From 1e550a373516adecb4eaba77d3f2468abc222259 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 8 Jul 2024 16:28:08 +0200
Subject: [PATCH] public_key, crypto: Change from deprecated to legacy that is
 not recommended

---
 lib/crypto/src/crypto.erl         | 30 +++++++++++------------
 lib/public_key/src/public_key.erl | 40 +++++++++++++------------------
 2 files changed, 31 insertions(+), 39 deletions(-)

diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index e6742fd838a2..5a28abb62304 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -156,7 +156,7 @@ end
                   {function,<<"Random API">>},
                   {function,<<"Utility Functions">>},
                   {function,<<"Engine API">>},
-                  {function,<<"Deprecated API">>},
+                  {function,<<"Legacy RSA Encryption API">>},
                   {type,<<"Ciphers">>},
                   {type,<<"Digests and hash">>},
                   {type,<<"Elliptic Curves">>},
@@ -2595,11 +2595,10 @@ Uses the [3-tuple style](`m:crypto#error_3tup`) for error handling.
 
 > #### Warning {: .warning }
 >
-> This is a legacy function, for security reasons do not use.
+> This is a legacy function, for security reasons do not use together with rsa_pkcs1_padding.
 
 """.
--doc(#{title => <<"Deprecated API">>,
-       deprecated => ~"Do not use",
+-doc(#{title => <<"Legacy RSA Encryption API">>,
        since => <<"OTP R16B01">>}).
 -spec public_encrypt(Algorithm, PlainText, PublicKey, Options) ->
                             CipherText when Algorithm :: pk_encrypt_decrypt_algs(),
@@ -2625,12 +2624,11 @@ Uses the [3-tuple style](`m:crypto#error_3tup`) for error handling.
 
 > #### Warning {: .warning }
 >
-> This is a legacy function, for security reasons do not use.
+> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding.
 
 """.
 
--doc(#{title => <<"Deprecated API">>,
-       deprecated => ~"Do not use",
+-doc(#{title => <<"Legacy RSA Encryption API">>,
        since => <<"OTP R16B01">>}).
 -spec private_decrypt(Algorithm, CipherText, PrivateKey, Options) ->
                              PlainText when Algorithm :: pk_encrypt_decrypt_algs(),
@@ -2657,13 +2655,13 @@ Public-key decryption using the private key. See also `crypto:private_decrypt/4`
 
 > #### Warning {: .warning }
 >
-> This is a legacy function, for security reasons use [`sign/4`](`sign/4`) together
-> with [`verify/5`](`verify/5`) instead.
+> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding.
+> For digital signatures use of [`sign/4`](`sign/4`) together
+> with [`verify/5`](`verify/5`) is the prefered solution.
 
 """.
--doc(#{title => <<"Deprecated API">>,
-       deprecated => ~"Use sign and verify instead",
-       since => <<"OTP R16B01">>}).
+-doc(#{title => <<"Legacy RSA Encryption API">>,
+        since => <<"OTP R16B01">>}).
 -spec private_encrypt(Algorithm, PlainText, PrivateKey, Options) ->
                             CipherText when Algorithm :: pk_encrypt_decrypt_algs(),
                                             PlainText :: binary(),
@@ -2688,12 +2686,12 @@ Uses the [3-tuple style](`m:crypto#error_3tup`) for error handling.
 
 > #### Warning {: .warning }
 >
-> This is a legacy function, for security reasons use [`verify/5`](`verify/5`) together
-> with [`sign/4`](`sign/4`) instead.
+> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding.
+> For digital signatures use of [`verify/5`](`verify/5`) together
+> with [`sign/4`](`sign/4`) is the prefered solution.
 
 """.
--doc(#{title => <<"Deprecated API">>,
-       deprecated => ~"Use verify and sign instead",
+-doc(#{title => <<"Legacy RSA Encryption API">>,
        since => <<"OTP R16B01">>}).
 -spec public_decrypt(Algorithm, CipherText, PublicKey, Options) ->
                              PlainText when Algorithm :: pk_encrypt_decrypt_algs(),
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index f5dbafde98f1..9f955485dac0 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -55,7 +55,7 @@ macros described here and in the User's Guide:
                   {function,<<"Certificate Revocation API">>},
                   {function,<<"ASN.1 Encoding API">>},
                   {function,<<"Test Data API">>},
-                  {function,<<"Deprecated API">>}
+                  {function,<<"Legacy RSA Encryption API">>}
                  ]}).
 
 -feature(maybe_expr,enable).
@@ -796,8 +796,7 @@ pkix_encode(Asn1Type, Term0, otp) when is_atom(Asn1Type) ->
 
 %%--------------------------------------------------------------------
 -doc(#{equiv => decrypt_private(CipherText, Key, []),
-       deprecated => ~"Do not use",
-       title => <<"Deprecated API">>,
+       title => <<"Legacy RSA Encryption API">>,
        since => <<"OTP R14B">>}).
 -spec decrypt_private(CipherText, Key) ->
                              PlainText when CipherText :: binary(),
@@ -806,15 +805,14 @@ pkix_encode(Asn1Type, Term0, otp) when is_atom(Asn1Type) ->
 decrypt_private(CipherText, Key) ->
     decrypt_private(CipherText, Key, []).
 
