提交 a5090fc4 编写于 作者: V valeriep

7199939: DSA 576 and 640 bit keys fail when initializing for No precomputed parameters

Summary: Fixed initialize(int, SecureRandom) call to not error out when no precomputed params available.
Reviewed-by: vinnie
上级 b2dce4a5
......@@ -82,7 +82,9 @@ implements java.security.interfaces.DSAKeyPairGenerator {
}
public void initialize(int modlen, SecureRandom random) {
initialize(modlen, false, random);
// generate new parameters when no precomputed ones available.
initialize(modlen, true, random);
this.forceNewParameters = false;
}
/**
......
......@@ -116,12 +116,13 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
throw new InvalidAlgorithmParameterException("Invalid parameter");
}
DSAGenParameterSpec dsaGenParams = (DSAGenParameterSpec) genParamSpec;
if (dsaGenParams.getPrimePLength() > 2048) {
int primePLen = dsaGenParams.getPrimePLength();
if (primePLen > 2048) {
throw new InvalidParameterException
("Prime size should be 512 - 1024, or 2048");
("No support for prime size " + primePLen);
}
// directly initialize using the already validated values
this.valueL = dsaGenParams.getPrimePLength();
this.valueL = primePLen;
this.valueN = dsaGenParams.getSubprimeQLength();
this.seedLen = dsaGenParams.getSeedLength();
this.random = random;
......
......@@ -146,9 +146,14 @@ public final class ParameterCache {
InvalidAlgorithmParameterException {
AlgorithmParameterGenerator gen =
AlgorithmParameterGenerator.getInstance("DSA");
DSAGenParameterSpec genParams =
new DSAGenParameterSpec(primeLen, subprimeLen);
gen.init(genParams, random);
// Use init(int size, SecureRandom random) for legacy DSA key sizes
if (primeLen < 1024) {
gen.init(primeLen, random);
} else {
DSAGenParameterSpec genParams =
new DSAGenParameterSpec(primeLen, subprimeLen);
gen.init(genParams, random);
}
AlgorithmParameters params = gen.generateParameters();
DSAParameterSpec spec = params.getParameterSpec(DSAParameterSpec.class);
return spec;
......@@ -159,8 +164,9 @@ public final class ParameterCache {
dsaCache = new ConcurrentHashMap<Integer,DSAParameterSpec>();
/*
* We support precomputed parameter for 512, 768 and 1024 bit
* moduli. In this file we provide both the seed and counter
* We support precomputed parameter for legacy 512, 768 bit moduli,
* and (L, N) combinations of (1024, 160), (2048, 224), (2048, 256).
* In this file we provide both the seed and counter
* value of the generation process for each of these seeds,
* for validation purposes. We also include the test vectors
* from the DSA specification, FIPS 186, and the FIPS 186
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册