Intermediate deprecation step before the full refactor tracked in #653.
Context
RSA15 currently sizes the implicit-rejection random fallback (GHSA-5739-39v2-5754) from a hardcoded
CEK_LENGTHS table. The proper design (5.0.0, #653) is to inject the expected CEK size as a parameter,
using ContentEncryptionAlgorithm::getCEKSize() as the single source of truth — but that changes the
KeyEncryption::decryptKey() / KeyWrapping::unwrapKey() signatures (public BC break).
Action for 4.2.0
Add a deprecation that warns integrators of the upcoming change before 5.0.0, so the BC break does not
land unannounced:
- emit a deprecation notice (e.g.
trigger_deprecation()) around the RSA1_5 CEK-size handling / the
affected interface methods, signalling that the expected CEK size will be passed explicitly in 5.0.0,
- keep current behaviour intact for 4.2.x (no functional change).
Follow-up: full removal + parameter injection in 5.0.0 — see #653.
Intermediate deprecation step before the full refactor tracked in #653.
Context
RSA15currently sizes the implicit-rejection random fallback (GHSA-5739-39v2-5754) from a hardcodedCEK_LENGTHStable. The proper design (5.0.0, #653) is to inject the expected CEK size as a parameter,using
ContentEncryptionAlgorithm::getCEKSize()as the single source of truth — but that changes theKeyEncryption::decryptKey()/KeyWrapping::unwrapKey()signatures (public BC break).Action for 4.2.0
Add a deprecation that warns integrators of the upcoming change before 5.0.0, so the BC break does not
land unannounced:
trigger_deprecation()) around the RSA1_5 CEK-size handling / theaffected interface methods, signalling that the expected CEK size will be passed explicitly in 5.0.0,
Follow-up: full removal + parameter injection in 5.0.0 — see #653.