[11u] RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
Lindenmaier, Goetz
goetz.lindenmaier at sap.com
Wed May 19 10:10:07 UTC 2021
Hi Martin,
This looks good to me. The adaption makes sense.
Best regards,
Goetz.
From: security-dev <security-dev-retn at openjdk.java.net> On Behalf Of Doerr, Martin
Sent: Dienstag, 18. Mai 2021 17:03
To: jdk-updates-dev at openjdk.java.net; security-dev <security-dev at openjdk.java.net>
Subject: [11u] RFR: 8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
Hi,
JDK-8266293 is backported to 11.0.12-oracle. The included test shows that the fix is required in 11u.
Bug:
https://bugs.openjdk.java.net/browse/JDK-8266293
Original change:
https://git.openjdk.java.net/jdk/commit/04f71126479f9c39aa71e8aebe7196d72fc16796
It applies almost cleanly. Only the bug id addition in the test had to get done manually.
However, the new code needs an adaptation because JDK11u doesn't contain KnownOIDs.
One of the original author's comments says:
"Backporters might need to check case-insensitive equality to both "PBEWithMD5AndDES" and "1.2.840.113549.1.5.3" because both the algorithm name and OID can be specified through the system property."
I've followed this suggestion directly.
It should also be possible to do something tricky with AlgorithmId.pbeWithMD5AndDES_oid, but that seems to be more error-prone, so that is not my first choice for a backport.
11u backport:
http://cr.openjdk.java.net/~mdoerr/8266293_keyprotection_11u/webrev.00/
Please review.
Best regards,
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20210519/d6c5dc4b/attachment.htm>
More information about the security-dev
mailing list