8039921: SHA1WithDSA with key > 1024 bits not working
authorvaleriep
Tue, 30 Dec 2014 22:03:23 +0000
changeset 28262 ca047b87ba96
parent 28261 3c068ad934b0
child 28263 9c48c9617c7c
8039921: SHA1WithDSA with key > 1024 bits not working Summary: Removed the key size limits for all SHAXXXWithDSA signatures Reviewed-by: weijun
jdk/src/java.base/share/classes/sun/security/provider/DSA.java
jdk/test/sun/security/provider/DSA/TestDSA2.java
--- a/jdk/src/java.base/share/classes/sun/security/provider/DSA.java	Tue Dec 30 11:03:20 2014 -0800
+++ b/jdk/src/java.base/share/classes/sun/security/provider/DSA.java	Tue Dec 30 22:03:23 2014 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -117,7 +117,6 @@
         if (params == null) {
             throw new InvalidKeyException("DSA private key lacks parameters");
         }
-        checkKey(params);
 
         this.params = params;
         this.presetX = priv.getX();
@@ -149,7 +148,6 @@
         if (params == null) {
             throw new InvalidKeyException("DSA public key lacks parameters");
         }
-        checkKey(params);
 
         this.params = params;
         this.presetY = pub.getY();
@@ -291,16 +289,6 @@
         return null;
     }
 
-    protected void checkKey(DSAParams params) throws InvalidKeyException {
-        // FIPS186-3 states in sec4.2 that a hash function which provides
-        // a lower security strength than the (L, N) pair ordinarily should
-        // not be used.
-        int valueN = params.getQ().bitLength();
-        if (valueN > md.getDigestLength()*8) {
-            throw new InvalidKeyException("Key is too strong for this signature algorithm");
-        }
-    }
-
     private BigInteger generateR(BigInteger p, BigInteger q, BigInteger g,
                          BigInteger k) {
         BigInteger temp = g.modPow(k, p);
@@ -480,14 +468,6 @@
            }
         }
 
-        @Override
-        protected void checkKey(DSAParams params) throws InvalidKeyException {
-            int valueL = params.getP().bitLength();
-            if (valueL > 1024) {
-                throw new InvalidKeyException("Key is too long for this algorithm");
-            }
-        }
-
         /*
          * Please read bug report 4044247 for an alternative, faster,
          * NON-FIPS approved method to generate K
--- a/jdk/test/sun/security/provider/DSA/TestDSA2.java	Tue Dec 30 11:03:20 2014 -0800
+++ b/jdk/test/sun/security/provider/DSA/TestDSA2.java	Tue Dec 30 22:03:23 2014 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -50,7 +50,7 @@
     public static void main(String[] args) throws Exception {
         boolean[] expectedToPass = { true, true, true };
         test(1024, expectedToPass);
-        boolean[] expectedToPass2 = { false, true, true };
+        boolean[] expectedToPass2 = { true, true, true };
         test(2048, expectedToPass2);
     }