/share/classes/sun/security/provider/DSAParameterGenerator.java Tue Sep 25 11:31:17 2012 -0700
@@ -116,12 +116,13 @@
throw new InvalidAlgorithmParameterException("Invalid parameter");
}
DSAGenParameterSpec dsaGenParams = (DSAGenParameterSpec) genParamSpec;
- if (dsaGenParams.getPrimePLength() > 2048) {
+ int primePLen = dsaGenParams.getPrimePLength();
+ if (primePLen > 2048) {
throw new InvalidParameterException
- ("Prime size should be 512 - 1024, or 2048");
+ ("No support for prime size " + primePLen);
}
// directly initialize using the already validated values
- this.valueL = dsaGenParams.getPrimePLength();
+ this.valueL = primePLen;
this.valueN = dsaGenParams.getSubprimeQLength();
this.seedLen = dsaGenParams.getSeedLength();
this.random = random;
--- a/jdk/src/share/classes/sun/security/provider/ParameterCache.java Tue Sep 25 11:27:42 2012 -0700
+++ b/jdk/src/share/classes/sun/security/provider/ParameterCache.java Tue Sep 25 11:31:17 2012 -0700
@@ -146,9 +146,14 @@
InvalidAlgorithmParameterException {
AlgorithmParameterGenerator gen =
AlgorithmParameterGenerator.getInstance("DSA");
- DSAGenParameterSpec genParams =
- new DSAGenParameterSpec(primeLen, subprimeLen);
- gen.init(genParams, random);
+ // Use init(int size, SecureRandom random) for legacy DSA key sizes
+ if (primeLen < 1024) {
+ gen.init(primeLen, random);
+ } else {
+ DSAGenParameterSpec genParams =
+ new DSAGenParameterSpec(primeLen, subprimeLen);
+ gen.init(genParams, random);
+ }
AlgorithmParameters params = gen.generateParameters();
DSAParameterSpec spec = params.getParameterSpec(DSAParameterSpec.class);
return spec;
@@ -159,8 +164,9 @@
dsaCache = new ConcurrentHashMap<Integer,DSAParameterSpec>();
/*
- * We support precomputed parameter for 512, 768 and 1024 bit
- * moduli. In this file we provide both the seed and counter
+ * We support precomputed parameter for legacy 512, 768 bit moduli,
+ * and (L, N) combinations of (1024, 160), (2048, 224), (2048, 256).
+ * In this file we provide both the seed and counter
* value of the generation process for each of these seeds,
* for validation purposes. We also include the test vectors
* from the DSA specification, FIPS 186, and the FIPS 186