diff --git a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java index ee1bf20d6b7b9..ef856f6fd31f2 100644 --- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java +++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java @@ -804,11 +804,17 @@ private byte[] getSalt() */ private AlgorithmParameters getPBEAlgorithmParameters( String algorithm, int iterationCount) throws IOException { - AlgorithmParameters algParams = null; + AlgorithmParameters algParams; + + byte[] salt = getSalt(); + if (KnownOIDs.findMatch(algorithm) == KnownOIDs.PBEWithMD5AndDES) { + // PBES1 scheme such as PBEWithMD5AndDES requires a 8-byte salt + salt = Arrays.copyOf(salt, 8); + } // create PBE parameters from salt and iteration count PBEParameterSpec paramSpec = - new PBEParameterSpec(getSalt(), iterationCount); + new PBEParameterSpec(salt, iterationCount); try { algParams = AlgorithmParameters.getInstance(algorithm); algParams.init(paramSpec); diff --git a/test/jdk/sun/security/pkcs12/ParamsPreferences.java b/test/jdk/sun/security/pkcs12/ParamsPreferences.java index d0f4481fddb3e..4bedca56a786c 100644 --- a/test/jdk/sun/security/pkcs12/ParamsPreferences.java +++ b/test/jdk/sun/security/pkcs12/ParamsPreferences.java @@ -35,7 +35,7 @@ /* * @test - * @bug 8076190 8242151 8153005 + * @bug 8076190 8242151 8153005 8266293 * @library /test/lib * @modules java.base/sun.security.pkcs * java.base/sun.security.util @@ -193,6 +193,15 @@ public static final void main(String[] args) throws Exception { PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000, PBEWithSHA1AndRC4_40, 10000, SHA_256, 10000); + + // 8266293 + test(c++, + Map.of("keystore.pkcs12.keyProtectionAlgorithm", "PBEWithMD5AndDES", + "keystore.pkcs12.certProtectionAlgorithm", "PBEWithMD5AndDES"), + Map.of(), + PBEWithMD5AndDES, 10000, + PBEWithMD5AndDES, 10000, + SHA_256, 10000); } /**