--doc(#{title => <<"Deprecated API">>,
-       deprecated => ~"Do not use",
+-doc(#{title => <<"Legacy RSA Encryption API">>,
        since => <<"OTP R14B">>}).
 -doc """
 Public-key decryption using the private key. See also `crypto:private_decrypt/4`
 
 > #### Warning {: .warning }
 >
-> This is a legacy function, for security reasons do not use.
+> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding.
 """.
 -spec decrypt_private(CipherText, Key, Options) ->
                              PlainText when CipherText :: binary(),
@@ -832,8 +830,7 @@ decrypt_private(CipherText,
 %% Description: Public key decryption using the public key.
 %%--------------------------------------------------------------------
 -doc(#{equiv => decrypt_public(CipherText, Key, []),
-       deprecated => ~"Use sign and verify instead",
-       title => <<"Deprecated API">>,
+       title => <<"Legacy RSA Encryption API">>,
        since => <<"OTP R14B">>}).
 -spec decrypt_public(CipherText, Key) ->
 			    PlainText
@@ -843,17 +840,16 @@ decrypt_private(CipherText,
 decrypt_public(CipherText, Key) ->
     decrypt_public(CipherText, Key, []).
 
--doc(#{title => <<"Deprecated API">>,
-       deprecated => ~"Use sign and verify instead",
+-doc(#{title => <<"Legacy RSA Encryption API">>,
        since => <<"OTP R14B">>}).
 -doc """
 Public-key decryption using the public key. See also `crypto:public_decrypt/4`
 
 > #### Warning {: .warning }
 >
-> This is a legacy function, for security reasons use [`verify/4`](`verify/4`) together
-> with [`sign/3`](`sign/3`) instead.
-.
+> This is a legacy function, for security reasons do not use  with rsa_pkcs1_padding.
+> For digital signatures the use of [`verify/4`](`verify/4`) together
+> with [`sign/3`](`sign/3`) is a prefered solution.
 """.
 -spec decrypt_public(CipherText, Key, Options) ->
 			    PlainText
@@ -869,8 +865,7 @@ decrypt_public(CipherText, #'RSAPublicKey'{modulus = N, publicExponent = E},
 %% Description: Public key encryption using the public key.
 %%--------------------------------------------------------------------
 -doc(#{equiv => encrypt_public(PlainText, Key, []),
-       deprecated => ~"Do not use",
-       title => <<"Deprecated API">>,
+       title => <<"Legacy RSA Encryption API">>,
        since => <<"OTP R14B">>}).
 -spec encrypt_public(PlainText, Key) ->
 			     CipherText
@@ -880,15 +875,14 @@ decrypt_public(CipherText, #'RSAPublicKey'{modulus = N, publicExponent = E},
 encrypt_public(PlainText, Key) ->
     encrypt_public(PlainText, Key, []).
 
--doc(#{title => <<"Deprecated API">>,
-       deprecated => ~"Do not use",
+-doc(#{title => <<"Legacy RSA Encryption API">>,
        since => <<"OTP 21.1">>}).
 -doc """
 Public-key encryption using the public key. See also `crypto:public_encrypt/4`.
 
 > #### Warning {: .warning }
 >
-> This is a legacy function, for security reasons do not use.
+> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding.
 """.
 -spec encrypt_public(PlainText, Key, Options) ->
 			     CipherText
@@ -902,8 +896,7 @@ encrypt_public(PlainText, #'RSAPublicKey'{modulus=N,publicExponent=E},
 
 %%--------------------------------------------------------------------
 -doc(#{equiv => encrypt_private(PlainText, Key, []),
-       deprecated => ~"Use sign and verify instead",
-       title => <<"Deprecated API">>,
+       title => <<"Legacy RSA Encryption API">>,
        since => <<"OTP R14B">>}).
 -spec encrypt_private(PlainText, Key) ->
 			     CipherText
@@ -913,8 +906,7 @@ encrypt_public(PlainText, #'RSAPublicKey'{modulus=N,publicExponent=E},
 encrypt_private(PlainText, Key) ->
     encrypt_private(PlainText, Key, []).
 
--doc(#{title => <<"Deprecated API">>,
-       deprecated => ~"Use sign and verify instead",
+-doc(#{title => <<"Legacy RSA Encryption API">>,
        since => <<"OTP 21.1">>}).
 -doc """
 Public-key encryption using the private key.
@@ -927,7 +919,9 @@ or trusted platform modules (TPM).
 
 > #### Warning {: .warning }
 >
-> This is a legacy function, for security reasons use [`sign/3`](`sign/3`) together with [`verify/4`](`verify/4`)  instead.
+> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding.
+> For digital signatures use of [`sign/3`](`sign/3`) together with [`verify/4`](`verify/4`)  is
+> the prefered solution.
 """.
 -spec encrypt_private(PlainText, Key, Options) ->
 			     CipherText