Drop earlier Erlang/OTP versions

.github/workflows/ci.yml

@@ -16,10 +16,10 @@ jobs:
       matrix:
         include:
           - pair:
-              elixir: 1.7.4
-              otp: 20.3.8.26
+              elixir: 1.11
+              otp: 23.3
           - pair:
-              elixir: 1.14.2
+              elixir: 1.14
               otp: 25.2
             lint: lint
     steps:

lib/plug/crypto/key_generator.ex

@@ -92,10 +92,5 @@ defmodule Plug.Crypto.KeyGenerator do
     iterate(fun, iteration - 1, next, :crypto.exor(next, acc))
   end
 
-  # TODO: remove when we require OTP 22.1
-  if Code.ensure_loaded?(:crypto) and function_exported?(:crypto, :mac, 4) do
-    defp hmac_fun(digest, key), do: &:crypto.mac(:hmac, digest, key, &1)
-  else
-    defp hmac_fun(digest, key), do: &:crypto.hmac(digest, key, &1)
-  end
+  defp hmac_fun(digest, key), do: &:crypto.mac(:hmac, digest, key, &1)
 end

lib/plug/crypto/message_encryptor.ex

@@ -108,47 +108,32 @@ defmodule Plug.Crypto.MessageEncryptor do
     end
   end
 
-  # TODO: remove when we require OTP 22
-  if Code.ensure_loaded?(:crypto) and function_exported?(:crypto, :crypto_one_time_aead, 6) do
-    defp block_encrypt(cipher, key, iv, {aad, payload}) do
-      cipher = cipher_alias(cipher, bit_size(key))
-      :crypto.crypto_one_time_aead(cipher, key, iv, payload, aad, true)
-    catch
-      :error, :notsup -> raise_notsup(cipher)
-    end
-
-    defp block_decrypt(cipher, key, iv, {aad, payload, tag}) do
-      cipher = cipher_alias(cipher, bit_size(key))
-      :crypto.crypto_one_time_aead(cipher, key, iv, payload, aad, tag, false)
-    catch
-      :error, :notsup -> raise_notsup(cipher)
-    end
-
-    defp cipher_alias(:aes_gcm, 128), do: :aes_128_gcm
-    defp cipher_alias(:aes_gcm, 192), do: :aes_192_gcm
-    defp cipher_alias(:aes_gcm, 256), do: :aes_256_gcm
-    defp cipher_alias(other, _), do: other
-  else
-    defp block_encrypt(cipher, key, iv, payload) do
-      :crypto.block_encrypt(cipher, key, iv, payload)
-    catch
-      :error, :notsup -> raise_notsup(cipher)
-    end
+  defp block_encrypt(cipher, key, iv, {aad, payload}) do
+    cipher = cipher_alias(cipher, bit_size(key))
+    :crypto.crypto_one_time_aead(cipher, key, iv, payload, aad, true)
+  catch
+    :error, :notsup -> raise_notsup(cipher)
+  end
 
-    defp block_decrypt(cipher, key, iv, payload) do
-      :crypto.block_decrypt(cipher, key, iv, payload)
-    catch
-      :error, :notsup -> raise_notsup(cipher)
-    end
+  defp block_decrypt(cipher, key, iv, {aad, payload, tag}) do
+    cipher = cipher_alias(cipher, bit_size(key))
+    :crypto.crypto_one_time_aead(cipher, key, iv, payload, aad, tag, false)
+  catch
+    :error, :notsup -> raise_notsup(cipher)
   end
 
+  defp cipher_alias(:aes_gcm, 128), do: :aes_128_gcm
+  defp cipher_alias(:aes_gcm, 192), do: :aes_192_gcm
+  defp cipher_alias(:aes_gcm, 256), do: :aes_256_gcm
+  defp cipher_alias(other, _), do: other
+
   defp raise_notsup(algo) do
     raise "the algorithm #{inspect(algo)} is not supported by your Erlang/OTP installation. " <>
             "Please make sure it was compiled with the correct OpenSSL/BoringSSL bindings"
   end
 
   # Wraps a decrypted content encryption key (CEK) with secret and
-  # sign_secret using AES GCM mode. Accepts keys of 128, 192, or 
+  # sign_secret using AES GCM mode. Accepts keys of 128, 192, or
   # 256 bits based on the length of the secret key.
   #
   # See: https://tools.ietf.org/html/rfc7518#section-4.7
@@ -165,7 +150,7 @@ defmodule Plug.Crypto.MessageEncryptor do
   end
 
   # Unwraps an encrypted content encryption key (CEK) with secret and
-  # sign_secret using AES GCM mode. Accepts keys of 128, 192, or 256 
+  # sign_secret using AES GCM mode. Accepts keys of 128, 192, or 256
   # bits based on the length of the secret key.
   #
   # See: https://tools.ietf.org/html/rfc7518#section-4.7

lib/plug/crypto/message_verifier.ex

@@ -47,15 +47,15 @@ defmodule Plug.Crypto.MessageVerifier do
   defp hmac_sha2_sign(payload, key, digest_type) do
     protected = hmac_sha2_to_protected(digest_type)
     plain_text = signing_input(protected, payload)
-    signature = hmac(digest_type, key, plain_text)
+    signature = :crypto.mac(:hmac, digest_type, key, plain_text)
     encode_token(plain_text, signature)
   end
 
   defp hmac_sha2_verify(signed, key) when is_binary(signed) and is_binary(key) do
     case decode_token(signed) do
       {protected, payload, plain_text, signature} when protected in ["HS256", "HS384", "HS512"] ->
         digest_type = hmac_sha2_to_digest_type(protected)
-        challenge = hmac(digest_type, key, plain_text)
+        challenge = :crypto.mac(:hmac, digest_type, key, plain_text)
 
         if Plug.Crypto.secure_compare(challenge, signature) do
           {:ok, payload}
@@ -93,11 +93,4 @@ defmodule Plug.Crypto.MessageVerifier do
     |> Kernel.<>(".")
     |> Kernel.<>(Base.url_encode64(payload, padding: false))
   end
-
-  # TODO: remove when we require OTP 22.1
-  if Code.ensure_loaded?(:crypto) and function_exported?(:crypto, :mac, 4) do
-    defp hmac(digest, key, data), do: :crypto.mac(:hmac, digest, key, data)
-  else
-    defp hmac(digest, key, data), do: :crypto.hmac(digest, key, data)
-  end
 end

mix.exs

@@ -9,7 +9,7 @@ defmodule Plug.Crypto.MixProject do
     [
       app: :plug_crypto,
       version: @version,
-      elixir: "~> 1.7",
+      elixir: "~> 1.11",
       start_permanent: Mix.env() == :prod,
       deps: deps(),
       package: package(),