-
Bug
-
Resolution: Unresolved
-
P4
-
None
-
8, 11, 17
-
generic
-
generic
A DESCRIPTION OF THE PROBLEM :
When reinitializing a Signature object with a new SecureRandom via initSign(PrivateKey, SecureRandom), the new random source is not used for subsequent signing operations with DSA/SHA256withDSA algorithms.
---------- BEGIN SOURCE ----------
import java.security.*;
import java.util.Arrays;
public class TestInitSignWithMyOwnRandom {
public static void main(String[] args) throws Exception {
Provider p = Security.getProvider(
System.getProperty("test.provider.name", "SUN"));
String kpgAlgorithm = "DSA";
// args = new String[]{"DSA", "512"};
args = new String[]{"SHA256withDSA", "2048"};
int keySize = Integer.parseInt(args[1]);
KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm, p);
kpg.initialize(keySize);
KeyPair kp = kpg.generateKeyPair();
TestRandomSource rand = new TestRandomSource();
TestRandomSource rand2 = new TestRandomSource();
String signAlgo = args[0];
byte[] data = new byte[20000];
Signature sig = Signature.getInstance(signAlgo, p);
sig.initSign(kp.getPrivate(), rand);
sig.update(data);
sig.sign();
if (!rand.isUsed()) {
throw new Exception("Custom random source is not used");
}
sig.initSign(kp.getPrivate(), rand2);
for (int i = 0; i < 20000; i++){
data[i] = (byte) ((System.currentTimeMillis() + i) % 256);
}
sig.update(data);
sig.sign();
if (!rand2.isUsed()) { // Check if new random is used
throw new Exception("New random source not used after reinitialization");
}
}
}
import java.security.SecureRandom;
class TestRandomSource extends SecureRandom {
private int count = 0;
private final SecureRandom delegate = new SecureRandom();
@Override
public void nextBytes(byte[] bytes) {
count++;
delegate.nextBytes(bytes);
}
public boolean isUsed() {
return count > 0;
}
}
---------- END SOURCE ----------
When reinitializing a Signature object with a new SecureRandom via initSign(PrivateKey, SecureRandom), the new random source is not used for subsequent signing operations with DSA/SHA256withDSA algorithms.
---------- BEGIN SOURCE ----------
import java.security.*;
import java.util.Arrays;
public class TestInitSignWithMyOwnRandom {
public static void main(String[] args) throws Exception {
Provider p = Security.getProvider(
System.getProperty("test.provider.name", "SUN"));
String kpgAlgorithm = "DSA";
// args = new String[]{"DSA", "512"};
args = new String[]{"SHA256withDSA", "2048"};
int keySize = Integer.parseInt(args[1]);
KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm, p);
kpg.initialize(keySize);
KeyPair kp = kpg.generateKeyPair();
TestRandomSource rand = new TestRandomSource();
TestRandomSource rand2 = new TestRandomSource();
String signAlgo = args[0];
byte[] data = new byte[20000];
Signature sig = Signature.getInstance(signAlgo, p);
sig.initSign(kp.getPrivate(), rand);
sig.update(data);
sig.sign();
if (!rand.isUsed()) {
throw new Exception("Custom random source is not used");
}
sig.initSign(kp.getPrivate(), rand2);
for (int i = 0; i < 20000; i++){
data[i] = (byte) ((System.currentTimeMillis() + i) % 256);
}
sig.update(data);
sig.sign();
if (!rand2.isUsed()) { // Check if new random is used
throw new Exception("New random source not used after reinitialization");
}
}
}
import java.security.SecureRandom;
class TestRandomSource extends SecureRandom {
private int count = 0;
private final SecureRandom delegate = new SecureRandom();
@Override
public void nextBytes(byte[] bytes) {
count++;
delegate.nextBytes(bytes);
}
public boolean isUsed() {
return count > 0;
}
}
---------- END SOURCE ----------
- relates to
-
JDK-8222520 Signature.initSign(PrivateKey) should explicitly state that SecureRandom is not reset
-
- Open
-