8293554: Enhanced DH Key Exchanges

Reviewed-by: rhalade, mschoene, ascarpino, weijun
2025-08-28 15:24:43 +02:00 · 2022-10-07 22:25:38 +00:00 · 2022-10-07 22:25:38 +00:00 · 6c5aefe60c
commit 6c5aefe60c
parent 2e8073e4f9
5 changed files with 91 additions and 60 deletions
--- a/src/java.base/share/classes/sun/security/ssl/PredefinedDHParameterSpecs.java
+++ b/src/java.base/share/classes/sun/security/ssl/PredefinedDHParameterSpecs.java
@ -33,6 +33,7 @@ import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import javax.crypto.spec.DHParameterSpec;
+import static sun.security.util.SecurityProviderConstants.getDefDHPrivateExpSize;

 /**
 * Predefined default DH ephemeral parameters.
@ -280,8 +281,9 @@ final class PredefinedDHParameterSpecs {
                    String baseGenerator = paramsFinder.group(2);
                    BigInteger g = new BigInteger(baseGenerator, 16);

-                    DHParameterSpec spec = new DHParameterSpec(p, g);
                    int primeLen = p.bitLength();
+                    DHParameterSpec spec = new DHParameterSpec(p, g,
+                            getDefDHPrivateExpSize(primeLen));
                    defaultParams.put(primeLen, spec);
                }
            } else if (SSLLogger.isOn && SSLLogger.isOn("sslctx")) {
@ -293,7 +295,8 @@ final class PredefinedDHParameterSpecs {
        Map<Integer,DHParameterSpec> tempFFDHEs = new HashMap<>();
        for (BigInteger p : ffdhePrimes) {
            int primeLen = p.bitLength();
-            DHParameterSpec dhps = new DHParameterSpec(p, BigInteger.TWO);
+            DHParameterSpec dhps = new DHParameterSpec(p, BigInteger.TWO,
+                    getDefDHPrivateExpSize(primeLen));
            tempFFDHEs.put(primeLen, dhps);
            defaultParams.putIfAbsent(primeLen, dhps);
        }
@ -301,8 +304,8 @@ final class PredefinedDHParameterSpecs {
        for (BigInteger p : supportedPrimes) {
            int primeLen = p.bitLength();
            if (defaultParams.get(primeLen) == null) {
-                defaultParams.put(primeLen,
-                    new DHParameterSpec(p, BigInteger.TWO));
+                defaultParams.put(primeLen, new DHParameterSpec(p,
+                        BigInteger.TWO, getDefDHPrivateExpSize(primeLen)));
            }
        }