Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec [v4]
> This trivial change is to deprecate the DEFAULT static field of > OAEPParameterSpec class. Wordings are mostly the same as the previous > PSSParameterSpec deprecation change. Rest are just minor code re-factoring. > > The CSR will be filed once review is somewhat finished. > > Thanks, > Valerie Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: Remove "the" and change to "@throws". - Changes: - all: https://git.openjdk.java.net/jdk/pull/8191/files - new: https://git.openjdk.java.net/jdk/pull/8191/files/a760fc51..cbae8613 Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk=8191=03 - incr: https://webrevs.openjdk.java.net/?repo=jdk=8191=02-03 Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod Patch: https://git.openjdk.java.net/jdk/pull/8191.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/8191/head:pull/8191 PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec [v3]
On Tue, 19 Apr 2022 19:54:24 GMT, Sean Mullan wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Removed the private no-arg default constructor and minor javadoc update.
>
> src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java line 126:
>
>> 124: * {@link #getMGFParameters()}
>> 125: * @param pSrc the source of the encoding input P
>> 126: * @exception NullPointerException if {@code mdName},
>
> Change `@exception` to the more accepted `@throws` tag.
Yes, will change.
-
PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec [v3]
On Tue, 19 Apr 2022 19:52:34 GMT, Sean Mullan wrote: >> Valerie Peng has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Removed the private no-arg default constructor and minor javadoc update. > > src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java line 99: > >> 97: * @deprecated This field uses the default values defined in the >> PKCS #1 >> 98: * standard. Some of these defaults are no longer >> recommended due >> 99: * to advances in cryptanalysis -- see the > > Remove "the". Ok~ - PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec [v3]
On Mon, 18 Apr 2022 23:36:56 GMT, Valerie Peng wrote:
>> This trivial change is to deprecate the DEFAULT static field of
>> OAEPParameterSpec class. Wordings are mostly the same as the previous
>> PSSParameterSpec deprecation change. Rest are just minor code re-factoring.
>>
>> The CSR will be filed once review is somewhat finished.
>>
>> Thanks,
>> Valerie
>
> Valerie Peng has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Removed the private no-arg default constructor and minor javadoc update.
Marked as reviewed by mullan (Reviewer).
src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java line 99:
> 97: * @deprecated This field uses the default values defined in the PKCS
> #1
> 98: * standard. Some of these defaults are no longer recommended
> due
> 99: * to advances in cryptanalysis -- see the
Remove "the".
src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java line 126:
> 124: * {@link #getMGFParameters()}
> 125: * @param pSrc the source of the encoding input P
> 126: * @exception NullPointerException if {@code mdName},
Change `@exception` to the more accepted `@throws` tag.
-
PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec [v3]
> This trivial change is to deprecate the DEFAULT static field of > OAEPParameterSpec class. Wordings are mostly the same as the previous > PSSParameterSpec deprecation change. Rest are just minor code re-factoring. > > The CSR will be filed once review is somewhat finished. > > Thanks, > Valerie Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: Removed the private no-arg default constructor and minor javadoc update. - Changes: - all: https://git.openjdk.java.net/jdk/pull/8191/files - new: https://git.openjdk.java.net/jdk/pull/8191/files/ba572eed..a760fc51 Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk=8191=02 - incr: https://webrevs.openjdk.java.net/?repo=jdk=8191=01-02 Stats: 12 lines in 2 files changed: 0 ins; 11 del; 1 mod Patch: https://git.openjdk.java.net/jdk/pull/8191.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/8191/head:pull/8191 PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec [v2]
On Wed, 13 Apr 2022 19:27:00 GMT, Valerie Peng wrote: >> This trivial change is to deprecate the DEFAULT static field of >> OAEPParameterSpec class. Wordings are mostly the same as the previous >> PSSParameterSpec deprecation change. Rest are just minor code re-factoring. >> >> The CSR will be filed once review is somewhat finished. >> >> Thanks, >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional > commit since the last revision: > > Update w/ review feedback. src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java line 100: > 98: * standard. Some of these defaults are no longer recommended > due > 99: * to advances in cryptanalysis -- see the > 100: * href="https://www.rfc-editor.org/rfc/rfc8017#appendix-B.1;>Appendix B.1 In the URL text, you should still say this is from RFC 8017. Suggest changing these two lines to: * to advances in cryptanalysis -- see * https://www.rfc-editor.org/rfc/rfc8017#appendix-B.1;>Appendix B.1 of RFC 8017 - PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec [v2]
On Wed, 13 Apr 2022 19:27:00 GMT, Valerie Peng wrote: >> This trivial change is to deprecate the DEFAULT static field of >> OAEPParameterSpec class. Wordings are mostly the same as the previous >> PSSParameterSpec deprecation change. Rest are just minor code re-factoring. >> >> The CSR will be filed once review is somewhat finished. >> >> Thanks, >> Valerie > > Valerie Peng has updated the pull request incrementally with one additional > commit since the last revision: > > Update w/ review feedback. CSR filed at: https://bugs.openjdk.java.net/browse/JDK-8284919 - PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec [v2]
On Wed, 13 Apr 2022 19:27:00 GMT, Valerie Peng wrote:
>> This trivial change is to deprecate the DEFAULT static field of
>> OAEPParameterSpec class. Wordings are mostly the same as the previous
>> PSSParameterSpec deprecation change. Rest are just minor code re-factoring.
