From 89ba389bc12c076e5703ad68c0d84bfa3ce7ebc6 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 8 Jul 2024 15:15:05 +0200 Subject: [PATCH 1/4] Revert "public_key, crypto: Deprecate legacy functions" This reverts commit 1e8d904ada2a0264ece549558fae80128745d464. --- lib/crypto/src/crypto.erl | 6 +----- lib/public_key/src/public_key.erl | 11 ----------- system/doc/general_info/DEPRECATIONS | 12 ------------ 3 files changed, 1 insertion(+), 28 deletions(-) diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index da5325d33bf2..d9ca58213e03 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -193,11 +193,7 @@ end %%%---------------------------------------------------------------- %% Deprecated functions --deprecated([{private_encrypt, 4, "use public_key:sign/3 instead"}, - {private_decrypt, 4, "do not use"}, - {public_encrypt, 4, "do not use"}, - {public_decrypt, 4, "use public_key:verify/4 instead"} - ]). + %%%---------------------------------------------------------------- %% Removed functions. %% diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index ec6abb0d9d9c..1ffdc436f11c 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -110,17 +110,6 @@ macros described here and in the User's Guide: %%---------------- %% Moved to ssh - --deprecated([{encrypt_private, 2, "use public_key:sign/3 instead"}, - {encrypt_private, 3, "use public_key:sign 4 instead"}, - {decrypt_private, 2, "do not use"}, - {decrypt_private, 3, "do not use"}, - {encrypt_public, 2, "do not use"}, - {encrypt_public, 3, "do not use"}, - {decrypt_public, 2, "use public_key:verify/4 instead"}, - {decrypt_public, 3, "use public_key:verify/5 instead"} - ]). - -removed([{ssh_decode,2, "use ssh_file:decode/2 instead"}, {ssh_encode,2, "use ssh_file:encode/2 instead"}, {ssh_hostkey_fingerprint,1, "use ssh:hostkey_fingerprint/1 instead"}, diff --git a/system/doc/general_info/DEPRECATIONS b/system/doc/general_info/DEPRECATIONS index 92058c204f4d..3e5ba5150c41 100644 --- a/system/doc/general_info/DEPRECATIONS +++ b/system/doc/general_info/DEPRECATIONS @@ -24,18 +24,6 @@ mnesia_registry:create_table/_ since=27 remove=28 code:lib_dir/2 since=27 ssl:prf/5 since=27 ssl:prf_random/0 since=27 remove=28 -public_key:decrypt_public/3 since=27 -public_key:decrypt_public/2 since=27 -public_key:encrypt_public/3 since=27 -public_key:encrypt_public/2 since=27 -public_key:decrypt_private/3 since=27 -public_key:decrypt_private/2 since=27 -public_key:encrypt_private/3 since=27 -public_key:encrypt_private/2 since=27 -crypto:public_decrypt/4 since=27 -crypto:public_encrypt/4 since=27 -crypto:private_decrypt/4 since=27 -crypto:private_encrypt/4 since=27 # # Added in OTP 26. From 6aa42c89531b21e74429560293fd4217ddb306c1 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 7 Aug 2024 11:36:29 +0200 Subject: [PATCH 2/4] Revert otp_internal obsolete entries --- lib/stdlib/src/otp_internal.erl | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/lib/stdlib/src/otp_internal.erl b/lib/stdlib/src/otp_internal.erl index c84d6ae0057f..9714a51b8b40 100644 --- a/lib/stdlib/src/otp_internal.erl +++ b/lib/stdlib/src/otp_internal.erl @@ -36,14 +36,6 @@ obsolete(calendar, local_time_to_universal_time, 1) -> {deprecated, "use calendar:local_time_to_universal_time_dst/1 instead"}; obsolete(code, lib_dir, 2) -> {deprecated, "this functionality will be removed in a future release"}; -obsolete(crypto, private_decrypt, 4) -> - {deprecated, "do not use"}; -obsolete(crypto, private_encrypt, 4) -> - {deprecated, "use public_key:sign/3 instead"}; -obsolete(crypto, public_decrypt, 4) -> - {deprecated, "use public_key:verify/4 instead"}; -obsolete(crypto, public_encrypt, 4) -> - {deprecated, "do not use"}; obsolete(crypto, rand_uniform, 2) -> {deprecated, "use rand:uniform/1 instead"}; obsolete(dbg, stop_clear, 0) -> @@ -70,22 +62,6 @@ obsolete(net, ping, 1) -> {deprecated, "use net_adm:ping/1 instead"}; obsolete(net, sleep, 1) -> {deprecated, "use 'receive after T -> ok end' instead"}; -obsolete(public_key, decrypt_private, 2) -> - {deprecated, "do not use"}; -obsolete(public_key, decrypt_private, 3) -> - {deprecated, "do not use"}; -obsolete(public_key, decrypt_public, 2) -> - {deprecated, "use public_key:verify/4 instead"}; -obsolete(public_key, decrypt_public, 3) -> - {deprecated, "use public_key:verify/5 instead"}; -obsolete(public_key, encrypt_private, 2) -> - {deprecated, "use public_key:sign/3 instead"}; -obsolete(public_key, encrypt_private, 3) -> - {deprecated, "use public_key:sign 4 instead"}; -obsolete(public_key, encrypt_public, 2) -> - {deprecated, "do not