Thanks for the prompt review~
Valerie
On 11/22/13 12:20, Sean Mullan wrote:
On 11/22/2013 02:54 PM, Valerie (Yu-Ching) Peng wrote:
Even if Solaris PKCS11 provider starts to support 2048-bit DSA keys, its
SHA1withDSA signature impl should still only accept up-to-1024-bit DSA
keys. The longer DSA keys need newer signature impls using SHA2-family
digests.
So, the regression test should still be valid.
Ok, sounds good.
--Sean
Thanks,
Valerie
On 11/22/13 07:40, Sean Mullan wrote:
The fix looks good. One comment on the test - it looks like the test
would start failing if Solaris PKCS11 started to support 2048 bit DSA
keys. Is there a way to workaround that by checking the max key length
supported by the library?
--Sean
On 11/19/2013 08:37 PM, Valerie (Yu-Ching) Peng wrote:
Can someone please help review my fixes for 7200306: SunPKCS11
provider
delays the check of DSA key size for SHA1withDSA to sign() instead of
init()?
Native PKCS11 libraries don't seem to check the key during the
initialization calls (triggered by initSign()/initVerify()).
Rather, it errors out during the subsequent update() calls. So, I
added
necessary key length checks.
Webrev:
http://cr.openjdk.java.net/~valeriep/7200306/webrev.00/
Thanks,
Valerie
