RFR: 8254935: Deprecate the PSSParameterSpec(int) constructor [v5]

Sean Mullan mullan at openjdk.java.net
Mon Mar 28 14:39:45 UTC 2022


On Thu, 24 Mar 2022 23:34:30 GMT, Valerie Peng <valeriep at openjdk.org> wrote:

>> Can someone help review this update to the PSSParameterSpec class regarding the constructor with int argument and the DEFAULT static field? Just added @Deprecate javadoc tag and caution about their usage as suggested in the bug record.
>> 
>> A CSR will be filed once the wording changes are reviewed.
>> 
>> Thanks,
>> Valerie
>
> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
> 
>   More minor edits.

src/java.base/share/classes/java/security/spec/PSSParameterSpec.java line 32:

> 30: /**
> 31:  * This class specifies a parameter spec for RSASSA-PSS signature scheme,
> 32:  * as defined in the

On line 31, add "the" before "RSASSA-PSS".

src/java.base/share/classes/java/security/spec/PSSParameterSpec.java line 67:

> 65:  * }
> 66:  * </pre>
> 67:  * <p>Note: the {@code PSSParameterSpec.DEFAULT} uses the following:

Suggest rewording as:
`Note: {@code PSSParameterSpec.DEFAULT} uses the following values:`

src/java.base/share/classes/java/security/spec/PSSParameterSpec.java line 77:

> 75:  * from the PKCS#1 standard and may become obsolete as time progresses.
> 76:  * Please do not rely on {@code PSSParameterSpec.DEFAULT} unless these
> 77:  * values are really what you want to use.

Some suggested rewordings: 

`Its values are based on the default values defined in the PKCS#1 standard, as defined above. Some of these defaults are no longer recommended due to advances in cryptanalysis -- see RFC 8017 for more details. Thus, {@code PSSParameterSpec.DEFAULT} is deprecated and should be used at your own risk.`

src/java.base/share/classes/java/security/spec/PSSParameterSpec.java line 114:

> 112:      *         Thus, it is recommended to create a new {@code PSSParameterSpec}
> 113:      *         object with the desired parameter values using
> 114:      *         {@link #PSSParameterSpec(String, String, AlgorithmParameterSpec, int, int) PSSParameterSpec}.

Similar rewording suggestion here: 

"This field uses the default values defined in the PKCS#1 standard. Some of these defaults are no longer recommended due to advances in cryptanalysis -- see RFC 8017 for more details. Thus ..."

src/java.base/share/classes/java/security/spec/PSSParameterSpec.java line 179:

> 177:      * @deprecated This constructor uses the default values defined in
> 178:      *         the ASN.1 encoding in PKCS#1 except for the salt length.
> 179:      *         These default values may become obsolete as time progresses.

Similar rewording suggestion as above.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7913



More information about the security-dev mailing list