use"}; -obsolete(public_key, encrypt_public, 3) -> - {deprecated, "do not use"}; obsolete(queue, lait, 1) -> {deprecated, "use queue:liat/1 instead"}; obsolete(ssl, prf, 5) -> From 6ee0cbf1b3ed9ef40a6168a37f2702eaff383f5b Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 8 Jul 2024 16:28:08 +0200 Subject: [PATCH 3/4] public_key, crypto: Change from deprecated to legacy that is not recommended --- lib/crypto/src/crypto.erl | 30 +++++++++++------------ lib/public_key/src/public_key.erl | 40 +++++++++++++------------------ 2 files changed, 31 insertions(+), 39 deletions(-) diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index d9ca58213e03..ebd2887454f2 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -156,7 +156,7 @@ end {function,<<"Random API">>}, {function,<<"Utility Functions">>}, {function,<<"Engine API">>}, - {function,<<"Deprecated API">>}, + {function,<<"Legacy RSA Encryption API">>}, {type,<<"Ciphers">>}, {type,<<"Digests and hash">>}, {type,<<"Elliptic Curves">>}, @@ -2593,11 +2593,10 @@ Uses the [3-tuple style](`m:crypto#error_3tup`) for error handling. > #### Warning {: .warning } > -> This is a legacy function, for security reasons do not use. +> This is a legacy function, for security reasons do not use together with rsa_pkcs1_padding. """. --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Do not use", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP R16B01">>}). -spec public_encrypt(Algorithm, PlainText, PublicKey, Options) -> CipherText when Algorithm :: pk_encrypt_decrypt_algs(), @@ -2623,12 +2622,11 @@ Uses the [3-tuple style](`m:crypto#error_3tup`) for error handling. > #### Warning {: .warning } > -> This is a legacy function, for security reasons do not use. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. """. --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Do not use", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP R16B01">>}). -spec private_decrypt(Algorithm, CipherText, PrivateKey, Options) -> PlainText when Algorithm :: pk_encrypt_decrypt_algs(), @@ -2655,13 +2653,13 @@ Public-key decryption using the private key. See also `crypto:private_decrypt/4` > #### Warning {: .warning } > -> This is a legacy function, for security reasons use [`sign/4`](`sign/4`) together -> with [`verify/5`](`verify/5`) instead. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. +> For digital signatures use of [`sign/4`](`sign/4`) together +> with [`verify/5`](`verify/5`) is the prefered solution. """. --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Use sign and verify instead", - since => <<"OTP R16B01">>}). +-doc(#{title => <<"Legacy RSA Encryption API">>, + since => <<"OTP R16B01">>}). -spec private_encrypt(Algorithm, PlainText, PrivateKey, Options) -> CipherText when Algorithm :: pk_encrypt_decrypt_algs(), PlainText :: binary(), @@ -2686,12 +2684,12 @@ Uses the [3-tuple style](`m:crypto#error_3tup`) for error handling. > #### Warning {: .warning } > -> This is a legacy function, for security reasons use [`verify/5`](`verify/5`) together -> with [`sign/4`](`sign/4`) instead. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. +> For digital signatures use of [`verify/5`](`verify/5`) together +> with [`sign/4`](`sign/4`) is the prefered solution. """. --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Use verify and sign instead", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP R16B01">>}). -spec public_decrypt(Algorithm, CipherText, PublicKey, Options) -> PlainText when Algorithm :: pk_encrypt_decrypt_algs(), diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index 1ffdc436f11c..0ac347dbe5ca 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -55,7 +55,7 @@ macros described here and in the User's Guide: {function,<<"Certificate Revocation API">>}, {function,<<"ASN.1 Encoding API">>}, {function,<<"Test Data API">>}, - {function,<<"Deprecated API">>} + {function,<<"Legacy RSA Encryption API">>} ]}). -feature(maybe_expr,enable). @@ -814,8 +814,7 @@ pkix_encode(Asn1Type, Term0, otp) when is_atom(Asn1Type) -> %%-------------------------------------------------------------------- -doc(#{equiv => decrypt_private(CipherText, Key, []), - deprecated => ~"Do not use", - title => <<"Deprecated API">>, + title => <<"Legacy RSA Encryption API">>, since => <<"OTP R14B">>}). -spec decrypt_private(CipherText, Key) -> PlainText when CipherText :: binary(), @@ -824,15 +823,14 @@ pkix_encode(Asn1Type, Term0, otp) when is_atom(Asn1Type) -> decrypt_private(CipherText, Key) -> decrypt_private(CipherText, Key, []). --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Do not use", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP R14B">>}). -doc """ Public-key decryption using the private key. See also `crypto:private_decrypt/4` > #### Warning {: .warning } > -> This is a legacy function, for security reasons do not use. