From a4ad60e91d8da62a04c7f2bfc9c50c611f858352 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Thu, 6 Jan 2022 00:23:13 +0200
Subject: Finally drop CI_Encrypt

---
 system/libraries/Encrypt.php                       | 521 ---------------------
 tests/codeigniter/libraries/Encrypt_test.php       |  79 ----
 tests/mocks/database/ci_test.sqlite                | Bin 19456 -> 19456 bytes
 tests/mocks/libraries/encrypt.php                  |  16 -
 user_guide_src/source/changelog.rst                |  15 +-
 user_guide_src/source/installation/upgrade_200.rst |   6 +-
 user_guide_src/source/installation/upgrade_220.rst |  13 +-
 user_guide_src/source/installation/upgrade_300.rst |  11 +-
 user_guide_src/source/installation/upgrade_320.rst |   1 +
 user_guide_src/source/libraries/encrypt.rst        | 198 --------
 user_guide_src/source/libraries/encryption.rst     |   4 +-
 11 files changed, 24 insertions(+), 840 deletions(-)
 delete mode 100644 system/libraries/Encrypt.php
 delete mode 100644 tests/codeigniter/libraries/Encrypt_test.php
 delete mode 100644 tests/mocks/libraries/encrypt.php
 delete mode 100644 user_guide_src/source/libraries/encrypt.rst

diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php
deleted file mode 100644
index df1af4cf4..000000000
--- a/system/libraries/Encrypt.php
+++ /dev/null
@@ -1,521 +0,0 @@
-<?php
-/**
- * CodeIgniter
- *
- * An open source application development framework for PHP
- *
- * This content is released under the MIT License (MIT)
- *
- * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- * @package	CodeIgniter
- * @author	EllisLab Dev Team
- * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
- * @license	https://opensource.org/licenses/MIT	MIT License
- * @link	https://codeigniter.com
- * @since	Version 1.0.0
- * @filesource
- */
-defined('BASEPATH') OR exit('No direct script access allowed');
-
-/**
- * CodeIgniter Encryption Class
- *
- * Provides two-way keyed encoding using Mcrypt
- *
- * @package		CodeIgniter
- * @subpackage	Libraries
- * @category	Libraries
- * @author		EllisLab Dev Team
- * @link		https://codeigniter.com/userguide3/libraries/encryption.html
- */
-class CI_Encrypt {
-
-	/**
-	 * Reference to the user's encryption key
-	 *
-	 * @var string
-	 */
-	public $encryption_key		= '';
-
-	/**
-	 * Type of hash operation
-	 *
-	 * @var string
-	 */
-	protected $_hash_type		= 'sha1';
-
-	/**
-	 * Flag for the existence of mcrypt
-	 *
-	 * @var bool
-	 */
-	protected $_mcrypt_exists	= FALSE;
-
-	/**
-	 * Current cipher to be used with mcrypt
-	 *
-	 * @var string
-	 */
-	protected $_mcrypt_cipher;
-
-	/**
-	 * Method for encrypting/decrypting data
-	 *
-	 * @var int
-	 */
-	protected $_mcrypt_mode;
-
-	/**
-	 * Initialize Encryption class
-	 *
-	 * @return	void
-	 */
-	public function __construct()
-	{
-		if (($this->_mcrypt_exists = function_exists('mcrypt_encrypt')) === FALSE)
-		{
-			show_error('The Encrypt library requires the Mcrypt extension.');
-		}
-
-		log_message('info', 'Encrypt Class Initialized');
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Fetch the encryption key
-	 *
-	 * Returns it as MD5 in order to have an exact-length 128 bit key.
-	 * Mcrypt is sensitive to keys that are not the correct length
-	 *
-	 * @param	string
-	 * @return	string
-	 */
-	public function get_key($key = '')
-	{
-		if ($key === '')
-		{
-			if ($this->encryption_key !== '')
-			{
-				return $this->encryption_key;
-			}
-
-			$key = config_item('encryption_key');
-
-			if ( ! self::strlen($key))
-			{
-				show_error('In order to use the encryption class requires that you set an encryption key in your config file.');
-			}
-		}
-
-		return md5($key);
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Set the encryption key
-	 *
-	 * @param	string
-	 * @return	CI_Encrypt
-	 */
-	public function set_key($key = '')
-	{
-		$this->encryption_key = $key;
-		return $this;
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Encode
-	 *
-	 * Encodes the message string using bitwise XOR encoding.
-	 * The key is combined with a random hash, and then it
-	 * too gets converted using XOR. The whole thing is then run
-	 * through mcrypt using the randomized key. The end result
-	 * is a double-encrypted message string that is randomized
-	 * with each call to this function, even if the supplied
-	 * message and key are the same.
-	 *
-	 * @param	string	the string to encode
-	 * @param	string	the key
-	 * @return	string
-	 */
-	public function encode($string, $key = '')
-	{
-		return base64_encode($this->mcrypt_encode($string, $this->get_key($key)));
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Decode
-	 *
-	 * Reverses the above process
-	 *
-	 * @param	string
-	 * @param	string
-	 * @return	string
-	 */
-	public function decode($string, $key = '')
-	{
-		if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string) OR base64_encode(base64_decode($string)) !== $string)
-		{
-			return FALSE;
-		}
-
-		return $this->mcrypt_decode(base64_decode($string), $this->get_key($key));
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Encode from Legacy
-	 *
-	 * Takes an encoded string from the original Encryption class algorithms and
-	 * returns a newly encoded string using the improved method added in 2.0.0
-	 * This allows for backwards compatibility and a method to transition to the
-	 * new encryption algorithms.
-	 *
-	 * For more details, see https://codeigniter.com/userguide3/installation/upgrade_200.html#encryption
-	 *
-	 * @param	string
-	 * @param	int		(mcrypt mode constant)
-	 * @param	string
-	 * @return	string
-	 */
-	public function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = '')
-	{
-		if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string))
-		{
-			return FALSE;
-		}
-
-		// decode it first
-		// set mode temporarily to what it was when string was encoded with the legacy
-		// algorithm - typically MCRYPT_MODE_ECB
-		$current_mode = $this->_get_mode();
-		$this->set_mode($legacy_mode);
-
-		$key = $this->get_key($key);
-		$dec = base64_decode($string);
-		if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE)
-		{
-			$this->set_mode($current_mode);
-			return FALSE;
-		}
-
-		$dec = $this->_xor_decode($dec, $key);
-
-		// set the mcrypt mode back to what it should be, typically MCRYPT_MODE_CBC
-		$this->set_mode($current_mode);
-
-		// and re-encode
-		return base64_encode($this->mcrypt_encode($dec, $key));
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * XOR Decode
-	 *
-	 * Takes an encoded string and key as input and generates the
-	 * plain-text original message
-	 *
-	 * @param	string
-	 * @param	string
-	 * @return	string
-	 */
-	protected function _xor_decode($string, $key)
-	{
-		$string = $this->_xor_merge($string, $key);
-
-		$dec = '';
-		for ($i = 0, $l = self::strlen($string); $i < $l; $i++)
-		{
-			$dec .= ($string[$i++] ^ $string[$i]);
-		}
-
-		return $dec;
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * XOR key + string Combiner
-	 *
-	 * Takes a string and key as input and computes the difference using XOR
-	 *
-	 * @param	string
-	 * @param	string
-	 * @return	string
-	 */
-	protected function _xor_merge($string, $key)
-	{
-		$hash = $this->hash($key);
-		$str = '';
-
-		for ($i = 0, $ls = self::strlen($string), $lh = self::strlen($hash); $i < $ls; $i++)
-		{
-			$str .= $string[$i] ^ $hash[($i % $lh)];
-		}
-
-		return $str;
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Encrypt using Mcrypt
-	 *
-	 * @param	string
-	 * @param	string
-	 * @return	string
-	 */
-	public function mcrypt_encode($data, $key)
-	{
-		$init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());
-		$init_vect = mcrypt_create_iv($init_size, MCRYPT_DEV_URANDOM);
-		return $this->_add_cipher_noise($init_vect.mcrypt_encrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), $key);
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Decrypt using Mcrypt
-	 *
-	 * @param	string
-	 * @param	string
-	 * @return	string
-	 */
-	public function mcrypt_decode($data, $key)
-	{
-		$data = $this->_remove_cipher_noise($data, $key);
-		$init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());
-
-		if ($init_size > self::strlen($data))
-		{
-			return FALSE;
-		}
-
-		$init_vect = self::substr($data, 0, $init_size);
