Remove deprecated crypto APIs (#39)

Co-authored-by: DXTimer <[email protected]> Co-authored-by: atanas argirov <[email protected]> Co-authored-by: Santiago Traversa <[email protected]>
dnsimple · Oct 8, 2024 · e41c294 · e41c294
1 parent e94de7d
commit e41c294
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 13 deletions.
diff --git a/include/dnssec_tests.hrl b/include/dnssec_tests.hrl
@@ -218,8 +218,8 @@ test_sample_key(dsa, PrivKey, PubKey) ->
     crypto:verify(dss, sha, Sample, Sig, PubKey);
 test_sample_key(rsa, PrivKey, PubKey) ->
     Sample = <<"1234">>,
-    Cipher = crypto:private_encrypt(rsa, Sample, PrivKey, rsa_pkcs1_padding),
-    Sample =:= crypto:public_decrypt(rsa, Cipher, PubKey, rsa_pkcs1_padding).
+    Cipher = crypto:sign(rsa, none, Sample, PrivKey, [{rsa_padding, rsa_pkcs1_padding}]),
+    true =:= crypto:verify(rsa, none, Sample, Cipher, PubKey, [{rsa_padding, rsa_pkcs1_padding}]).
 
 dnskey_pubkey_gen_test_() ->
     [

diff --git a/src/dnssec.erl b/src/dnssec.erl
@@ -418,11 +418,12 @@ sign_rrset(
                     Alg =:= ?DNS_ALG_RSASHA256 orelse
                     Alg =:= ?DNS_ALG_RSASHA512
             ->
-                crypto:private_encrypt(
+                crypto:sign(
                     rsa,
+                    none,
                     BaseSigInput,
                     Key,
-                    rsa_pkcs1_padding
+                    [{rsa_padding, rsa_pkcs1_padding}]
                 )
         end,
     Data = Data0#dns_rrdata_rrsig{signature = Signature},
@@ -502,15 +503,18 @@ verify_rrsig(
                             Alg =:= ?DNS_ALG_RSASHA256 orelse
                             Alg =:= ?DNS_ALG_RSASHA512
                     ->
-                        SigPayload =
-                            try
-                                crypto:public_decrypt(
-                                    rsa, Sig, Key, rsa_pkcs1_padding
-                                )
-                            catch
-                                error:decrypt_failed -> undefined
-                            end,
-                        SigInput =:= SigPayload;
+                        try
+                            crypto:verify(
+                                rsa,
+                                none,
+                                SigInput,
+                                Sig,
+                                Key,
+                                [{rsa_padding, rsa_pkcs1_padding}]
+                            )
+                        catch
+                            error:decrypt_failed -> undefined
+                        end;
                     (_) ->
                         false
                 end,