In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.
{ "vanir_signatures": [ { "target": { "file": "prov/src/test/java/org/bouncycastle/jce/provider/test/DSATest.java" }, "digest": { "line_hashes": [ "272960272851457067213669225105609542617", "40437591993253917580729287954800812592", "244117597628187691213480854404577928477", "256388720511189596835617265611611441182", "144834174902876871041848359847103006795", "109391545642665904104121926837062339161", "329942142184009405323326196099659975311", "44638415618053903489688011888839369597", "279435678809771383110381504409095219915", "149260297816348481157597294695995565899", "135202963780410441307750029108679602867" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389", "id": "CVE-2016-1000343-205ba2dd", "signature_type": "Line", "deprecated": false }, { "target": { "file": "prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java" }, "digest": { "line_hashes": [ "13355290723725349368745329989347618543", "132012456049536062486610142113253442680", "266566135274626677248422357772359090099", "67951718911132861200676972530867716392", "123227893897903794997018758524343559168", "125072645518652505202624749001375164121", "107204242373676434483157988757460451279", "234440885163403474179705305683870469747", "227689743794388119601251283389931386220", "46437445457244463402399530235552491256", "233676737684436282642951948705719036399", "262957240772312990909155497255796045702", "161559031118209141837246876192847496487", "124081888484579726664893620713637938254", "258117312511801216931746282811598433286", "155765287899303234545320164174264001128", "177791379852089713076714863354421810584", "71385015115912219243897975170110225611", "216952351133835419405455233238767730185", "318764821106349202931912140848248088135", "89337051256361544191950482851091403204", "117424738161216075649616111895930893878", "293054463246076210814968644804689224777", "145743308941858415062268333078653912371" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389", "id": "CVE-2016-1000343-394025c5", "signature_type": "Line", "deprecated": false }, { "target": { "file": "prov/src/test/java/org/bouncycastle/jce/provider/test/DSATest.java", "function": "performTest" }, "digest": { "length": 2337.0, "function_hash": "73808229874167972886948173315043521400" }, "signature_version": "v1", "source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389", "id": "CVE-2016-1000343-9d31b4a6", "signature_type": "Function", "deprecated": false }, { "target": { "file": "prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java", "function": "generateKeyPair" }, "digest": { "length": 421.0, "function_hash": "13749231353833127326132574748037856164" }, "signature_version": "v1", "source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389", "id": "CVE-2016-1000343-ccf1950b", "signature_type": "Function", "deprecated": false }, { "target": { "file": "prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java", "function": "initialize" }, "digest": { "length": 312.0, "function_hash": "73127320062142693310826675929981259371" }, "signature_version": "v1", "source": "https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389", "id": "CVE-2016-1000343-e28e69a3", "signature_type": "Function", "deprecated": false } ] }