-		$data      = self::substr($data, $init_size);
-
-		return rtrim(mcrypt_decrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), "\0");
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Adds permuted noise to the IV + encrypted data to protect
-	 * against Man-in-the-middle attacks on CBC mode ciphers
-	 * http://www.ciphersbyritter.com/GLOSSARY.HTM#IV
-	 *
-	 * @param	string
-	 * @param	string
-	 * @return	string
-	 */
-	protected function _add_cipher_noise($data, $key)
-	{
-		$key = $this->hash($key);
-		$str = '';
-
-		for ($i = 0, $j = 0, $ld = self::strlen($data), $lk = self::strlen($key); $i < $ld; ++$i, ++$j)
-		{
-			if ($j >= $lk)
-			{
-				$j = 0;
-			}
-
-			$str .= chr((ord($data[$i]) + ord($key[$j])) % 256);
-		}
-
-		return $str;
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Removes permuted noise from the IV + encrypted data, reversing
-	 * _add_cipher_noise()
-	 *
-	 * Function description
-	 *
-	 * @param	string	$data
-	 * @param	string	$key
-	 * @return	string
-	 */
-	protected function _remove_cipher_noise($data, $key)
-	{
-		$key = $this->hash($key);
-		$str = '';
-
-		for ($i = 0, $j = 0, $ld = self::strlen($data), $lk = self::strlen($key); $i < $ld; ++$i, ++$j)
-		{
-			if ($j >= $lk)
-			{
-				$j = 0;
-			}
-
-			$temp = ord($data[$i]) - ord($key[$j]);
-
-			if ($temp < 0)
-			{
-				$temp += 256;
-			}
-
-			$str .= chr($temp);
-		}
-
-		return $str;
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Set the Mcrypt Cipher
-	 *
-	 * @param	int
-	 * @return	CI_Encrypt
-	 */
-	public function set_cipher($cipher)
-	{
-		$this->_mcrypt_cipher = $cipher;
-		return $this;
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Set the Mcrypt Mode
-	 *
-	 * @param	int
-	 * @return	CI_Encrypt
-	 */
-	public function set_mode($mode)
-	{
-		$this->_mcrypt_mode = $mode;
-		return $this;
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Get Mcrypt cipher Value
-	 *
-	 * @return	int
-	 */
-	protected function _get_cipher()
-	{
-		if ($this->_mcrypt_cipher === NULL)
-		{
-			return $this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256;
-		}
-
-		return $this->_mcrypt_cipher;
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Get Mcrypt Mode Value
-	 *
-	 * @return	int
-	 */
-	protected function _get_mode()
-	{
-		if ($this->_mcrypt_mode === NULL)
-		{
-			return $this->_mcrypt_mode = MCRYPT_MODE_CBC;
-		}
-
-		return $this->_mcrypt_mode;
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Set the Hash type
-	 *
-	 * @param	string
-	 * @return	void
-	 */
-	public function set_hash($type = 'sha1')
-	{
-		$this->_hash_type = in_array($type, hash_algos()) ? $type : 'sha1';
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Hash encode a string
-	 *
-	 * @param	string
-	 * @return	string
-	 */
-	public function hash($str)
-	{
-		return hash($this->_hash_type, $str);
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Byte-safe strlen()
-	 *
-	 * @param	string	$str
-	 * @return	int
-	 */
-	protected static function strlen($str)
-	{
-		return defined('MB_OVERLOAD_STRING')
-			? mb_strlen($str, '8bit')
-			: strlen($str);
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Byte-safe substr()
-	 *
-	 * @param	string	$str
-	 * @param	int	$start
-	 * @param	int	$length
-	 * @return	string
-	 */
-	protected static function substr($str, $start, $length = NULL)
-	{
-		if (defined('MB_OVERLOAD_STRING'))
-		{
-			// mb_substr($str, $start, null, '8bit') returns an empty
-			// string on PHP 5.3
-			isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start);
-			return mb_substr($str, $start, $length, '8bit');
-		}
-
-		return isset($length)
-			? substr($str, $start, $length)
-			: substr($str, $start);
-	}
-}
diff --git a/tests/codeigniter/libraries/Encrypt_test.php b/tests/codeigniter/libraries/Encrypt_test.php
deleted file mode 100644
index adbca31b2..000000000
--- a/tests/codeigniter/libraries/Encrypt_test.php
+++ /dev/null
@@ -1,79 +0,0 @@
-<?php
-/**
- * @requires extension mcrypt
- */
-class Encrypt_test extends CI_TestCase {
-
-	public function set_up()
-	{
-		if ( ! extension_loaded('mcrypt'))
-		{
-			return;
-		}
-		elseif (version_compare(PHP_VERSION, '7.1.0-alpha', '>='))
-		{
-			return $this->markTestSkipped('ext/mcrypt is deprecated since PHP 7.1 and will generate notices here.');
-		}
-
-		$this->encrypt = new Mock_Libraries_Encrypt();
-		$this->ci_instance_var('encrypt', $this->encrypt);
-
-		$this->ci_set_config('encryption_key', "Encryptin'glike@boss!");
-		$this->msg = 'My secret message';
-	}
-
-	// --------------------------------------------------------------------
-
-	public function test_encode()
-	{
-		$this->assertNotEquals($this->msg, $this->encrypt->encode($this->msg));
-	}
-
-	// --------------------------------------------------------------------
-
-	public function test_decode()
-	{
-		$encoded_msg = $this->encrypt->encode($this->msg);
-		$this->assertEquals($this->msg, $this->encrypt->decode($encoded_msg));
-	}
-
-	// --------------------------------------------------------------------
-
-	public function test_optional_key()
-	{
-		$key = 'Ohai!ù0129°03182%HD1892P0';
-		$encoded_msg = $this->encrypt->encode($this->msg, $key);
-		$this->assertEquals($this->msg, $this->encrypt->decode($encoded_msg, $key));
-	}
-
-	// --------------------------------------------------------------------
-
-	public function test_default_cipher()
-	{
-		$this->assertEquals('rijndael-256', $this->encrypt->get_cipher());
-	}
-
-	// --------------------------------------------------------------------
-
-	public function test_set_cipher()
-	{
-		$this->encrypt->set_cipher(MCRYPT_BLOWFISH);
-		$this->assertEquals('blowfish', $this->encrypt->get_cipher());
-	}
-
-	// --------------------------------------------------------------------
-
-	public function test_default_mode()
-	{
-		$this->assertEquals('cbc', $this->encrypt->get_mode());
-	}
-
-	// --------------------------------------------------------------------
-
-	public function test_set_mode()
-	{
-		$this->encrypt->set_mode(MCRYPT_MODE_CFB);
-		$this->assertEquals('cfb', $this->encrypt->get_mode());
-	}
-
-}
diff --git a/tests/mocks/database/ci_test.sqlite b/tests/mocks/database/ci_test.sqlite
index 84f09add2..502913725 100755
Binary files a/tests/mocks/database/ci_test.sqlite and b/tests/mocks/database/ci_test.sqlite differ
diff --git a/tests/mocks/libraries/encrypt.php b/tests/mocks/libraries/encrypt.php
deleted file mode 100644
index c14d1e02f..000000000
--- a/tests/mocks/libraries/encrypt.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-
-class Mock_Libraries_Encrypt extends CI_Encrypt {
-
-	// Override inaccessible protected method
-	public function __call($method, $params)
-	{
-		if (is_callable(array($this, '_'.$method)))
-		{
-			return call_user_func_array(array($this, '_'.$method), $params);
-		}
-
-		throw new BadMethodCallException('Method '.$method.' was not found');
-	}
-
-}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index b9a9e2015..5d98e7554 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -37,6 +37,7 @@ Release Date: Not Released
 
