Bug ID: JDK-8202837 PBES2 AlgorithmId encoding error in PKCS12 KeyStore

JDK-8202837 : PBES2 AlgorithmId encoding error in PKCS12 KeyStore

Type: Bug
Component: security-libs
Sub-Component: java.security

Priority: P3
Status: Closed
Resolution: Fixed

Submitted: 2018-05-09
Updated: 2021-06-09
Resolved: 2018-07-18

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 11	JDK 12	JDK 7	JDK 8	Other
11 b24Fixed	12Fixed	7u311Fixed	8u301Fixed	openjdk8u312Fixed

Related Reports

Blocks :	JDK-8076999 - SunJCE support of password-based encryption scheme 2 params (PBES2) not working
Relates :	JDK-8255680 - Add more encryption schemes to SunJCE password-based encryption scheme 2 params
Relates :	JDK-8153005 - Upgrade the default PKCS12 encryption/MAC algorithms
Relates :	JDK-8267837 - JDK 7u/8u PKCS12KeyStore.parseAlgParameters exception
Relates :	JDK-8214513 - A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11

Description

http://hg.openjdk.java.net/jdk/jdk/file/caf05d64138f/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java#l914:

               algParams = getPBEAlgorithmParameters(algorithm);
           ...
           ObjectIdentifier pbeOID = mapPBEAlgorithmToOID(algorithm);
           ...
           cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
           algid = new AlgorithmId(pbeOID, cipher.getParameters());
           ...
           EncryptedPrivateKeyInfo encrInfo =
               new EncryptedPrivateKeyInfo(algid, encryptedKey);

Here, pbeOID is pkcs5PBES2, but pkcs5PBES2 is also contained in algParams, and algid is encoded with a dup inside.

0002:000B  [0]     OID 1.2.840.113549.1.5.13 (pkcs5PBES2)
000D:0069  [1]     SEQUENCE
000F:000B  [10]         OID 1.2.840.113549.1.5.13 (pkcs5PBES2)
001A:005C  [11]         SEQUENCE
001C:003B  [110]             SEQUENCE
001E:000B  [1100]                 OID 1.2.840.113549.1.5.12 (pkcs5PBKDF2)
0029:002E  [1101]                 SEQUENCE

Also, in PBES2Parameters::parseKDF, keyLength and prf fields are required. They should be optional.

Comments

Fix request [8u] I'd like to backport this issue for parity with Oracle. Also, this patch is required for JDK-8076190 backport Original patch applied almost clean except of HexDumpEncoder class namespace in the com/sun/crypto/provider/PBES2Parameters.java /sun/security/pkcs12 tests passed Review is started at https://mail.openjdk.java.net/pipermail/jdk8u-dev/2021-May/013799.html

11-05-2021