Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8039921

SHA1WithDSA with key > 1024 bits not working

    Details

    • Subcomponent:
    • Resolved In Build:
      b45
    • CPU:
      x86
    • OS:
      other

      Backports

        Description

        FULL PRODUCT VERSION :
        java version "1.8.0"
        Java(TM) SE Runtime Environment (build 1.8.0-b132)
        Java HotSpot(TM) 64-Bit Server VM (build 25.0-b70, mixed mode)

        ADDITIONAL OS VERSION INFORMATION :
        Mac OSX 10.9.2

        A DESCRIPTION OF THE PROBLEM :
        When you have a certificate with a public key using SHA1WithDSA with more than 1024 bits, you get the following exception:
        Exception in thread "main" java.security.InvalidKeyException: Key is too long for this algorithm
        at sun.security.provider.DSA$LegacyDSA.checkKey(DSA.java:487)
        at sun.security.provider.DSA.engineInitVerify(DSA.java:152)
        at java.security.Signature$Delegate.init(Signature.java:1104)
        at java.security.Signature$Delegate.chooseProvider(Signature.java:1067)
        at java.security.Signature$Delegate.engineInitVerify(Signature.java:1122)
        at java.security.Signature.initVerify(Signature.java:496)


        This exactly same scenario works perfectly fine in java 1.7.0_21 1.7.0_25 1.7.0_40 at least.

        REGRESSION. Last worked in version 7u40

        ADDITIONAL REGRESSION INFORMATION:
        java version "1.8.0"
        Java(TM) SE Runtime Environment (build 1.8.0-b132)
        Java HotSpot(TM) 64-Bit Server VM (build 25.0-b70, mixed mode)

        And

        java version "1.7.0_40"
        Java(TM) SE Runtime Environment (build 1.7.0_40-b43)
        Java HotSpot(TM) 64-Bit Server VM (build 24.0-b56, mixed mode)


        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        run the following statement using a Public Key SHA1WithDSA with 2048 bits key.
        Signature.getInstance("SHA1withDSA").initVerify(cert);

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        The certificate should be accepted and no exception should be thrown
        ACTUAL -
        Exception in thread "main" java.security.InvalidKeyException: Key is too long for this algorithm
        at sun.security.provider.DSA$LegacyDSA.checkKey(DSA.java:487)
        at sun.security.provider.DSA.engineInitVerify(DSA.java:152)
        at java.security.Signature$Delegate.init(Signature.java:1104)
        at java.security.Signature$Delegate.chooseProvider(Signature.java:1067)
        at java.security.Signature$Delegate.engineInitVerify(Signature.java:1122)
        at java.security.Signature.initVerify(Signature.java:496)


        ERROR MESSAGES/STACK TRACES THAT OCCUR :
        Exception in thread "main" java.security.InvalidKeyException: Key is too long for this algorithm
        at sun.security.provider.DSA$LegacyDSA.checkKey(DSA.java:487)
        at sun.security.provider.DSA.engineInitVerify(DSA.java:152)
        at java.security.Signature$Delegate.init(Signature.java:1104)
        at java.security.Signature$Delegate.chooseProvider(Signature.java:1067)
        at java.security.Signature$Delegate.engineInitVerify(Signature.java:1122)
        at java.security.Signature.initVerify(Signature.java:496)


        REPRODUCIBILITY :
        This bug can be reproduced always.

        ---------- BEGIN SOURCE ----------
        @Test
        public void testCertWith2048bitsKey() throws Exception {
        X509Certificate cert = ... Cert with 2048 bits key... ;
        Signature.getInstance("SHA1withDSA").initVerify(cert);
        }
        ---------- END SOURCE ----------

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  valeriep Valerie Peng
                  Reporter:
                  webbuggrp Webbug Group
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: