8039921: SHA1WithDSA with key > 1024 bits not working

Removed the key size limits for all SHAXXXWithDSA signatures Reviewed-by: weijun
2014-12-30 22:03:23 +00:00 · 2014-12-30 22:03:23 +00:00 · ac09164efa
commit ac09164efa
parent fae6faa547
2 changed files with 3 additions and 23 deletions
--- a/jdk/src/java.base/share/classes/sun/security/provider/DSA.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/DSA.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -117,7 +117,6 @@ abstract class DSA extends SignatureSpi {
        if (params == null) {
            throw new InvalidKeyException("DSA private key lacks parameters");
        }
-        checkKey(params);

        this.params = params;
        this.presetX = priv.getX();
@ -149,7 +148,6 @@ abstract class DSA extends SignatureSpi {
        if (params == null) {
            throw new InvalidKeyException("DSA public key lacks parameters");
        }
-        checkKey(params);

        this.params = params;
        this.presetY = pub.getY();
@ -291,16 +289,6 @@ abstract class DSA extends SignatureSpi {
        return null;
    }

-    protected void checkKey(DSAParams params) throws InvalidKeyException {
-        // FIPS186-3 states in sec4.2 that a hash function which provides
-        // a lower security strength than the (L, N) pair ordinarily should
-        // not be used.
-        int valueN = params.getQ().bitLength();
-        if (valueN > md.getDigestLength()*8) {
-            throw new InvalidKeyException("Key is too strong for this signature algorithm");
-        }
-    }
-
    private BigInteger generateR(BigInteger p, BigInteger q, BigInteger g,
                         BigInteger k) {
        BigInteger temp = g.modPow(k, p);
@ -480,14 +468,6 @@ abstract class DSA extends SignatureSpi {
           }
        }

-        @Override
-        protected void checkKey(DSAParams params) throws InvalidKeyException {
-            int valueL = params.getP().bitLength();
-            if (valueL > 1024) {
-                throw new InvalidKeyException("Key is too long for this algorithm");
-            }
-        }
-
        /*
         * Please read bug report 4044247 for an alternative, faster,
         * NON-FIPS approved method to generate K
--- a/jdk/test/sun/security/provider/DSA/TestDSA2.java
+++ b/jdk/test/sun/security/provider/DSA/TestDSA2.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -50,7 +50,7 @@ public class TestDSA2 {
    public static void main(String[] args) throws Exception {
        boolean[] expectedToPass = { true, true, true };
        test(1024, expectedToPass);
-        boolean[] expectedToPass2 = { false, true, true };
+        boolean[] expectedToPass2 = { true, true, true };
        test(2048, expectedToPass2);
    }