Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8202837

PBES2 AlgorithmId encoding error in PKCS12 KeyStore

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 11
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b24
    • Verification:
      Verified

      Backports

        Description

        http://hg.openjdk.java.net/jdk/jdk/file/caf05d64138f/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java#l914:

                       algParams = getPBEAlgorithmParameters(algorithm);
                   ...
                   ObjectIdentifier pbeOID = mapPBEAlgorithmToOID(algorithm);
                   ...
                   cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
                   algid = new AlgorithmId(pbeOID, cipher.getParameters());
                   ...
                   EncryptedPrivateKeyInfo encrInfo =
                       new EncryptedPrivateKeyInfo(algid, encryptedKey);

        Here, pbeOID is pkcs5PBES2, but pkcs5PBES2 is also contained in algParams, and algid is encoded with a dup inside.

        0002:000B [0] OID 1.2.840.113549.1.5.13 (pkcs5PBES2)
        000D:0069 [1] SEQUENCE
        000F:000B [10] OID 1.2.840.113549.1.5.13 (pkcs5PBES2)
        001A:005C [11] SEQUENCE
        001C:003B [110] SEQUENCE
        001E:000B [1100] OID 1.2.840.113549.1.5.12 (pkcs5PBKDF2)
        0029:002E [1101] SEQUENCE

        Also, in PBES2Parameters::parseKDF, keyLength and prf fields are required. They should be optional.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  weijun Weijun Wang
                  Reporter:
                  weijun Weijun Wang
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: