Skip to content
Permalink
Browse files
8266293: Key protection using PBEWithMD5AndDES fails with "java.secur…
…ity.InvalidAlgorithmParameterException: Salt must be 8 bytes long"

Reviewed-by: valeriep
  • Loading branch information
wangweij committed May 6, 2021
1 parent a90b33a commit 04f71126479f9c39aa71e8aebe7196d72fc16796
Showing with 18 additions and 3 deletions.
  1. +8 −2 src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
  2. +10 −1 test/jdk/sun/security/pkcs12/ParamsPreferences.java
@@ -804,11 +804,17 @@ public synchronized void engineSetKeyEntry(String alias, byte[] key,
*/
private AlgorithmParameters getPBEAlgorithmParameters(
String algorithm, int iterationCount) throws IOException {
AlgorithmParameters algParams = null;
AlgorithmParameters algParams;

byte[] salt = getSalt();
if (KnownOIDs.findMatch(algorithm) == KnownOIDs.PBEWithMD5AndDES) {
// PBES1 scheme such as PBEWithMD5AndDES requires a 8-byte salt
salt = Arrays.copyOf(salt, 8);
}

// create PBE parameters from salt and iteration count
PBEParameterSpec paramSpec =
new PBEParameterSpec(getSalt(), iterationCount);
new PBEParameterSpec(salt, iterationCount);
try {
algParams = AlgorithmParameters.getInstance(algorithm);
algParams.init(paramSpec);
@@ -35,7 +35,7 @@

/*
* @test
* @bug 8076190 8242151 8153005
* @bug 8076190 8242151 8153005 8266293
* @library /test/lib
* @modules java.base/sun.security.pkcs
* java.base/sun.security.util
@@ -193,6 +193,15 @@ public static final void main(String[] args) throws Exception {
PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,
PBEWithSHA1AndRC4_40, 10000,
SHA_256, 10000);

// 8266293
test(c++,
Map.of("keystore.pkcs12.keyProtectionAlgorithm", "PBEWithMD5AndDES",
"keystore.pkcs12.certProtectionAlgorithm", "PBEWithMD5AndDES"),
Map.of(),
PBEWithMD5AndDES, 10000,
PBEWithMD5AndDES, 10000,
SHA_256, 10000);
}

/**

0 comments on commit 04f7112

Please sign in to comment.