From 6726d0be77396f2ff79065b6822b5c306fb77d68 Mon Sep 17 00:00:00 2001
From: Weijun Wang <weijun.wang@oracle.com>
Date: Fri, 30 Apr 2021 13:28:43 -0400
Subject: [PATCH 1/2] 8266293: Key protection using PBEWithMD5AndDES fails with
 "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"

only in patch2:
unchanged:
---
 .../classes/sun/security/pkcs12/PKCS12KeyStore.java   | 10 ++++++++--
 test/jdk/sun/security/pkcs12/ParamsPreferences.java   | 11 ++++++++++-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
index ee1bf20d6b7b9..a2403e2ebee03 100644
--- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
+++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
@@ -804,11 +804,17 @@ private byte[] getSalt()
      */
     private AlgorithmParameters getPBEAlgorithmParameters(
             String algorithm, int iterationCount) throws IOException {
-        AlgorithmParameters algParams = null;
+        AlgorithmParameters algParams;
+
+        byte[] salt = getSalt();
+        if (KnownOIDs.findMatch(algorithm) == KnownOIDs.PBEWithMD5AndDES) {
+            // PBEWithMD5AndDES requires a 8-byte salt
+            salt = Arrays.copyOf(salt, 8);
+        }
 
         // create PBE parameters from salt and iteration count
         PBEParameterSpec paramSpec =
-                new PBEParameterSpec(getSalt(), iterationCount);
+                new PBEParameterSpec(salt, iterationCount);
         try {
            algParams = AlgorithmParameters.getInstance(algorithm);
            algParams.init(paramSpec);
diff --git a/test/jdk/sun/security/pkcs12/ParamsPreferences.java b/test/jdk/sun/security/pkcs12/ParamsPreferences.java
index d0f4481fddb3e..4bedca56a786c 100644
--- a/test/jdk/sun/security/pkcs12/ParamsPreferences.java
+++ b/test/jdk/sun/security/pkcs12/ParamsPreferences.java
@@ -35,7 +35,7 @@
 
 /*
  * @test
- * @bug 8076190 8242151 8153005
+ * @bug 8076190 8242151 8153005 8266293
  * @library /test/lib
  * @modules java.base/sun.security.pkcs
  *          java.base/sun.security.util
@@ -193,6 +193,15 @@ public static final void main(String[] args) throws Exception {
                 PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,
                 PBEWithSHA1AndRC4_40, 10000,
                 SHA_256, 10000);
+
+        // 8266293
+        test(c++,
+                Map.of("keystore.pkcs12.keyProtectionAlgorithm", "PBEWithMD5AndDES",
+                        "keystore.pkcs12.certProtectionAlgorithm", "PBEWithMD5AndDES"),
+                Map.of(),
+                PBEWithMD5AndDES, 10000,
+                PBEWithMD5AndDES, 10000,
+                SHA_256, 10000);
     }
 
     /**

From df1ab3732c7f42d03292b9d67f2c53bf1b391003 Mon Sep 17 00:00:00 2001
From: Weijun Wang <weijun.wang@oracle.com>
Date: Thu, 6 May 2021 10:19:43 -0400
Subject: [PATCH 2/2] better comment

---
 .../share/classes/sun/security/pkcs12/PKCS12KeyStore.java       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
index a2403e2ebee03..ef856f6fd31f2 100644
--- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
+++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
@@ -808,7 +808,7 @@ private AlgorithmParameters getPBEAlgorithmParameters(
 
         byte[] salt = getSalt();
         if (KnownOIDs.findMatch(algorithm) == KnownOIDs.PBEWithMD5AndDES) {
-            // PBEWithMD5AndDES requires a 8-byte salt
+            // PBES1 scheme such as PBEWithMD5AndDES requires a 8-byte salt
             salt = Arrays.copyOf(salt, 8);
         }