Code Review Request for 7200306: SunPKCS11 provider delays the check of DSA key size for SHA1withDSA to sign() instead of init()
Sean Mullan
sean.mullan at oracle.com
Fri Nov 22 15:40:43 UTC 2013
The fix looks good. One comment on the test - it looks like the test
would start failing if Solaris PKCS11 started to support 2048 bit DSA
keys. Is there a way to workaround that by checking the max key length
supported by the library?
--Sean
On 11/19/2013 08:37 PM, Valerie (Yu-Ching) Peng wrote:
>
> Can someone please help review my fixes for 7200306: SunPKCS11 provider
> delays the check of DSA key size for SHA1withDSA to sign() instead of
> init()?
>
> Native PKCS11 libraries don't seem to check the key during the
> initialization calls (triggered by initSign()/initVerify()).
> Rather, it errors out during the subsequent update() calls. So, I added
> necessary key length checks.
>
> Webrev:
> http://cr.openjdk.java.net/~valeriep/7200306/webrev.00/
>
> Thanks,
> Valerie
More information about the security-dev
mailing list