>>
>> The CSR will be filed once review is somewhat finished.
>>
>> Thanks,
>> Valerie
>
> Valerie Peng has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Update w/ review feedback.
src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java line 113:
> 111:
> 112: // disallowed
> 113: private OAEPParameterSpec() {
I think you can just remove this ctor now that it is not used by `DEFAULT`.
-
PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec [v2]
> This trivial change is to deprecate the DEFAULT static field of > OAEPParameterSpec class. Wordings are mostly the same as the previous > PSSParameterSpec deprecation change. Rest are just minor code re-factoring. > > The CSR will be filed once review is somewhat finished. > > Thanks, > Valerie Valerie Peng has updated the pull request incrementally with one additional commit since the last revision: Update w/ review feedback. - Changes: - all: https://git.openjdk.java.net/jdk/pull/8191/files - new: https://git.openjdk.java.net/jdk/pull/8191/files/371afccb..ba572eed Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk=8191=01 - incr: https://webrevs.openjdk.java.net/?repo=jdk=8191=00-01 Stats: 8 lines in 1 file changed: 5 ins; 0 del; 3 mod Patch: https://git.openjdk.java.net/jdk/pull/8191.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/8191/head:pull/8191 PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec
On Wed, 13 Apr 2022 18:28:33 GMT, Valerie Peng wrote:
>> src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java line 81:
>>
>>> 79: * parameters for mgf -- MGF1ParameterSpec.SHA1
>>> 80: * source of encoding input -- PSource.PSpecified.DEFAULT
>>> 81: *
>>
>> I think you should leave these lines in, so users can still see what the
>> default parameters are. Nit, change:
>> "the OAEPParameterSpec.DEFAULT uses the following"
>> to:
>> "{@code OAEPParameterSpec.DEFAULT} uses the following default values:"
>
> Leaving this in meaning we may have to duplicate the new wordings for the
> field here. The default values are covered in the paragraph above where the
> ASN.1 structure for RSAES-OAEP-params is defined. I can move this down to the
> javadoc field description for the DEFAULT field.
Ok.
-
PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec
On Wed, 13 Apr 2022 15:35:38 GMT, Sean Mullan wrote:
>> This trivial change is to deprecate the DEFAULT static field of
>> OAEPParameterSpec class. Wordings are mostly the same as the previous
>> PSSParameterSpec deprecation change. Rest are just minor code re-factoring.
>>
>> The CSR will be filed once review is somewhat finished.
>>
>> Thanks,
>> Valerie
>
> src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java line 81:
>
>> 79: * parameters for mgf -- MGF1ParameterSpec.SHA1
>> 80: * source of encoding input -- PSource.PSpecified.DEFAULT
>> 81: *
>
> I think you should leave these lines in, so users can still see what the
> default parameters are. Nit, change:
> "the OAEPParameterSpec.DEFAULT uses the following"
> to:
> "{@code OAEPParameterSpec.DEFAULT} uses the following default values:"
Leaving this in meaning we may have to duplicate the new wordings for the field
here. The default values are covered in the paragraph above where the ASN.1
structure for RSAES-OAEP-params is defined. I can move this down to the javadoc
field description for the DEFAULT field.
-
PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec
On Tue, 12 Apr 2022 01:27:35 GMT, Valerie Peng wrote:
> This trivial change is to deprecate the DEFAULT static field of
> OAEPParameterSpec class. Wordings are mostly the same as the previous
> PSSParameterSpec deprecation change. Rest are just minor code re-factoring.
>
> The CSR will be filed once review is somewhat finished.
