Closed Bug 144934 Opened 22 years ago Closed 22 years ago

generating DSA public key from spec is broken

Categories

(JSS Graveyard :: Library, defect)

Product:
JSS Graveyard
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jamie-bugzilla, Assigned: jamie-bugzilla)

Details

org/mozilla/jss/provider/java/security/JSSKeyFactory1_2.engineGeneratePublic is broken in the DSA case. We are creating a DSA public key using only the "Y" public value. This is insufficient because signature verification, for example, also requires the PQG parameters. The DSAPublicKeySpec actually contains PQG, but we aren't using them. I think the bug may actually be in PK11PubKey.fromRaw(), which purports to create a DSA public key just from its public value but in fact the thing it creates is useless. But a fix/workaround is to take P,Q,G, and Y out of the DSA PublicKey spec and build a SubjectPublicKeyInfo out of them, and then pass that to PK11PubKey.fromSPKI.
Fixed and checked into the trunk. 1) KeyFactory now constructs a SubjectPublicKeyInfo and imports that instead of just the DSA public value. 2) PK11PubKey.fromRaw() has been deprecated because it only works for RSA keys. /cvsroot/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.java,v <-- PK11PubKey.java new revision: 1.5; previous revision: 1.4 /cvsroot/mozilla/security/jss/org/mozilla/jss/provider/java/security/KeyFactorySpi1_2.java,v <-- KeyFactorySpi1_2.java new revision: 1.2; previous revision: 1.1
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.2
You need to log in before you can comment on or make changes to this bug.