8284553: Deprecate the DEFAULT static field of OAEPParameterSpec #8191
Conversation
|
👋 Welcome back valeriep! A progress list of the required criteria for merging this PR into |
|
@valeriepeng The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
|
/csr |
Webrevs
|
|
@valeriepeng has indicated that a compatibility and specification (CSR) request is needed for this pull request. |
|
Mailing list message from Michael StJohns on security-dev: On 4/11/2022 9:34 PM, Valerie Peng wrote: Hi Valerie - I think deprecating DEFAULT? is wrong.? RFC8017 still has this definition:
and DEFAULT is what you should be getting if you see an empty sequence In any event, I can't find where RFC8017 says anything about deprecating Take care - Mike -------------- next part -------------- |
https://www.rfc-editor.org/rfc/rfc8017#appendix-A.2.1 (which defines the OAEP-params structure) says:
https://www.rfc-editor.org/rfc/rfc8017#appendix-B.1 is a long section discussing hash functions, but I think this text (last two paragraphs) is most relevant:
Also, this is a proposed deprecation ... there is no plan to remove this field. The main intention of this deprecation is to alert users that SHA-1 is being used as it may not be apparent from the "DEFAULT" name, and to make sure that is ok or to think about using something stronger. @valeriepeng I recommend making the link more specific in the deprecation text to point to https://www.rfc-editor.org/rfc/rfc8017#appendix-B.1 |
| * <p>Note: the OAEPParameterSpec.DEFAULT uses the following: | ||
| * <pre> | ||
| * message digest -- "SHA-1" | ||
| * mask generation function (mgf) -- "MGF1" | ||
| * parameters for mgf -- MGF1ParameterSpec.SHA1 | ||
| * source of encoding input -- PSource.PSpecified.DEFAULT | ||
| * </pre> |
There was a problem hiding this comment.
I think you should leave these lines in, so users can still see what the default parameters are. Nit, change:
"the OAEPParameterSpec.DEFAULT uses the following"
to:
"{@code OAEPParameterSpec.DEFAULT} uses the following default values:"
There was a problem hiding this comment.
Leaving this in meaning we may have to duplicate the new wordings for the field here. The default values are covered in the paragraph above where the ASN.1 structure for RSAES-OAEP-params is defined. I can move this down to the javadoc field description for the DEFAULT field.
Hi Mike, Regards, |
| * Constructs a parameter set for OAEP padding as defined in | ||
| * the PKCS #1 standard using the default values. | ||
| */ | ||
| // disallowed | ||
| private OAEPParameterSpec() { |
There was a problem hiding this comment.
I think you can just remove this ctor now that it is not used by DEFAULT.
|
CSR filed at: https://bugs.openjdk.java.net/browse/JDK-8284919 |
| * to advances in cryptanalysis -- see the | ||
| * <a href="https://www.rfc-editor.org/rfc/rfc8017#appendix-B.1">Appendix B.1</a> |
There was a problem hiding this comment.
In the URL text, you should still say this is from RFC 8017. Suggest changing these two lines to:
* to advances in cryptanalysis -- see
* <a href="https://www.rfc-editor.org/rfc/rfc8017#appendix-B.1">Appendix B.1 of RFC 8017</a>
| * | ||
| * @deprecated This field uses the default values defined in the PKCS #1 | ||
| * standard. Some of these defaults are no longer recommended due | ||
| * to advances in cryptanalysis -- see the |
| * if {@code null} is specified, {@code null} will be returned by | ||
| * {@link #getMGFParameters()} | ||
| * @param pSrc the source of the encoding input P | ||
| * @exception NullPointerException if {@code mdName}, |
There was a problem hiding this comment.
Change @exception to the more accepted @throws tag.
There was a problem hiding this comment.
Yes, will change.
|
@valeriepeng This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 105 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
/integrate |
|
Going to push as commit 15ce8c6.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
|
@valeriepeng Pushed as commit 15ce8c6. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
This trivial change is to deprecate the DEFAULT static field of OAEPParameterSpec class. Wordings are mostly the same as the previous PSSParameterSpec deprecation change. Rest are just minor code re-factoring.
The CSR will be filed once review is somewhat finished.
Thanks,
Valerie
Progress
Issues
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/8191/head:pull/8191$ git checkout pull/8191Update a local copy of the PR:
$ git checkout pull/8191$ git pull https://git.openjdk.java.net/jdk pull/8191/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 8191View PR using the GUI difftool:
$ git pr show -t 8191Using diff file
Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/8191.diff