From c8f9dc88f7b38016a48406ebbd76421439068860 Mon Sep 17 00:00:00 2001
From: Kenny Root <kroot@google.com>
Date: Wed, 10 Feb 2016 09:55:02 -0800
Subject: DSASigner: fix key check when no digest specified

Since the digest specified was a NullDigest, its effective length during
initialization is 0 bytes, so there is no way to tell if the key
strength is appropriate at that time.

Bug: 21630204
Bug: 27247313
Change-Id: I0f60ac5d62ae54119fd432cf828a2282418e8f39
---
 .../java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'bcprov/src/main/java')

diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
index a2923143..2c4900f1 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
@@ -208,7 +208,7 @@ public class DSASigner
         } else if (valueL == 3072 && valueN != 256) {
             throw new InvalidKeyException("valueN must be 256 for valueL = 3072");
         }
-        if (valueN > digestSize * 8) {
+        if (!(digest instanceof NullDigest) && valueN > digestSize * 8) {
             throw new InvalidKeyException("Key is too strong for this signature algorithm");
         }
     }
-- 
cgit v1.2.3