8039921: SHA1WithDSA with key > 1024 bits not working
Summary: Removed the key size limits for all SHAXXXWithDSA signatures
Reviewed-by: weijun
--- a/jdk/src/java.base/share/classes/sun/security/provider/DSA.java Tue Dec 30 11:03:20 2014 -0800
+++ b/jdk/src/java.base/share/classes/sun/security/provider/DSA.java Tue Dec 30 22:03:23 2014 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -117,7 +117,6 @@
if (params == null) {
throw new InvalidKeyException("DSA private key lacks parameters");
}
- checkKey(params);
this.params = params;
this.presetX = priv.getX();
@@ -149,7 +148,6 @@
if (params == null) {
throw new InvalidKeyException("DSA public key lacks parameters");
}
- checkKey(params);
this.params = params;
this.presetY = pub.getY();
@@ -291,16 +289,6 @@
return null;
}
- protected void checkKey(DSAParams params) throws InvalidKeyException {
- // FIPS186-3 states in sec4.2 that a hash function which provides
- // a lower security strength than the (L, N) pair ordinarily should
- // not be used.
- int valueN = params.getQ().bitLength();
- if (valueN > md.getDigestLength()*8) {
- throw new InvalidKeyException("Key is too strong for this signature algorithm");
- }
- }
-
private BigInteger generateR(BigInteger p, BigInteger q, BigInteger g,
BigInteger k) {
BigInteger temp = g.modPow(k, p);
@@ -480,14 +468,6 @@
}
}
- @Override
- protected void checkKey(DSAParams params) throws InvalidKeyException {
- int valueL = params.getP().bitLength();
- if (valueL > 1024) {
- throw new InvalidKeyException("Key is too long for this algorithm");
- }
- }
-
/*
* Please read bug report 4044247 for an alternative, faster,
* NON-FIPS approved method to generate K
--- a/jdk/test/sun/security/provider/DSA/TestDSA2.java Tue Dec 30 11:03:20 2014 -0800
+++ b/jdk/test/sun/security/provider/DSA/TestDSA2.java Tue Dec 30 22:03:23 2014 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -50,7 +50,7 @@
public static void main(String[] args) throws Exception {
boolean[] expectedToPass = { true, true, true };
test(1024, expectedToPass);
- boolean[] expectedToPass2 = { false, true, true };
+ boolean[] expectedToPass2 = { true, true, true };
test(2048, expectedToPass2);
}