From ac462affdc860c6a33761d1ad19757387c368aa7 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 8 Jul 2024 16:28:08 +0200 Subject: [PATCH] public_key, crypto: Change from deprecated to legacy that is not recommended --- lib/crypto/src/crypto.erl | 30 +++++++++++------------ lib/public_key/src/public_key.erl | 40 +++++++++++++------------------ 2 files changed, 31 insertions(+), 39 deletions(-) diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index e6742fd838a2..5a28abb62304 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -156,7 +156,7 @@ end {function,<<"Random API">>}, {function,<<"Utility Functions">>}, {function,<<"Engine API">>}, - {function,<<"Deprecated API">>}, + {function,<<"Legacy RSA Encryption API">>}, {type,<<"Ciphers">>}, {type,<<"Digests and hash">>}, {type,<<"Elliptic Curves">>}, @@ -2595,11 +2595,10 @@ Uses the [3-tuple style](`m:crypto#error_3tup`) for error handling. > #### Warning {: .warning } > -> This is a legacy function, for security reasons do not use. +> This is a legacy function, for security reasons do not use together with rsa_pkcs1_padding. """. --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Do not use", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP R16B01">>}). -spec public_encrypt(Algorithm, PlainText, PublicKey, Options) -> CipherText when Algorithm :: pk_encrypt_decrypt_algs(), @@ -2625,12 +2624,11 @@ Uses the [3-tuple style](`m:crypto#error_3tup`) for error handling. > #### Warning {: .warning } > -> This is a legacy function, for security reasons do not use. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. """. --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Do not use", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP R16B01">>}). -spec private_decrypt(Algorithm, CipherText, PrivateKey, Options) -> PlainText when Algorithm :: pk_encrypt_decrypt_algs(), @@ -2657,13 +2655,13 @@ Public-key decryption using the private key. See also `crypto:private_decrypt/4` > #### Warning {: .warning } > -> This is a legacy function, for security reasons use [`sign/4`](`sign/4`) together -> with [`verify/5`](`verify/5`) instead. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. +> For digital signatures use of [`sign/4`](`sign/4`) together +> with [`verify/5`](`verify/5`) is the prefered solution. """. --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Use sign and verify instead", - since => <<"OTP R16B01">>}). +-doc(#{title => <<"Legacy RSA Encryption API">>, + since => <<"OTP R16B01">>}). -spec private_encrypt(Algorithm, PlainText, PrivateKey, Options) -> CipherText when Algorithm :: pk_encrypt_decrypt_algs(), PlainText :: binary(), @@ -2688,12 +2686,12 @@ Uses the [3-tuple style](`m:crypto#error_3tup`) for error handling. > #### Warning {: .warning } > -> This is a legacy function, for security reasons use [`verify/5`](`verify/5`) together -> with [`sign/4`](`sign/4`) instead. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. +> For digital signatures use of [`verify/5`](`verify/5`) together +> with [`sign/4`](`sign/4`) is the prefered solution. """. --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Use verify and sign instead", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP R16B01">>}). -spec public_decrypt(Algorithm, CipherText, PublicKey, Options) -> PlainText when Algorithm :: pk_encrypt_decrypt_algs(), diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index f5dbafde98f1..9f955485dac0 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -55,7 +55,7 @@ macros described here and in the User's Guide: {function,<<"Certificate Revocation API">>}, {function,<<"ASN.1 Encoding API">>}, {function,<<"Test Data API">>}, - {function,<<"Deprecated API">>} + {function,<<"Legacy RSA Encryption API">>} ]}). -feature(maybe_expr,enable). @@ -796,8 +796,7 @@ pkix_encode(Asn1Type, Term0, otp) when is_atom(Asn1Type) -> %%-------------------------------------------------------------------- -doc(#{equiv => decrypt_private(CipherText, Key, []), - deprecated => ~"Do not use", - title => <<"Deprecated API">>, + title => <<"Legacy RSA Encryption API">>, since => <<"OTP R14B">>}). -spec decrypt_private(CipherText, Key) -> PlainText when CipherText :: binary(), @@ -806,15 +805,14 @@ pkix_encode(Asn1Type, Term0, otp) when is_atom(Asn1Type) -> decrypt_private(CipherText, Key) -> decrypt_private(CipherText, Key, []). --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Do not use", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP R14B">>}). -doc """ Public-key decryption using the private key. See also `crypto:private_decrypt/4` > #### Warning {: .warning } > -> This is a legacy function, for security reasons do not use. