From 175d82871efe5610068c0d40f0ae5eee9f7cae69 Mon Sep 17 00:00:00 2001 From: snikandrova Date: Mon, 27 Jun 2016 15:41:15 +0100 Subject: [PATCH] 8147969: Print size of DH keysize when errors are encountered Reviewed-by: coffeys --- .../crypto/provider/DHKeyPairGenerator.java | 28 ++++++++++------- .../crypto/provider/DHParameterGenerator.java | 23 +++++++------- .../security/pkcs11/P11KeyPairGenerator.java | 31 ++++++++++++------- .../sun/security/ssl/ServerHandshaker.java | 6 ++-- 4 files changed, 53 insertions(+), 35 deletions(-) diff --git a/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java b/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java index c71d6ab3f..bd2ba6fb4 100644 --- a/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java +++ b/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java @@ -71,6 +71,17 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi { initialize(1024, null); } + private static void checkKeySize(int keysize) + throws InvalidParameterException { + + if ((keysize < 512) || (keysize > 2048) || ((keysize & 0x3F) != 0)) { + throw new InvalidParameterException( + "DH key size must be multiple of 64, and can only range " + + "from 512 to 2048 (inclusive). " + + "The specific key size " + keysize + " is not supported"); + } + } + /** * Initializes this key pair generator for a certain keysize and source of * randomness. @@ -80,12 +91,8 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi { * @param random the source of randomness */ public void initialize(int keysize, SecureRandom random) { - if ((keysize < 512) || (keysize > 2048) || (keysize % 64 != 0)) { - throw new InvalidParameterException("Keysize must be multiple " - + "of 64, and can only range " - + "from 512 to 2048 " - + "(inclusive)"); - } + checkKeySize(keysize); + this.pSize = keysize; this.lSize = 0; this.random = random; @@ -115,11 +122,10 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi { params = (DHParameterSpec)algParams; pSize = params.getP().bitLength(); - if ((pSize < 512) || (pSize > 2048) || - (pSize % 64 != 0)) { - throw new InvalidAlgorithmParameterException - ("Prime size must be multiple of 64, and can only range " - + "from 512 to 2048 (inclusive)"); + try { + checkKeySize(pSize); + } catch (InvalidParameterException ipe) { + throw new InvalidAlgorithmParameterException(ipe.getMessage()); } // exponent size is optional, could be 0 diff --git a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java index a12e9457b..92d4f6f07 100644 --- a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java +++ b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java @@ -59,12 +59,13 @@ extends AlgorithmParameterGeneratorSpi { private SecureRandom random = null; private static void checkKeySize(int keysize) - throws InvalidAlgorithmParameterException { - if ((keysize != 2048) && + throws InvalidParameterException { + if ((keysize != 2048) && ((keysize < 512) || (keysize > 1024) || (keysize % 64 != 0))) { - throw new InvalidAlgorithmParameterException( - "Keysize must be multiple of 64 ranging from " - + "512 to 1024 (inclusive), or 2048"); + throw new InvalidParameterException( + "DH key size must be multiple of 64 and range " + + "from 512 to 1024 (inclusive), or 2048. " + + "The specific key size " + keysize + " is not supported"); } } @@ -78,11 +79,7 @@ extends AlgorithmParameterGeneratorSpi { */ protected void engineInit(int keysize, SecureRandom random) { // Re-uses DSA parameters and thus have the same range - try { - checkKeySize(keysize); - } catch (InvalidAlgorithmParameterException ex) { - throw new InvalidParameterException(ex.getMessage()); - } + checkKeySize(keysize); this.primeSize = keysize; this.random = random; } @@ -111,7 +108,11 @@ extends AlgorithmParameterGeneratorSpi { primeSize = dhParamSpec.getPrimeSize(); // Re-uses DSA parameters and thus have the same range - checkKeySize(primeSize); + try { + checkKeySize(primeSize); + } catch (InvalidParameterException ipe) { + throw new InvalidAlgorithmParameterException(ipe.getMessage()); + } exponentSize = dhParamSpec.getExponentSize(); if (exponentSize <= 0) { diff --git a/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java b/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java index 4adac8ce4..068f00a65 100644 --- a/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java +++ b/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java @@ -228,29 +228,34 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { // check native range first if ((minKeySize != -1) && (keySize < minKeySize)) { throw new InvalidAlgorithmParameterException(algorithm + - " key must be at least " + minKeySize + " bits"); + " key must be at least " + minKeySize + " bits. " + + "The specific key size " + keySize + " is not supported"); } if ((maxKeySize != -1) && (keySize > maxKeySize)) { throw new InvalidAlgorithmParameterException(algorithm + - " key must be at most " + maxKeySize + " bits"); + " key must be at most " + maxKeySize + " bits. " + + "The specific key size " + keySize + " is not supported"); } // check our own algorithm-specific limits also if (algorithm.equals("EC")) { if (keySize < 112) { - throw new InvalidAlgorithmParameterException - ("Key size must be at least 112 bit"); + throw new InvalidAlgorithmParameterException( + "EC key size must be at least 112 bit. " + + "The specific key size " + keySize + " is not supported"); } if (keySize > 2048) { // sanity check, nobody really wants keys this large - throw new InvalidAlgorithmParameterException - ("Key size must be at most 2048 bit"); + throw new InvalidAlgorithmParameterException( + "EC key size must be at most 2048 bit. " + + "The specific key size " + keySize + " is not supported"); } } else { // RSA, DH, DSA if (keySize < 512) { - throw new InvalidAlgorithmParameterException - ("Key size must be at least 512 bit"); + throw new InvalidAlgorithmParameterException(algorithm + + " key size must be at least 512 bit. " + + "The specific key size " + keySize + " is not supported"); } if (algorithm.equals("RSA")) { BigInteger tmpExponent = rsaPublicExponent; @@ -271,8 +276,10 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { if (algorithm.equals("DH") && (params != null)) { // sanity check, nobody really wants keys this large if (keySize > 64 * 1024) { - throw new InvalidAlgorithmParameterException - ("Key size must be at most 65536 bit"); + throw new InvalidAlgorithmParameterException( + "DH key size must be at most 65536 bit. " + + "The specific key size " + + keySize + " is not supported"); } } else { // this restriction is in the spec for DSA @@ -282,7 +289,9 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { ((keySize > 1024) || ((keySize & 0x3f) != 0))) { throw new InvalidAlgorithmParameterException(algorithm + " key must be multiples of 64 if less than 1024 bits" + - ", or 2048 bits"); + ", or 2048 bits. " + + "The specific key size " + + keySize + " is not supported"); } } } diff --git a/src/share/classes/sun/security/ssl/ServerHandshaker.java b/src/share/classes/sun/security/ssl/ServerHandshaker.java index 9caa64a9c..373dc57ce 100644 --- a/src/share/classes/sun/security/ssl/ServerHandshaker.java +++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java @@ -137,8 +137,10 @@ final class ServerHandshaker extends Handshaker { customizedDHKeySize = Integer.parseUnsignedInt(property); if (customizedDHKeySize < 1024 || customizedDHKeySize > 2048) { throw new IllegalArgumentException( - "Customized DH key size should be positive integer " + - "between 1024 and 2048 bits, inclusive"); + "Unsupported customized DH key size: " + + customizedDHKeySize + ". " + + "The key size can only range from 1024" + + " to 2048 (inclusive)"); } } catch (NumberFormatException nfe) { throw new IllegalArgumentException( -- GitLab