Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7200306

SunPKCS11 provider delays the check of DSA key size for SHA1withDSA to sign() instead of init()

XMLWordPrintable

    • b119
    • x86
    • linux

      When we generate a 2048 bit DSA key, and use it with signature algorithm SHA1withDSA, it is expected that we will catch an InvalidKeyException in the Signature.init(privateKey) method.

      But when the test is running on solaris platforn, the expected InvalidKeyException is not thrown, instead, the ProviderException complain about key size out of range is thrown:
      java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_SIZE_RANGE
      at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:557)
      at java.security.Signature$Delegate.engineSign(Signature.java:1161)
      at java.security.Signature.sign(Signature.java:553)
      at TestSunJCE.testKeyPair(TestSunJCE.java:286)
      at TestSunJCE.main(TestSunJCE.java:486)
      Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_SIZE_RANGE
      at sun.security.pkcs11.wrapper.PKCS11.C_Sign(Native Method)
      at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:542)
      ... 4 more

      We should make the behavior consistent.

            valeriep Valerie Peng
            yulixu Vivian Xu (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: