提交 a5090fc4 编写于 作者: V valeriep

7199939: DSA 576 and 640 bit keys fail when initializing for No precomputed parameters

Summary: Fixed initialize(int, SecureRandom) call to not error out when no precomputed params available.
Reviewed-by: vinnie
上级 b2dce4a5
...@@ -82,7 +82,9 @@ implements java.security.interfaces.DSAKeyPairGenerator { ...@@ -82,7 +82,9 @@ implements java.security.interfaces.DSAKeyPairGenerator {
} }
public void initialize(int modlen, SecureRandom random) { public void initialize(int modlen, SecureRandom random) {
initialize(modlen, false, random); // generate new parameters when no precomputed ones available.
initialize(modlen, true, random);
this.forceNewParameters = false;
} }
/** /**
......
...@@ -116,12 +116,13 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { ...@@ -116,12 +116,13 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
throw new InvalidAlgorithmParameterException("Invalid parameter"); throw new InvalidAlgorithmParameterException("Invalid parameter");
} }
DSAGenParameterSpec dsaGenParams = (DSAGenParameterSpec) genParamSpec; DSAGenParameterSpec dsaGenParams = (DSAGenParameterSpec) genParamSpec;
if (dsaGenParams.getPrimePLength() > 2048) { int primePLen = dsaGenParams.getPrimePLength();
if (primePLen > 2048) {
throw new InvalidParameterException throw new InvalidParameterException
("Prime size should be 512 - 1024, or 2048"); ("No support for prime size " + primePLen);
} }
// directly initialize using the already validated values // directly initialize using the already validated values
this.valueL = dsaGenParams.getPrimePLength(); this.valueL = primePLen;
this.valueN = dsaGenParams.getSubprimeQLength(); this.valueN = dsaGenParams.getSubprimeQLength();
this.seedLen = dsaGenParams.getSeedLength(); this.seedLen = dsaGenParams.getSeedLength();
this.random = random; this.random = random;
......
...@@ -146,9 +146,14 @@ public final class ParameterCache { ...@@ -146,9 +146,14 @@ public final class ParameterCache {
InvalidAlgorithmParameterException { InvalidAlgorithmParameterException {
AlgorithmParameterGenerator gen = AlgorithmParameterGenerator gen =
AlgorithmParameterGenerator.getInstance("DSA"); AlgorithmParameterGenerator.getInstance("DSA");
DSAGenParameterSpec genParams = // Use init(int size, SecureRandom random) for legacy DSA key sizes
new DSAGenParameterSpec(primeLen, subprimeLen); if (primeLen < 1024) {
gen.init(genParams, random); gen.init(primeLen, random);
} else {
DSAGenParameterSpec genParams =
new DSAGenParameterSpec(primeLen, subprimeLen);
gen.init(genParams, random);
}
AlgorithmParameters params = gen.generateParameters(); AlgorithmParameters params = gen.generateParameters();
DSAParameterSpec spec = params.getParameterSpec(DSAParameterSpec.class); DSAParameterSpec spec = params.getParameterSpec(DSAParameterSpec.class);
return spec; return spec;
...@@ -159,8 +164,9 @@ public final class ParameterCache { ...@@ -159,8 +164,9 @@ public final class ParameterCache {
dsaCache = new ConcurrentHashMap<Integer,DSAParameterSpec>(); dsaCache = new ConcurrentHashMap<Integer,DSAParameterSpec>();
/* /*
* We support precomputed parameter for 512, 768 and 1024 bit * We support precomputed parameter for legacy 512, 768 bit moduli,
* moduli. In this file we provide both the seed and counter * and (L, N) combinations of (1024, 160), (2048, 224), (2048, 256).
* In this file we provide both the seed and counter
* value of the generation process for each of these seeds, * value of the generation process for each of these seeds,
* for validation purposes. We also include the test vectors * for validation purposes. We also include the test vectors
* from the DSA specification, FIPS 186, and the FIPS 186 * from the DSA specification, FIPS 186, and the FIPS 186
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册