Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8202837

PBES2 AlgorithmId encoding error in PKCS12 KeyStore

    XMLWordPrintable

Details

    • b24
    • Verified

    Backports

      Description

        http://hg.openjdk.java.net/jdk/jdk/file/caf05d64138f/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java#l914:

                       algParams = getPBEAlgorithmParameters(algorithm);
                   ...
                   ObjectIdentifier pbeOID = mapPBEAlgorithmToOID(algorithm);
                   ...
                   cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
                   algid = new AlgorithmId(pbeOID, cipher.getParameters());
                   ...
                   EncryptedPrivateKeyInfo encrInfo =
                       new EncryptedPrivateKeyInfo(algid, encryptedKey);

        Here, pbeOID is pkcs5PBES2, but pkcs5PBES2 is also contained in algParams, and algid is encoded with a dup inside.

        0002:000B [0] OID 1.2.840.113549.1.5.13 (pkcs5PBES2)
        000D:0069 [1] SEQUENCE
        000F:000B [10] OID 1.2.840.113549.1.5.13 (pkcs5PBES2)
        001A:005C [11] SEQUENCE
        001C:003B [110] SEQUENCE
        001E:000B [1100] OID 1.2.840.113549.1.5.12 (pkcs5PBKDF2)
        0029:002E [1101] SEQUENCE

        Also, in PBES2Parameters::parseKDF, keyLength and prf fields are required. They should be optional.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8207890 PBES2 AlgorithmId encoding error in PKCS12 KeyStore

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8207996 PBES2 AlgorithmId encoding error in PKCS12 KeyStore

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8208038 PBES2 AlgorithmId encoding error in PKCS12 KeyStore

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8264688 PBES2 AlgorithmId encoding error in PKCS12 KeyStore

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8264693 PBES2 AlgorithmId encoding error in PKCS12 KeyStore

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8266276 PBES2 AlgorithmId encoding error in PKCS12 KeyStore

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8268477 PBES2 AlgorithmId encoding error in PKCS12 KeyStore

            • P3 - Major loss of function.
            • Resolved
            blocks

            Enhancement - null JDK-8076999 SunJCE support of password-based encryption scheme 2 params (PBES2) not working

            • P3 - Major loss of function.
            • Resolved
            relates to

            Enhancement - null JDK-8255680 Add more encryption schemes to SunJCE password-based encryption scheme 2 params

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Open

            Bug - A problem which impairs or prevents the functions of the product. JDK-8214513 A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8267837 JDK 7u/8u PKCS12KeyStore.parseAlgParameters exception

            • P3 - Major loss of function.
            • Closed

            Enhancement - null JDK-8153005 Upgrade the default PKCS12 encryption/MAC algorithms

            • P3 - Major loss of function.
            • Resolved

            Activity

              People

                weijun Weijun Wang
                weijun Weijun Wang
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: