[11u] RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
Doerr, Martin
martin.doerr at sap.com
Tue May 18 15:02:35 UTC 2021
Hi,
JDK-8266293 is backported to 11.0.12-oracle. The included test shows that the fix is required in 11u.
Bug:
https://bugs.openjdk.java.net/browse/JDK-8266293
Original change:
https://git.openjdk.java.net/jdk/commit/04f71126479f9c39aa71e8aebe7196d72fc16796
It applies almost cleanly. Only the bug id addition in the test had to get done manually.
However, the new code needs an adaptation because JDK11u doesn't contain KnownOIDs.
One of the original author’s comments says:
"Backporters might need to check case-insensitive equality to both "PBEWithMD5AndDES" and "1.2.840.113549.1.5.3" because both the algorithm name and OID can be specified through the system property."
I've followed this suggestion directly.
It should also be possible to do something tricky with AlgorithmId.pbeWithMD5AndDES_oid, but that seems to be more error-prone, so that is not my first choice for a backport.
11u backport:
http://cr.openjdk.java.net/~mdoerr/8266293_keyprotection_11u/webrev.00/
Please review.
Best regards,
Martin
More information about the jdk-updates-dev
mailing list