8147969: Print size of DH keysize when errors are encountered

Reviewed-by: coffeys

8147969: Print size of DH keysize when errors are encountered
Reviewed-by: coffeys
175d8287 · snikandrova · 04c10641 · 175d8287 · 175d8287 · 175d8287
4 changed file
--- a/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java
+++ b/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java
@@ -71,6 +71,17 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi {
        initialize(1024, null);
    }
+    private static void checkKeySize(int keysize)
+            throws InvalidParameterException {
+        if ((keysize < 512) || (keysize > 2048) || ((keysize & 0x3F) != 0)) {
+            throw new InvalidParameterException(
+                    "DH key size must be multiple of 64, and can only range " +
+                    "from 512 to 2048 (inclusive). " +
+                    "The specific key size " + keysize + " is not supported");
+        }
+    }
    /**
     * Initializes this key pair generator for a certain keysize and source of
     * randomness.
@@ -80,12 +91,8 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi {
     * @param random the source of randomness
     */
    public void initialize(int keysize, SecureRandom random) {
-        if ((keysize < 512) || (keysize > 2048) || (keysize % 64 != 0)) {
+        checkKeySize(keysize);
-            throw new InvalidParameterException("Keysize must be multiple "
-                                                + "of 64, and can only range "
-                                                + "from 512 to 2048 "
-                                                + "(inclusive)");
-        }
        this.pSize = keysize;
        this.lSize = 0;
        this.random = random;
@@ -115,11 +122,10 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi {
        params = (DHParameterSpec)algParams;
        pSize = params.getP().bitLength();
-        if ((pSize < 512) || (pSize > 2048) ||
+        try {
-            (pSize % 64 != 0)) {
+            checkKeySize(pSize);
-            throw new InvalidAlgorithmParameterException
+        } catch (InvalidParameterException ipe) {
-                ("Prime size must be multiple of 64, and can only range "
+            throw new InvalidAlgorithmParameterException(ipe.getMessage());
-                 + "from 512 to 2048 (inclusive)");
        }
        // exponent size is optional, could be 0

--- a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java
+++ b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java
@@ -59,12 +59,13 @@ extends AlgorithmParameterGeneratorSpi {
    private SecureRandom random = null;
    private static void checkKeySize(int keysize)
-        throws InvalidAlgorithmParameterException {
+            throws InvalidParameterException {
            if ((keysize != 2048) &&
            ((keysize < 512) || (keysize > 1024) || (keysize % 64 != 0))) {
-            throw new InvalidAlgorithmParameterException(
+            throw new InvalidParameterException(
-                "Keysize must be multiple of 64 ranging from "
+                    "DH key size must be multiple of 64 and range " +
-                + "512 to 1024 (inclusive), or 2048");
+                    "from 512 to 1024 (inclusive), or 2048. " +
+                    "The specific key size " + keysize + " is not supported");
        }
    }
@@ -78,11 +79,7 @@ extends AlgorithmParameterGeneratorSpi {
     */
    protected void engineInit(int keysize, SecureRandom random) {
        // Re-uses DSA parameters and thus have the same range
-        try {
        checkKeySize(keysize);
-        } catch (InvalidAlgorithmParameterException ex) {
-            throw new InvalidParameterException(ex.getMessage());
-        }
        this.primeSize = keysize;
        this.random = random;
    }
@@ -111,7 +108,11 @@ extends AlgorithmParameterGeneratorSpi {
        primeSize = dhParamSpec.getPrimeSize();
        // Re-uses DSA parameters and thus have the same range
+        try {
            checkKeySize(primeSize);
+        } catch (InvalidParameterException ipe) {
+            throw new InvalidAlgorithmParameterException(ipe.getMessage());
+        }
        exponentSize = dhParamSpec.getExponentSize();
        if (exponentSize <= 0) {

--- a/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java
+++ b/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java
@@ -228,29 +228,34 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
        // check native range first
        if ((minKeySize != -1) && (keySize < minKeySize)) {
            throw new InvalidAlgorithmParameterException(algorithm +
-                " key must be at least " + minKeySize + " bits");
+                " key must be at least " + minKeySize + " bits. " +
+                "The specific key size " + keySize + " is not supported");
        }
        if ((maxKeySize != -1) && (keySize > maxKeySize)) {
            throw new InvalidAlgorithmParameterException(algorithm +
-                " key must be at most " + maxKeySize + " bits");
+                " key must be at most " + maxKeySize + " bits. " +
+                "The specific key size " + keySize + " is not supported");
        }
        // check our own algorithm-specific limits also
        if (algorithm.equals("EC")) {
            if (keySize < 112) {
-                throw new InvalidAlgorithmParameterException
+                    throw new InvalidAlgorithmParameterException(
-                    ("Key size must be at least 112 bit");
+                    "EC key size must be at least 112 bit. " +
+                    "The specific key size " + keySize + " is not supported");
            }
            if (keySize > 2048) {
                // sanity check, nobody really wants keys this large
-                throw new InvalidAlgorithmParameterException
+                throw new InvalidAlgorithmParameterException(
-                    ("Key size must be at most 2048 bit");
+                    "EC key size must be at most 2048 bit. " +
+                    "The specific key size " + keySize + " is not supported");
            }
        } else {
            // RSA, DH, DSA
            if (keySize < 512) {
-                throw new InvalidAlgorithmParameterException
+                throw new InvalidAlgorithmParameterException(algorithm +
-                    ("Key size must be at least 512 bit");
+                    " key size must be at least 512 bit. " +
+                    "The specific key size " + keySize + " is not supported");
            }
            if (algorithm.equals("RSA")) {
                BigInteger tmpExponent = rsaPublicExponent;
@@ -271,8 +276,10 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
                if (algorithm.equals("DH") && (params != null)) {
                    // sanity check, nobody really wants keys this large
                    if (keySize > 64 * 1024) {
-                        throw new InvalidAlgorithmParameterException
+                        throw new InvalidAlgorithmParameterException(
-                            ("Key size must be at most 65536 bit");
+                            "DH key size must be at most 65536 bit. " +
+                            "The specific key size " +
+                            keySize + " is not supported");
                    }
                } else {
                    // this restriction is in the spec for DSA
@@ -282,7 +289,9 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
                        ((keySize > 1024) || ((keySize & 0x3f) != 0))) {
                        throw new InvalidAlgorithmParameterException(algorithm +
                            " key must be multiples of 64 if less than 1024 bits" +
-                            ", or 2048 bits");
+                            ", or 2048 bits. " +
+                            "The specific key size " +
+                            keySize + " is not supported");
                    }
                }
            }

--- a/src/share/classes/sun/security/ssl/ServerHandshaker.java
+++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java
@@ -137,8 +137,10 @@ final class ServerHandshaker extends Handshaker {
                customizedDHKeySize = Integer.parseUnsignedInt(property);
                if (customizedDHKeySize < 1024 || customizedDHKeySize > 2048) {
                    throw new IllegalArgumentException(
-                        "Customized DH key size should be positive integer " +
+                        "Unsupported customized DH key size: " +
-                        "between 1024 and 2048 bits, inclusive");
+                        customizedDHKeySize + ". " +
+                        "The key size can only range from 1024" +
+                        " to 2048 (inclusive)");
                }
            } catch (NumberFormatException nfe) {
                throw new IllegalArgumentException(