 -  Libraries
 
+   -  Removed previously deprecated *Encrypt Library*.
    -  Removed previously deprecated *Cart Library*.
    -  Removed previously deprecated *Javascript Library* (it was always experimental in the first place).
    -  Removed previously deprecated ``anchor_class`` option from :doc:`Pagination Library <libraries/pagination>`.
@@ -368,10 +369,10 @@ Release Date: Mar 20, 2017
 -  **Security**
 
    -  Fixed a header injection vulnerability in :doc:`common function <general/common_functions>` :php:func:`set_status_header()` under Apache (thanks to Guillermo Caminer from `Flowgate <https://flowgate.net/>`_).
-   -  Fixed byte-safety issues in :doc:`Encrypt Library <libraries/encrypt>` (DEPRECATED) when ``mbstring.func_overload`` is enabled.
+   -  Fixed byte-safety issues in **Encrypt Library** (DEPRECATED) when ``mbstring.func_overload`` is enabled.
    -  Fixed byte-safety issues in :doc:`Encryption Library <libraries/encryption>` when ``mbstring.func_overload`` is enabled.
    -  Fixed byte-safety issues in :doc:`compatibility functions <general/compatibility_functions>` ``password_hash()``, ``hash_pbkdf2()`` when ``mbstring.func_overload`` is enabled.
-   -  Updated :doc:`Encrypt Library <libraries/encrypt>` (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``.
+   -  Updated **Encrypt Library** (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``.
 
