diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java index cb9ab66e3d0..763fb98a8ea 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java @@ -338,9 +338,6 @@ final class P11PSSSignature extends SignatureSpi { int keySize = 0; // in bytes if (mechInfo != null) { - // check against available native info - int minKeySize = (int) mechInfo.ulMinKeySize; - int maxKeySize = (int) mechInfo.ulMaxKeySize; if (key instanceof P11Key) { keySize = (((P11Key) key).length() + 7) >> 3; } else if (key instanceof RSAKey) { @@ -348,13 +345,16 @@ final class P11PSSSignature extends SignatureSpi { } else { throw new InvalidKeyException("Unrecognized key type " + key); } - if ((minKeySize != -1) && (keySize < minKeySize)) { + // check against available native info which are in bits + if ((mechInfo.iMinKeySize != 0) && + (keySize < (mechInfo.iMinKeySize >> 3))) { throw new InvalidKeyException(KEY_ALGO + - " key must be at least " + minKeySize + " bytes"); + " key must be at least " + mechInfo.iMinKeySize + " bits"); } - if ((maxKeySize != -1) && (keySize > maxKeySize)) { + if ((mechInfo.iMaxKeySize != Integer.MAX_VALUE) && + (keySize > (mechInfo.iMaxKeySize >> 3))) { throw new InvalidKeyException(KEY_ALGO + - " key must be at most " + maxKeySize + " bytes"); + " key must be at most " + mechInfo.iMaxKeySize + " bits"); } } if (this.sigParams != null) {