[11u] RFR: 8266293: Key protection using PBEWithMD5AndDES fails with
"java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
Hi,
JDK-8266293 is backported to 11.0.12-oracle. The included test shows that the
fix is required in 11u.
Bug:
https://bugs.openjdk.java.ne
Hi Martin,
This looks good to me. The adaption makes sense.
Best regards,
Goetz.
From: security-dev On Behalf Of Doerr,
Martin
Sent: Dienstag, 18. Mai 2021 17:03
To: jdk-updates-...@openjdk.java.net; security-dev
Subject: [11u] RFR: 8266293: Key protection using PBEWithMD5AndDES fails
Hi,
JDK-8266293 is backported to 11.0.12-oracle. The included test shows that the
fix is required in 11u.
Bug:
https://bugs.openjdk.java.net/browse/JDK-8266293
Original change:
https://git.openjdk.java.net/jdk/commit/04f71126479f9c39aa71e8aebe7196d72fc16796
It applies almost cleanly. Only the
On Thu, 6 May 2021 14:25:13 GMT, Weijun Wang wrote:
>> `PKCS12KeyStore` always uses a 20-byte salt in encryption but
>> PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt
>> used for this algorithm will be 8 bytes.
>>
>> RFC 2898 only requires the salt to be at least 8
On Thu, 6 May 2021 01:23:40 GMT, Valerie Peng wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> better comment
>
> src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 811:
>
>> 809:
> `PKCS12KeyStore` always uses a 20-byte salt in encryption but
> PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt
> used for this algorithm will be 8 bytes.
>
> RFC 2898 only requires the salt to be at least 8 bytes, but I don't intend to
> modify the
On Fri, 30 Apr 2021 17:35:46 GMT, Weijun Wang wrote:
> `PKCS12KeyStore` always uses a 20-byte salt in encryption but
> PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt
> used for this algorithm will be 8 bytes.
>
> RFC 2898 only requires the salt to be at least 8
On Fri, 30 Apr 2021 17:35:46 GMT, Weijun Wang wrote:
> `PKCS12KeyStore` always uses a 20-byte salt in encryption but
> PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt
> used for this algorithm will be 8 bytes.
>
> RFC 2898 only requires the salt to be at least 8
`PKCS12KeyStore` always uses a 20-byte salt in encryption but PBEWithMD5AndDES
only accepts 8-byte salt. With this code change, the salt used for this
algorithm will be 8 bytes.
RFC 2898 only requires the salt to be at least 8 bytes, but I don't intend to
modify the `PBES1Core.java` to accept