 -  General Changes
 
@@ -1079,9 +1080,9 @@ Release Date: March 30, 2015
 
 -  Libraries
 
-   -  Added a new :doc:`Encryption Library <libraries/encryption>` to replace the old, largely insecure :doc:`Encrypt Library <libraries/encrypt>`.
+   -  Added a new :doc:`Encryption Library <libraries/encryption>` to replace the old, largely insecure **Encrypt Library**.
 
-   -  :doc:`Encrypt Library <libraries/encrypt>` changes include:
+   -  **Encrypt Library** changes include:
 
       -  Deprecated the library in favor of the new :doc:`Encryption Library <libraries/encryption>`.
       -  Added support for hashing algorithms other than SHA1 and MD5.
@@ -1462,7 +1463,7 @@ Bug fixes for 3.0
 -  Fixed a bug (#1264) - :doc:`Database Forge <database/forge>` and :doc:`Database Utilities <database/utilities>` didn't update/reset the databases and tables list cache when a table or a database is created, dropped or renamed.
 -  Fixed a bug (#7) - :doc:`Query Builder <database/query_builder>` method ``join()`` only escaped one set of conditions.
 -  Fixed a bug (#1321) - ``CI_Exceptions`` couldn't find the *errors/* directory in some cases.
--  Fixed a bug (#1202) - :doc:`Encrypt Library <libraries/encrypt>` ``encode_from_legacy()`` didn't set back the encrypt mode on failure.
+-  Fixed a bug (#1202) - **Encrypt Library** ``encode_from_legacy()`` didn't set back the encrypt mode on failure.
 -  Fixed a bug (#145) - :doc:`Database Class <database/index>` method ``compile_binds()`` failed when the bind marker was present in a literal string within the query.
 -  Fixed a bug in :doc:`Query Builder <database/query_builder>` method ``protect_identifiers()`` where if passed along with the field names, operators got escaped as well.
 -  Fixed a bug (#10) - :doc:`URI Library <libraries/uri>` internal method ``_detect_uri()`` failed with paths containing a colon.
@@ -1632,7 +1633,7 @@ Release Date: June 2, 2014
 
 -  General Changes
 
-   - Security: :doc:`Encrypt Library <libraries/encrypt>` method ``xor_encode()`` has been removed. The Encrypt Class now requires the Mcrypt extension to be installed.
+   - Security: **Encrypt Library** method ``xor_encode()`` has been removed. The Encrypt Class now requires the Mcrypt extension to be installed.
    - Security: The :doc:`Session Library <libraries/sessions>` now uses HMAC authentication instead of a simple MD5 checksum.
 
 Bug fixes for 2.2.0
@@ -2241,7 +2242,7 @@ Hg Tag: v2.0.0
    -  Documented append_output() in the :doc:`Output
       Class <libraries/output>`.
    -  Documented a second argument in the decode() function for the
-      :doc:`Encrypt Class <libraries/encrypt>`.
+      **Encrypt Class**.
    -  Documented db->close().
    -  Updated the router to support a default route with any number of
       segments.
diff --git a/user_guide_src/source/installation/upgrade_200.rst b/user_guide_src/source/installation/upgrade_200.rst
index 03b8ff4ac..96256b13a 100644
--- a/user_guide_src/source/installation/upgrade_200.rst
+++ b/user_guide_src/source/installation/upgrade_200.rst
@@ -64,9 +64,7 @@ string using the improved methods. This will enable you to easily
 replace stale encrypted data with fresh in your applications, either on
 the fly or en masse.
 
-Please read :doc:`how to use this
-method <../libraries/encrypt>` in the Encrypt library
-documentation.
+Please read how to use this in the Encrypt library documentation.
 