>
> Thanks,
> Valerie
> _Mailing list message from [Michael StJohns](mailto:mstjo...@comcast.net) on
> [security-dev](mailto:security-...@mail.openjdk.java.net):_
>
> On 4/11/2022 9:34 PM, Valerie Peng wrote:
>
> Hi Valerie -
>
> I think deprecating DEFAULT? is wrong.? RFC8017 still has this definition:
>
> > RSAES-OAEP-params ::= SEQUENCE {
> > hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
> > maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
> > pSourceAlgorithm [2] PSourceAlgorithm DEFAULT pSpecifiedEmpty
> > }
>
> and DEFAULT is what you should be getting if you see an empty sequence in the
> param field.? It's DEFAULT in ASN1 terms, not DEFAULT in terms of what you
> should use going forward? to create signatures, and the ASN1 DEFAULT won't
> change.
>
> In any event, I can't find where RFC8017 says anything about deprecating the
> defaults.? AFAICT, although there's general guidance to go away from SHA1,?
> the math suggests that SHA1 is still sufficient for OAEP,? and there's no
> guidance specific to OAEP's use of SHA1 that I can find other than the
> requirement in NIST SP800-56B rev 2 to use "Approved Hash Functions" for
> OAEP. If there's a section in 8017 that you're looking at for this guidance
> that I missed, you may want to update your comment to point to it.
>
> Take care - Mike
>
> -- next part -- An HTML attachment was scrubbed...
> URL:
>
Hi Mike,
Thanks for the comment/feedback. Deprecating the static field in javadoc does
not mean we are changing its parameters with something other than those in RFC
8017. Providers can and should still follow the default ASN.1 values when the
DER encoding omit the particular field(s). Besides what Sean mentioned already,
this deprecation is an effort to moving toward the "explicitly specify what you
want to use" direction. Hope this clarifies thing up?
I like the suggestion for using a more specific link and will change it to
point to the particular section.
Regards,
Valerie
-
PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec
On Tue, 12 Apr 2022 01:27:35 GMT, Valerie Peng wrote:
> This trivial change is to deprecate the DEFAULT static field of
> OAEPParameterSpec class. Wordings are mostly the same as the previous
> PSSParameterSpec deprecation change. Rest are just minor code re-factoring.
>
> The CSR will be filed once review is somewhat finished.
>
> Thanks,
> Valerie
src/java.base/share/classes/javax/crypto/spec/OAEPParameterSpec.java line 81:
> 79: * parameters for mgf -- MGF1ParameterSpec.SHA1
> 80: * source of encoding input -- PSource.PSpecified.DEFAULT
> 81: *
I think you should leave these lines in, so users can still see what the
default parameters are. Nit, change:
"the OAEPParameterSpec.DEFAULT uses the following"
to:
"{@code OAEPParameterSpec.DEFAULT} uses the following default values:"
-
PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec
On Tue, 12 Apr 2022 02:48:51 GMT, Michael StJohns wrote:
> I think deprecating DEFAULT? is wrong.? RFC8017 still has this definition:
>
> > RSAES-OAEP-params ::= SEQUENCE {
> > hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
> > maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
> > pSourceAlgorithm [2] PSourceAlgorithm DEFAULT pSpecifiedEmpty
> > }
>
> and DEFAULT is what you should be getting if you see an empty sequence in the
> param field.? It's DEFAULT in ASN1 terms, not DEFAULT in terms of what you
> should use going forward? to create signatures, and the ASN1 DEFAULT won't
> change.
>
> In any event, I can't find where RFC8017 says anything about deprecating the
> defaults.? AFAICT, although there's general guidance to go away from SHA1,?
> the math suggests that SHA1 is still sufficient for OAEP,? and there's no
> guidance specific to OAEP's use of SHA1 that I can find other than the
> requirement in NIST SP800-56B rev 2 to use "Approved Hash Functions" for
> OAEP. If there's a section in 8017 that you're looking at for this guidance
> that I missed, you may want to update your comment to point to it.
[https://www.rfc-editor.org/rfc/rfc8017#appendix-A.2.1](https://www.rfc-editor.org/rfc/rfc8017#appendix-A.2.1)
(which defines the OAEP-params structure) says:
> o hashAlgorithm identifies the hash function. It SHALL be an
> algorithm ID with an OID in the set OAEP-PSSDigestAlgorithms. For
> a discussion of supported hash functions, see [Appendix
> B.1](https://www.rfc-editor.org/rfc/rfc8017#appendix-B.1).
[https://www.rfc-editor.org/rfc/rfc8017#appendix-B.1](https://www.rfc-editor.org/rfc/rfc8017#appendix-B.1)
is a long section discussing hash functions, but I think this text (last two
paragraphs) is most relevant:
> There have also been advances in the cryptanalysis of SHA-1.
