-
Bug
-
Resolution: Fixed
-
P3
-
5.0
-
b08
-
x86
-
windows_xp
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2123698 | 5.0u4 | Andreas Sterbenz | P3 | Resolved | Fixed | b03 |
Name: js151677 Date: 07/26/2004
FULL PRODUCT VERSION :
java version "1.5.0-beta3"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-beta3-b58)
Java HotSpot(TM) Client VM (build 1.5.0-beta3-b58, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Windows XP SP1
Windows 2000 SP4
A DESCRIPTION OF THE PROBLEM :
When using Java 1.5 if an RSA keypair is generated it has one less bit than requested, ie if a 512 bit keypair is requestedthen sometimes a 511 bit keypair is generated. There is no pattern to this - it affects all key sizes I have tried approximately 1 in 3 times.
This problem did not exist in Java 1.4.2.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
I have included source that will replicate the problem.
REPRODUCIBILITY :
This bug can be reproduced often.
---------- BEGIN SOURCE ----------
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
/**
* Class to prove RSA keysize bug in Java 1.5.
*
* @author Wayne Grant
*/
public class RsaBug extends Object
{
public static void main(String[] sArgs)
{
try
{
for (int iCnt=0; iCnt < 10; iCnt++)
{
int iKeyPairSize = 512;
System.out.println("Generating " + iKeyPairSize + " bit RSA key pair");
// Generate RSA keypair
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
SecureRandom rand = SecureRandom.getInstance("SHA1PRNG");
keyPairGen.initialize(iKeyPairSize, rand);
KeyPair keyPair = keyPairGen.generateKeyPair();
// Get priavte and public keys
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
// Get keysize (modulus) of keys
KeyFactory keyFact = KeyFactory.getInstance("RSA");
RSAPrivateKeySpec privateKeySpec = (RSAPrivateKeySpec)keyFact.getKeySpec(privateKey, RSAPrivateKeySpec.class);
BigInteger privateModulus = privateKeySpec.getModulus();
int iPrivateKeySize = privateModulus.toString(2).length();
RSAPublicKeySpec publicKeySpec = (RSAPublicKeySpec)keyFact.getKeySpec(publicKey, RSAPublicKeySpec.class);
BigInteger publicModulus = publicKeySpec.getModulus();
int iPublicKeySize = publicModulus.toString(2).length();
System.out.println("Generated a " + iPrivateKeySize + " bit RSA private key");
System.out.println("Generated a " + iPublicKeySize + " bit RSA public key");
if ((iKeyPairSize != iPublicKeySize) || (iKeyPairSize != iPrivateKeySize))
{
System.out.println("Failure!");
break;
}
}
}
catch (Exception ex)
{
ex.printStackTrace();
}
}
}
---------- END SOURCE ----------
Release Regression From : 1.4.2_04
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
(Incident Review ID: 289826)
======================================================================
###@###.### 10/8/04 16:16 GMT
FULL PRODUCT VERSION :
java version "1.5.0-beta3"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-beta3-b58)
Java HotSpot(TM) Client VM (build 1.5.0-beta3-b58, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Windows XP SP1
Windows 2000 SP4
A DESCRIPTION OF THE PROBLEM :
When using Java 1.5 if an RSA keypair is generated it has one less bit than requested, ie if a 512 bit keypair is requestedthen sometimes a 511 bit keypair is generated. There is no pattern to this - it affects all key sizes I have tried approximately 1 in 3 times.
This problem did not exist in Java 1.4.2.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
I have included source that will replicate the problem.
REPRODUCIBILITY :
This bug can be reproduced often.
---------- BEGIN SOURCE ----------
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
/**
* Class to prove RSA keysize bug in Java 1.5.
*
* @author Wayne Grant
*/
public class RsaBug extends Object
{
public static void main(String[] sArgs)
{
try
{
for (int iCnt=0; iCnt < 10; iCnt++)
{
int iKeyPairSize = 512;
System.out.println("Generating " + iKeyPairSize + " bit RSA key pair");
// Generate RSA keypair
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
SecureRandom rand = SecureRandom.getInstance("SHA1PRNG");
keyPairGen.initialize(iKeyPairSize, rand);
KeyPair keyPair = keyPairGen.generateKeyPair();
// Get priavte and public keys
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
// Get keysize (modulus) of keys
KeyFactory keyFact = KeyFactory.getInstance("RSA");
RSAPrivateKeySpec privateKeySpec = (RSAPrivateKeySpec)keyFact.getKeySpec(privateKey, RSAPrivateKeySpec.class);
BigInteger privateModulus = privateKeySpec.getModulus();
int iPrivateKeySize = privateModulus.toString(2).length();
RSAPublicKeySpec publicKeySpec = (RSAPublicKeySpec)keyFact.getKeySpec(publicKey, RSAPublicKeySpec.class);
BigInteger publicModulus = publicKeySpec.getModulus();
int iPublicKeySize = publicModulus.toString(2).length();
System.out.println("Generated a " + iPrivateKeySize + " bit RSA private key");
System.out.println("Generated a " + iPublicKeySize + " bit RSA public key");
if ((iKeyPairSize != iPublicKeySize) || (iKeyPairSize != iPrivateKeySize))
{
System.out.println("Failure!");
break;
}
}
}
catch (Exception ex)
{
ex.printStackTrace();
}
}
}
---------- END SOURCE ----------
Release Regression From : 1.4.2_04
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
(Incident Review ID: 289826)
======================================================================
###@###.### 10/8/04 16:16 GMT
- backported by
-
JDK-2123698 REGRESSION: RSA key length not proper
-
- Resolved
-