 Step 5: Remove loading calls for the compatibility helper.
 ==========================================================
@@ -145,4 +143,4 @@ The following files have been changed:
 The following files have been added:
 
 - foreign_chars.php
-- profiler.php
\ No newline at end of file
+- profiler.php
diff --git a/user_guide_src/source/installation/upgrade_220.rst b/user_guide_src/source/installation/upgrade_220.rst
index 489dd6312..c87148ca1 100644
--- a/user_guide_src/source/installation/upgrade_220.rst
+++ b/user_guide_src/source/installation/upgrade_220.rst
@@ -2,12 +2,11 @@
 Upgrading from 2.1.4 to 2.2.x
 #############################
 
-.. note:: The :doc:`Encrypt Class </libraries/encrypt>` now requires the
-	Mcrypt extension. If you were previously using the Encrypt Class
-	without Mcrypt, then this is a breaking change.  You must install
-	the Mcrypt extension in order to upgrade. For information on
-	installing Mcrypt please see the PHP `documentation
-	<https://secure.php.net/manual/en/mcrypt.setup.php>`.
+.. note:: The **Encrypt Class** now requires the Mcrypt extension. If you
+	were previously using the Encrypt Class without Mcrypt, then this
+	is a breaking change.  You must install the Mcrypt extension in
+	order to upgrade. For information on installing Mcrypt please see
+	the PHP `documentation <https://secure.php.net/manual/en/mcrypt.setup.php>`.
 
 Before performing an update you should take your site offline by
 replacing the index.php file with a static one.
@@ -18,4 +17,4 @@ Step 1: Update your CodeIgniter files
 Replace all files and directories in your "system" folder.
 
 .. note:: If you have any custom developed files in these folders please
-	make copies of them first.
\ No newline at end of file
+	make copies of them first.
diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst
index 188144844..03a7b579c 100644
--- a/user_guide_src/source/installation/upgrade_300.rst
+++ b/user_guide_src/source/installation/upgrade_300.rst
@@ -520,7 +520,7 @@ The SHA1 library
 The previously deprecated SHA1 library has been removed, alter your code to use PHP's native
 ``sha1()`` function to generate a SHA1 hash.
 
-Additionally, the ``sha1()`` method in the :doc:`Encrypt Library <../libraries/encrypt>` has been removed.
+Additionally, the ``sha1()`` method in the **Encrypt Library** has been removed.
 
 The EXT constant
 ================
@@ -541,17 +541,16 @@ Also, the previously deprecated ``js_insert_smiley()`` (since version 1.7.2) is
 The Encrypt library
 ===================
 
-Following numerous vulnerability reports, the :doc:`Encrypt Library <../libraries/encrypt>` has
-been deprecated and a new, :doc:`Encryption Library <../libraries/encryption>` is added to take
-its place.
+Following numerous vulnerability reports, the **Encrypt Library** has been deprecated and a
+new, :doc:`Encryption Library <../libraries/encryption>` is added to take its place.
 
 The new library requires either the `MCrypt extension <https://secure.php.net/mcrypt>`_ (and /dev/urandom
 availability) or PHP 5.3.3 and the `OpenSSL extension <https://secure.php.net/openssl>`_.
 While this might be rather inconvenient, it is a requirement that allows us to have properly
 implemented cryptographic functions.
 
-.. note:: The :doc:`Encrypt Library <../libraries/encrypt>` is still available for the purpose
-	of keeping backwards compatibility.
+.. note:: The **Encrypt Library** is still available for the purpose of keeping
+	backwards compatibility.
 
 .. important:: You are strongly encouraged to switch to the new :doc:`Encryption Library
 	<../libraries/encryption>` as soon as possible!
diff --git a/user_guide_src/source/installation/upgrade_320.rst b/user_guide_src/source/installation/upgrade_320.rst
index 368871d7d..c70ff707c 100644
--- a/user_guide_src/source/installation/upgrade_320.rst
+++ b/user_guide_src/source/installation/upgrade_320.rst
@@ -222,6 +222,7 @@ CodeIgniter versions that have been removed in 3.2.0:
 - ``read_file()`` :doc:`File Helper <../helpers/file_helper>` function (use ``file_get_contents()`` instead)
 - ``form_prep()`` :doc:`Form Helper <../helpers/form_helper>` function (use :php:func:`html_escape()` instead)
 
