go crypto/rsa: deprecate GenerateMultiPrimeKey and PrecomputedValues.CRTValues

Multi-prime RSA keys (those that are products of three or more large primes) are discouraged in general and rarely used.

As of Go 1.20, the PrecomputedValues.CRTValues supporting multiprime keys will still be computed and filled in, but to reduce the attack surface of crypto/rsa, those values will no longer be used by decryption.

PrecomputedValues.CRTValues and GenerateMultiPrimeKey were marked deprecated during the Go 1.20 cycle, but without a proposal review. I'm rolling back the deprecation marks in an upcoming CL (gopherbot will report it) and am filing this issue to discuss adding the deprecation marks.

I don't anticipate any controversy about deprecating these, the proposal process should confirm that.

Nov 23 '22 21:11 rsc

Change https://go.dev/cl/453256 mentions this issue: crypto/elliptic: remove deprecation markers

Nov 23 '22 21:11 gopherbot

Change https://go.dev/cl/453257 mentions this issue: crypto/rsa: remove deprecation markers for multiprime RSA support

Nov 23 '22 21:11 gopherbot

This proposal has been added to the active column of the proposals project and will now be reviewed at the weekly proposal review meetings. — rsc for the proposal review group

Nov 30 '22 20:11 rsc

Does anyone object to marking these deprecated?

Dec 07 '22 18:12 rsc

No objection, happy to see them go.

Dec 08 '22 16:12 rolandshoemaker

Based on the discussion above, this proposal seems like a likely accept. — rsc for the proposal review group

Dec 14 '22 19:12 rsc

No change in consensus, so accepted. 🎉 This issue now tracks the work of implementing the proposal. — rsc for the proposal review group

Dec 21 '22 19:12 rsc

Change https://go.dev/cl/459976 mentions this issue: crypto/rsa: deprecate multiprime RSA support

Dec 29 '22 14:12 gopherbot