>Particularly, the results of Wang et al.
> [[SHA1CRYPT](https://www.rfc-editor.org/rfc/rfc8017#ref-SHA1CRYPT)] (which
> have
>been independently verified by M. Cochran in his analysis
> [[COCHRAN](https://www.rfc-editor.org/rfc/rfc8017#ref-COCHRAN)])
>on using a differential path to find collisions in SHA-1, which
>conclude that the security strength of the SHA-1 hashing algorithm is
>significantly reduced. However, this reduction is not significant
>enough to warrant the removal of SHA-1 from existing applications,
>but its usage is only recommended for backwards-compatibility
>reasons.
>
>To address these concerns, only SHA-224, SHA-256, SHA-384, SHA-512,
>SHA-512/224, and SHA-512/256 are RECOMMENDED for new applications.
>As of today, the best (known) collision attacks against these hash
>functions are generic attacks with complexity 2L/2, where L is the
>bit length of the hash output. For the signature schemes in this
>document, a collision attack is easily translated into a signature
>forgery. Therefore, the value L / 2 should be at least equal to the
>desired security level in bits of the signature scheme (a security
>level of B bits means that the best attack has complexity 2B). The
>same rule of thumb can be applied to RSAES-OAEP; it is RECOMMENDED
>that the bit length of the seed (which is equal to the bit length of
>the hash output) be twice the desired security level in bits.
Also, this is a proposed deprecation ... there is no plan to remove this field.
The main intention of this deprecation is to alert users that SHA-1 is being
used as it may not be apparent from the "DEFAULT" name, and to make sure that
is ok or to think about using something stronger.
@valeriepeng I recommend making the link more specific in the deprecation text
to point to https://www.rfc-editor.org/rfc/rfc8017#appendix-B.1
-
PR: https://git.openjdk.java.net/jdk/pull/8191
Re: RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec
On 4/11/2022 9:34 PM, Valerie Peng wrote:
This trivial change is to deprecate the DEFAULT static field of
OAEPParameterSpec class. Wordings are mostly the same as the previous
PSSParameterSpec deprecation change. Rest are just minor code re-factoring.
The CSR will be filed once review is somewhat finished.
Thanks,
Valerie
-
Commit messages:
- 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec
Changes:https://git.openjdk.java.net/jdk/pull/8191/files
Webrev:https://webrevs.openjdk.java.net/?repo=jdk=8191=00
Issue:https://bugs.openjdk.java.net/browse/JDK-8284553
Stats: 42 lines in 1 file changed: 13 ins; 10 del; 19 mod
Patch:https://git.openjdk.java.net/jdk/pull/8191.diff
Fetch: git fetchhttps://git.openjdk.java.net/jdk pull/8191/head:pull/8191
PR:https://git.openjdk.java.net/jdk/pull/8191
Hi Valerie -
I think deprecating DEFAULT is wrong. RFC8017 still has this definition:
RSAES-OAEP-params ::= SEQUENCE {
hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
pSourceAlgorithm [2] PSourceAlgorithm DEFAULT pSpecifiedEmpty
}
and DEFAULT is what you should be getting if you see an empty sequence
in the param field. It's DEFAULT in ASN1 terms, not DEFAULT in terms of
what you should use going forward to create signatures, and the ASN1
DEFAULT won't change.
In any event, I can't find where RFC8017 says anything about deprecating
the defaults. AFAICT, although there's general guidance to go away from
SHA1, the math suggests that SHA1 is still sufficient for OAEP, and
there's no guidance specific to OAEP's use of SHA1 that I can find other
than the requirement in NIST SP800-56B rev 2 to use "Approved Hash
Functions" for OAEP. If there's a section in 8017 that you're looking at
for this guidance that I missed, you may want to update your comment to
point to it.
Take care - Mike
RFR: 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec
This trivial change is to deprecate the DEFAULT static field of OAEPParameterSpec class. Wordings are mostly the same as the previous PSSParameterSpec deprecation change. Rest are just minor code re-factoring. The CSR will be filed once review is somewhat finished. Thanks, Valerie - Commit messages: - 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec Changes: https://git.openjdk.java.net/jdk/pull/8191/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk=8191=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8284553 Stats: 42 lines in 1 file changed: 13 ins; 10 del; 19 mod Patch: https://git.openjdk.java.net/jdk/pull/8191.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/8191/head:pull/8191 PR: https://git.openjdk.java.net/jdk/pull/8191
