diff -r e195319c3d7e src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java
--- openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java Wed Nov 09 12:38:45 2016 +0300
+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java Mon Dec 12 19:22:13 2016 +0000
@@ -74,10 +74,10 @@
private static void checkKeySize(int keysize)
throws InvalidParameterException {
- if ((keysize < 512) || (keysize > 2048) || ((keysize & 0x3F) != 0)) {
+ if ((keysize < 512) || (keysize > 4096) || ((keysize & 0x3F) != 0)) {
throw new InvalidParameterException(
"DH key size must be multiple of 64, and can only range " +
- "from 512 to 2048 (inclusive). " +
+ "from 512 to 4096 (inclusive). " +
"The specific key size " + keysize + " is not supported");
}
}
diff -r e195319c3d7e src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java
--- openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java Wed Nov 09 12:38:45 2016 +0300
+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java Mon Dec 12 19:22:13 2016 +0000
@@ -60,11 +60,11 @@
private static void checkKeySize(int keysize)
throws InvalidParameterException {
- if ((keysize != 2048) &&
+ if ((keysize != 2048) && (keysize != 4096) &&
((keysize < 512) || (keysize > 1024) || (keysize % 64 != 0))) {
throw new InvalidParameterException(
"DH key size must be multiple of 64 and range " +
- "from 512 to 1024 (inclusive), or 2048. " +
+ "from 512 to 1024 (inclusive), or 2048, or 4096. " +
"The specific key size " + keysize + " is not supported");
}
}
diff -r e195319c3d7e src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java
--- openjdk/jdk/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java Wed Nov 09 12:38:45 2016 +0300
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java Mon Dec 12 19:22:13 2016 +0000
@@ -285,11 +285,11 @@
// this restriction is in the spec for DSA
// since we currently use DSA parameters for DH as well,
// it also applies to DH if no parameters are specified
- if ((keySize != 2048) &&
+ if ((keySize != 2048) && (keySize != 4096) &&
((keySize > 1024) || ((keySize & 0x3f) != 0))) {
throw new InvalidAlgorithmParameterException(algorithm +
" key must be multiples of 64 if less than 1024 bits" +
- ", or 2048 bits. " +
+ ", or 2048 bits, or 4096 bits. " +
"The specific key size " +
keySize + " is not supported");
}
diff -r e195319c3d7e test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java
--- openjdk/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java Wed Nov 09 12:38:45 2016 +0300
+++ openjdk/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java Mon Dec 12 19:22:13 2016 +0000
@@ -58,7 +58,7 @@
*/
private enum Sizes {
two56(256), three84(384), five12(512), seven68(768), ten24(1024),
- twenty48(2048);
+ twenty48(2048), forty96(4096);
private final int intSize;
private final BigInteger bigIntValue;
@@ -130,6 +130,19 @@
kp = kpg.generateKeyPair();
checkKeyPair(kp, Sizes.twenty48, Sizes.five12);
+ kpg.initialize(Sizes.forty96.getIntSize());
+ kp = kpg.generateKeyPair();
+ checkKeyPair(kp, Sizes.forty96, Sizes.twenty48);
+
+ publicKey = (DHPublicKey)kp.getPublic();
+ p = publicKey.getParams().getP();
+ g = publicKey.getParams().getG();
+
+ // test w/ all values specified
+ kpg.initialize(new DHParameterSpec(p, g, Sizes.ten24.getIntSize()));
+ kp = kpg.generateKeyPair();
+ checkKeyPair(kp, Sizes.forty96, Sizes.ten24);
+
System.out.println("OK");
}