--- jdk8/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java	Tue Mar 17 00:09:12 2015 +0300
+++ jdk8/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java	Wed Apr 08 14:25:54 2015 +0100
@@ -1,5 +1,6 @@ 
 /*
  * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014 Red Hat Inc.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -80,10 +81,10 @@ 
      * @param random the source of randomness
      */
     public void initialize(int keysize, SecureRandom random) {
-        if ((keysize < 512) || (keysize > 2048) || (keysize % 64 != 0)) {
+        if ((keysize < 512) || (keysize > 4096) || (keysize % 64 != 0)) {
             throw new InvalidParameterException("Keysize must be multiple "
                                                 + "of 64, and can only range "
-                                                + "from 512 to 2048 "
+                                                + "from 512 to 4096 "
                                                 + "(inclusive)");
         }
         this.pSize = keysize;
@@ -115,11 +116,11 @@ 
 
         params = (DHParameterSpec)algParams;
         pSize = params.getP().bitLength();
-        if ((pSize < 512) || (pSize > 2048) ||
+        if ((pSize < 512) || (pSize > 4096) ||
             (pSize % 64 != 0)) {
             throw new InvalidAlgorithmParameterException
                 ("Prime size must be multiple of 64, and can only range "
-                 + "from 512 to 2048 (inclusive)");
+                 + "from 512 to 4096 (inclusive)");
         }
 
         // exponent size is optional, could be 0
--- jdk8/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java	Tue Mar 17 00:09:12 2015 +0300
+++ jdk8/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java	Wed Apr 08 14:25:54 2015 +0100
@@ -1,5 +1,6 @@ 
 /*
  * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014 Red Hat Inc.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -60,11 +61,11 @@ 
 
     private static void checkKeySize(int keysize)
         throws InvalidAlgorithmParameterException {
-        if ((keysize != 2048) &&
+        if ((keysize != 2048) && (keysize != 4096) &&
             ((keysize < 512) || (keysize > 1024) || (keysize % 64 != 0))) {
             throw new InvalidAlgorithmParameterException(
                 "Keysize must be multiple of 64 ranging from "
-                + "512 to 1024 (inclusive), or 2048");
+                + "512 to 1024 (inclusive), or 2048, or 4096");
         }
     }
 
--- jdk8/jdk/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java	Tue Mar 17 00:09:12 2015 +0300
+++ jdk8/jdk/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java	Wed Apr 08 14:25:54 2015 +0100
@@ -278,11 +278,11 @@ 
                     // this restriction is in the spec for DSA
                     // since we currently use DSA parameters for DH as well,
                     // it also applies to DH if no parameters are specified
-                    if ((keySize != 2048) &&
+                    if ((keySize != 2048) && (keySize != 4096) &&
                         ((keySize > 1024) || ((keySize & 0x3f) != 0))) {
                         throw new InvalidAlgorithmParameterException(algorithm +
                             " key must be multiples of 64 if less than 1024 bits" +
-                            ", or 2048 bits");
+                            ", or 2048 bits, or 4096 bits");
                     }
                 }
             }
--- jdk8/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java	Tue Mar 17 00:09:12 2015 +0300
+++ jdk8/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java	Wed Apr 08 14:25:54 2015 +0100
@@ -1,5 +1,6 @@ 
 /*
  * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014 Red Hat Inc.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -58,7 +59,7 @@ 
      */
     private enum Sizes {
         two56(256), three84(384), five12(512), seven68(768), ten24(1024),
-        twenty48(2048);
+        twenty48(2048), forty96(4096);
 
         private final int intSize;
         private final BigInteger bigIntValue;
@@ -130,6 +131,19 @@ 
         kp = kpg.generateKeyPair();
         checkKeyPair(kp, Sizes.twenty48, Sizes.five12);
 
+        kpg.initialize(Sizes.forty96.getIntSize());
+        kp = kpg.generateKeyPair();
+        checkKeyPair(kp, Sizes.forty96, Sizes.twenty48);
+
+        publicKey = (DHPublicKey)kp.getPublic();
+        p = publicKey.getParams().getP();
+        g = publicKey.getParams().getG();
+
+        // test w/ all values specified
+        kpg.initialize(new DHParameterSpec(p, g, Sizes.ten24.getIntSize()));
+        kp = kpg.generateKeyPair();
+        checkKeyPair(kp, Sizes.forty96, Sizes.ten24);
+
         System.out.println("OK");
     }