-
Bug
-
Resolution: Fixed
-
P3
-
8
-
b45
-
x86
-
other
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8084103 | emb-9 | Valerie Peng | P3 | Resolved | Fixed | team |
| JDK-8086760 | 8u65 | Valerie Peng | P3 | Resolved | Fixed | b01 |
| JDK-8068559 | 8u60 | Valerie Peng | P3 | Resolved | Fixed | b01 |
| JDK-8071881 | 8u51 | Valerie Peng | P3 | Resolved | Fixed | b01 |
| JDK-8071870 | 8u45 | Valerie Peng | P3 | Resolved | Fixed | b06 |
| JDK-8071381 | 8u40 | Valerie Peng | P3 | Resolved | Fixed | b23 |
| JDK-8138156 | emb-8u65 | Unassigned | P3 | Resolved | Fixed | b01 |
| JDK-8076713 | emb-8u60 | Valerie Peng | P3 | Resolved | Fixed | team |
| JDK-8072558 | emb-8u47 | Valerie Peng | P3 | Resolved | Fixed | team |
| JDK-8154211 | openjdk7u | Valerie Peng | P3 | Resolved | Fixed | master |
java version "1.8.0"
Java(TM) SE Runtime Environment (build 1.8.0-b132)
Java HotSpot(TM) 64-Bit Server VM (build 25.0-b70, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Mac OSX 10.9.2
A DESCRIPTION OF THE PROBLEM :
When you have a certificate with a public key using SHA1WithDSA with more than 1024 bits, you get the following exception:
Exception in thread "main" java.security.InvalidKeyException: Key is too long for this algorithm
at sun.security.provider.DSA$LegacyDSA.checkKey(DSA.java:487)
at sun.security.provider.DSA.engineInitVerify(DSA.java:152)
at java.security.Signature$Delegate.init(Signature.java:1104)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1067)
at java.security.Signature$Delegate.engineInitVerify(Signature.java:1122)
at java.security.Signature.initVerify(Signature.java:496)
This exactly same scenario works perfectly fine in java 1.7.0_21 1.7.0_25 1.7.0_40 at least.
REGRESSION. Last worked in version 7u40
ADDITIONAL REGRESSION INFORMATION:
java version "1.8.0"
Java(TM) SE Runtime Environment (build 1.8.0-b132)
Java HotSpot(TM) 64-Bit Server VM (build 25.0-b70, mixed mode)
And
java version "1.7.0_40"
Java(TM) SE Runtime Environment (build 1.7.0_40-b43)
Java HotSpot(TM) 64-Bit Server VM (build 24.0-b56, mixed mode)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
run the following statement using a Public Key SHA1WithDSA with 2048 bits key.
Signature.getInstance("SHA1withDSA").initVerify(cert);
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The certificate should be accepted and no exception should be thrown
ACTUAL -
Exception in thread "main" java.security.InvalidKeyException: Key is too long for this algorithm
at sun.security.provider.DSA$LegacyDSA.checkKey(DSA.java:487)
at sun.security.provider.DSA.engineInitVerify(DSA.java:152)
at java.security.Signature$Delegate.init(Signature.java:1104)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1067)
at java.security.Signature$Delegate.engineInitVerify(Signature.java:1122)
at java.security.Signature.initVerify(Signature.java:496)
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" java.security.InvalidKeyException: Key is too long for this algorithm
at sun.security.provider.DSA$LegacyDSA.checkKey(DSA.java:487)
at sun.security.provider.DSA.engineInitVerify(DSA.java:152)
at java.security.Signature$Delegate.init(Signature.java:1104)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1067)
at java.security.Signature$Delegate.engineInitVerify(Signature.java:1122)
at java.security.Signature.initVerify(Signature.java:496)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
@Test
public void testCertWith2048bitsKey() throws Exception {
X509Certificate cert = ... Cert with 2048 bits key... ;
Signature.getInstance("SHA1withDSA").initVerify(cert);
}
---------- END SOURCE ----------
- backported by
-
JDK-8068559 SHA1WithDSA with key > 1024 bits not working
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
JDK-7044060 Need to support NSA Suite B Cryptography algorithms
-
- Closed
-