Mercurial > hg > release > icedtea7-forest-2.5 > jdk
changeset 8191:95bbd38a7741
8039921, PR2421: SHA1WithDSA with key > 1024 bits not working
Summary: Removed the key size limits for all SHAXXXWithDSA signatures
Reviewed-by: weijun
author | andrew |
---|---|
date | Tue, 07 Jul 2015 16:11:07 +0100 |
parents | a1834394c688 |
children | 0b646f5aec62 |
files | src/share/classes/sun/security/provider/DSA.java test/sun/security/provider/DSA/TestDSA2.java |
diffstat | 2 files changed, 3 insertions(+), 23 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/provider/DSA.java Tue Jul 07 16:05:01 2015 +0100 +++ b/src/share/classes/sun/security/provider/DSA.java Tue Jul 07 16:11:07 2015 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -117,7 +117,6 @@ if (params == null) { throw new InvalidKeyException("DSA private key lacks parameters"); } - checkKey(params); this.params = params; this.presetX = priv.getX(); @@ -149,7 +148,6 @@ if (params == null) { throw new InvalidKeyException("DSA public key lacks parameters"); } - checkKey(params); this.params = params; this.presetY = pub.getY(); @@ -291,16 +289,6 @@ return null; } - protected void checkKey(DSAParams params) throws InvalidKeyException { - // FIPS186-3 states in sec4.2 that a hash function which provides - // a lower security strength than the (L, N) pair ordinarily should - // not be used. - int valueN = params.getQ().bitLength(); - if (valueN > md.getDigestLength()*8) { - throw new InvalidKeyException("Key is too strong for this signature algorithm"); - } - } - private BigInteger generateR(BigInteger p, BigInteger q, BigInteger g, BigInteger k) { BigInteger temp = g.modPow(k, p); @@ -480,14 +468,6 @@ } } - @Override - protected void checkKey(DSAParams params) throws InvalidKeyException { - int valueL = params.getP().bitLength(); - if (valueL > 1024) { - throw new InvalidKeyException("Key is too long for this algorithm"); - } - } - /* * Please read bug report 4044247 for an alternative, faster, * NON-FIPS approved method to generate K
--- a/test/sun/security/provider/DSA/TestDSA2.java Tue Jul 07 16:05:01 2015 +0100 +++ b/test/sun/security/provider/DSA/TestDSA2.java Tue Jul 07 16:11:07 2015 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -50,7 +50,7 @@ public static void main(String[] args) throws Exception { boolean[] expectedToPass = { true, true, true }; test(1024, expectedToPass); - boolean[] expectedToPass2 = { false, true, true }; + boolean[] expectedToPass2 = { true, true, true }; test(2048, expectedToPass2); }