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. """. -spec decrypt_private(CipherText, Key, Options) -> PlainText when CipherText :: binary(), @@ -850,8 +848,7 @@ decrypt_private(CipherText, %% Description: Public key decryption using the public key. %%-------------------------------------------------------------------- -doc(#{equiv => decrypt_public(CipherText, Key, []), - deprecated => ~"Use sign and verify instead", - title => <<"Deprecated API">>, + title => <<"Legacy RSA Encryption API">>, since => <<"OTP R14B">>}). -spec decrypt_public(CipherText, Key) -> PlainText @@ -861,17 +858,16 @@ decrypt_private(CipherText, decrypt_public(CipherText, Key) -> decrypt_public(CipherText, Key, []). --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Use sign and verify instead", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP R14B">>}). -doc """ Public-key decryption using the public key. See also `crypto:public_decrypt/4` > #### Warning {: .warning } > -> This is a legacy function, for security reasons use [`verify/4`](`verify/4`) together -> with [`sign/3`](`sign/3`) instead. -. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. +> For digital signatures the use of [`verify/4`](`verify/4`) together +> with [`sign/3`](`sign/3`) is a prefered solution. """. -spec decrypt_public(CipherText, Key, Options) -> PlainText @@ -887,8 +883,7 @@ decrypt_public(CipherText, #'RSAPublicKey'{modulus = N, publicExponent = E}, %% Description: Public key encryption using the public key. %%-------------------------------------------------------------------- -doc(#{equiv => encrypt_public(PlainText, Key, []), - deprecated => ~"Do not use", - title => <<"Deprecated API">>, + title => <<"Legacy RSA Encryption API">>, since => <<"OTP R14B">>}). -spec encrypt_public(PlainText, Key) -> CipherText @@ -898,15 +893,14 @@ decrypt_public(CipherText, #'RSAPublicKey'{modulus = N, publicExponent = E}, encrypt_public(PlainText, Key) -> encrypt_public(PlainText, Key, []). --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Do not use", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP 21.1">>}). -doc """ Public-key encryption using the public key. See also `crypto:public_encrypt/4`. > #### Warning {: .warning } > -> This is a legacy function, for security reasons do not use. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. """. -spec encrypt_public(PlainText, Key, Options) -> CipherText @@ -920,8 +914,7 @@ encrypt_public(PlainText, #'RSAPublicKey'{modulus=N,publicExponent=E}, %%-------------------------------------------------------------------- -doc(#{equiv => encrypt_private(PlainText, Key, []), - deprecated => ~"Use sign and verify instead", - title => <<"Deprecated API">>, + title => <<"Legacy RSA Encryption API">>, since => <<"OTP R14B">>}). -spec encrypt_private(PlainText, Key) -> CipherText @@ -931,8 +924,7 @@ encrypt_public(PlainText, #'RSAPublicKey'{modulus=N,publicExponent=E}, encrypt_private(PlainText, Key) -> encrypt_private(PlainText, Key, []). --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Use sign and verify instead", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP 21.1">>}). -doc """ Public-key encryption using the private key. @@ -945,7 +937,9 @@ or trusted platform modules (TPM). > #### Warning {: .warning } > -> This is a legacy function, for security reasons use [`sign/3`](`sign/3`) together with [`verify/4`](`verify/4`) instead. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. +> For digital signatures use of [`sign/3`](`sign/3`) together with [`verify/4`](`verify/4`) is +> the prefered solution. """. -spec encrypt_private(PlainText, Key, Options) -> CipherText From 5de483d1e74d171e86a4475766ec721dcf9f4977 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 8 Aug 2024 16:48:25 +0200 Subject: [PATCH 4/4] crypto: Remove documentation of legacy SSL protocol specific padding. --- lib/crypto/src/crypto.erl | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index ebd2887454f2..ff0fbc77c149 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -2568,7 +2568,6 @@ Options for public key encrypt/decrypt. Only RSA is supported. -doc(#{title => <<"Public Key Ciphers">>}). -type rsa_padding() :: rsa_pkcs1_padding | rsa_pkcs1_oaep_padding - | rsa_sslv23_padding | rsa_x931_padding | rsa_no_padding.