On 4/11/2022 9:34 PM, Valerie Peng wrote:
This trivial change is to deprecate the DEFAULT static field of
OAEPParameterSpec class. Wordings are mostly the same as the previous
PSSParameterSpec deprecation change. Rest are just minor code re-factoring.
The CSR will be filed once review is somewhat finished.
Thanks,
Valerie
-------------
Commit messages:
- 8284553: Deprecate the DEFAULT static field of OAEPParameterSpec
Changes:https://git.openjdk.java.net/jdk/pull/8191/files
Webrev:https://webrevs.openjdk.java.net/?repo=jdk&pr=8191&range=00
Issue:https://bugs.openjdk.java.net/browse/JDK-8284553
Stats: 42 lines in 1 file changed: 13 ins; 10 del; 19 mod
Patch:https://git.openjdk.java.net/jdk/pull/8191.diff
Fetch: git fetchhttps://git.openjdk.java.net/jdk pull/8191/head:pull/8191
PR:https://git.openjdk.java.net/jdk/pull/8191
Hi Valerie -
I think deprecating DEFAULT is wrong. RFC8017 still has this definition:
RSAES-OAEP-params ::= SEQUENCE {
hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
pSourceAlgorithm [2] PSourceAlgorithm DEFAULT pSpecifiedEmpty
}
and DEFAULT is what you should be getting if you see an empty sequence
in the param field. It's DEFAULT in ASN1 terms, not DEFAULT in terms of
what you should use going forward to create signatures, and the ASN1
DEFAULT won't change.
In any event, I can't find where RFC8017 says anything about deprecating
the defaults. AFAICT, although there's general guidance to go away from
SHA1, the math suggests that SHA1 is still sufficient for OAEP, and
there's no guidance specific to OAEP's use of SHA1 that I can find other
than the requirement in NIST SP800-56B rev 2 to use "Approved Hash
Functions" for OAEP. If there's a section in 8017 that you're looking at
for this guidance that I missed, you may want to update your comment to
point to it.
Take care - Mike