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. """. -spec decrypt_private(CipherText, Key, Options) -> PlainText when CipherText :: binary(), @@ -832,8 +830,7 @@ decrypt_private(CipherText, %% Description: Public key decryption using the public key. %%-------------------------------------------------------------------- -doc(#{equiv => decrypt_public(CipherText, Key, []), - deprecated => ~"Use sign and verify instead", - title => <<"Deprecated API">>, + title => <<"Legacy RSA Encryption API">>, since => <<"OTP R14B">>}). -spec decrypt_public(CipherText, Key) -> PlainText @@ -843,17 +840,16 @@ decrypt_private(CipherText, decrypt_public(CipherText, Key) -> decrypt_public(CipherText, Key, []). --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Use sign and verify instead", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP R14B">>}). -doc """ Public-key decryption using the public key. See also `crypto:public_decrypt/4` > #### Warning {: .warning } > -> This is a legacy function, for security reasons use [`verify/4`](`verify/4`) together -> with [`sign/3`](`sign/3`) instead. -. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. +> For digital signatures the use of [`verify/4`](`verify/4`) together +> with [`sign/3`](`sign/3`) is a prefered solution. """. -spec decrypt_public(CipherText, Key, Options) -> PlainText @@ -869,8 +865,7 @@ decrypt_public(CipherText, #'RSAPublicKey'{modulus = N, publicExponent = E}, %% Description: Public key encryption using the public key. %%-------------------------------------------------------------------- -doc(#{equiv => encrypt_public(PlainText, Key, []), - deprecated => ~"Do not use", - title => <<"Deprecated API">>, + title => <<"Legacy RSA Encryption API">>, since => <<"OTP R14B">>}). -spec encrypt_public(PlainText, Key) -> CipherText @@ -880,15 +875,14 @@ decrypt_public(CipherText, #'RSAPublicKey'{modulus = N, publicExponent = E}, encrypt_public(PlainText, Key) -> encrypt_public(PlainText, Key, []). --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Do not use", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP 21.1">>}). -doc """ Public-key encryption using the public key. See also `crypto:public_encrypt/4`. > #### Warning {: .warning } > -> This is a legacy function, for security reasons do not use. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. """. -spec encrypt_public(PlainText, Key, Options) -> CipherText @@ -902,8 +896,7 @@ encrypt_public(PlainText, #'RSAPublicKey'{modulus=N,publicExponent=E}, %%-------------------------------------------------------------------- -doc(#{equiv => encrypt_private(PlainText, Key, []), - deprecated => ~"Use sign and verify instead", - title => <<"Deprecated API">>, + title => <<"Legacy RSA Encryption API">>, since => <<"OTP R14B">>}). -spec encrypt_private(PlainText, Key) -> CipherText @@ -913,8 +906,7 @@ encrypt_public(PlainText, #'RSAPublicKey'{modulus=N,publicExponent=E}, encrypt_private(PlainText, Key) -> encrypt_private(PlainText, Key, []). --doc(#{title => <<"Deprecated API">>, - deprecated => ~"Use sign and verify instead", +-doc(#{title => <<"Legacy RSA Encryption API">>, since => <<"OTP 21.1">>}). -doc """ Public-key encryption using the private key. @@ -927,7 +919,9 @@ or trusted platform modules (TPM). > #### Warning {: .warning } > -> This is a legacy function, for security reasons use [`sign/3`](`sign/3`) together with [`verify/4`](`verify/4`) instead. +> This is a legacy function, for security reasons do not use with rsa_pkcs1_padding. +> For digital signatures use of [`sign/3`](`sign/3`) together with [`verify/4`](`verify/4`) is +> the prefered solution. """. -spec encrypt_private(PlainText, Key, Options) -> CipherText