+- The entire *Encrypt Library* (the newer :doc:`Encryption Library <../libraries/encryption>` is still available)
 - The entire *Cart Library* (an archived version is available on GitHub: `bcit-ci/ci3-cart-library <https://github.com/bcit-ci/ci3-cart-library>`_)
 - The entire *Javascript Library* (it was always experimental in the first place)
 
diff --git a/user_guide_src/source/libraries/encrypt.rst b/user_guide_src/source/libraries/encrypt.rst
deleted file mode 100644
index 10893b901..000000000
--- a/user_guide_src/source/libraries/encrypt.rst
+++ /dev/null
@@ -1,198 +0,0 @@
-#############
-Encrypt Class
-#############
-
-The Encrypt Class provides two-way data encryption. It encrypted using
-the Mcrypt PHP extension, which is required for the Encrypt Class to run.
-
-.. important:: This library has been DEPRECATED and is only kept for
-	backwards compatibility. Please use the new :doc:`Encryption Library
-	<encryption>`.
-
-.. contents::
-  :local:
-
-.. raw:: html
-
-  <div class="custom-index container"></div>
-
-*************************
-Using the Encrypt Library
-*************************
-
-Setting your Key
-================
-
-A *key* is a piece of information that controls the cryptographic
-process and permits an encrypted string to be decoded. In fact, the key
-you chose will provide the **only** means to decode data that was
-encrypted with that key, so not only must you choose the key carefully,
-you must never change it if you intend use it for persistent data.
-
-It goes without saying that you should guard your key carefully. Should
-someone gain access to your key, the data will be easily decoded. If
-your server is not totally under your control it's impossible to ensure
-key security so you may want to think carefully before using it for
-anything that requires high security, like storing credit card numbers.
-
-To take maximum advantage of the encryption algorithm, your key should
-be 32 characters in length (256 bits). The key should be as random a
-string as you can concoct, with numbers and uppercase and lowercase
-letters. Your key should **not** be a simple text string. In order to be
-cryptographically secure it needs to be as random as possible.
-
-Your key can be either stored in your **application/config/config.php**, or
-you can design your own storage mechanism and pass the key dynamically
-when encoding/decoding.
-
-To save your key to your **application/config/config.php**, open the file
-and set::
-
-	$config['encryption_key'] = "YOUR KEY";
-
-Message Length
-==============
-
-It's important for you to know that the encoded messages the encryption
-function generates will be approximately 2.6 times longer than the
-original message. For example, if you encrypt the string "my super
-secret data", which is 21 characters in length, you'll end up with an
-encoded string that is roughly 55 characters (we say "roughly" because
-the encoded string length increments in 64 bit clusters, so it's not
-exactly linear). Keep this information in mind when selecting your data
-storage mechanism. Cookies, for example, can only hold 4K of
-information.
-
-Initializing the Class
-======================
-
-Like most other classes in CodeIgniter, the Encrypt class is
-initialized in your controller using the ``$this->load->library()``
-method::
-
-	$this->load->library('encrypt');
-
-Once loaded, the Encrypt library object will be available using::
-
-	$this->encrypt
-
-***************
-Class Reference
-***************
-
-.. php:class:: CI_Encrypt
-
-	.. php:method:: encode($string[, $key = ''])
-
-		:param	string	$string: Data to encrypt
-		:param	string	$key: Encryption key
-		:returns:	Encrypted string
-		:rtype:	string
-
-		Performs the data encryption and returns it as a string. Example::
-
-			$msg = 'My secret message';
-
-			$encrypted_string = $this->encrypt->encode($msg);
-
-		You can optionally pass your encryption key via the second parameter if
-		you don't want to use the one in your config file::
-
-			$msg = 'My secret message';
-			$key = 'super-secret-key';
-
-			$encrypted_string = $this->encrypt->encode($msg, $key);
-
-	.. php:method:: decode($string[, $key = ''])
-
-		:param	string	$string: String to decrypt
-		:param	string	$key: Encryption key
-		:returns:	Plain-text string
-		:rtype:	string
-
-		Decrypts an encoded string. Example::
-
-			$encrypted_string = 'APANtByIGI1BpVXZTJgcsAG8GZl8pdwwa84';
-
-			$plaintext_string = $this->encrypt->decode($encrypted_string);
-
-		You can optionally pass your encryption key via the second parameter if
-		you don't want to use the one in your config file::
-
-			$msg = 'My secret message';
-			$key = 'super-secret-key';
-
-			$encrypted_string = $this->encrypt->decode($msg, $key);
-
-	.. php:method:: set_cipher($cipher)
-
-		:param	int	$cipher: Valid PHP MCrypt cypher constant
-		:returns:	CI_Encrypt instance (method chaining)
-		:rtype:	CI_Encrypt
-
-		Permits you to set an Mcrypt cipher. By default it uses
-		``MCRYPT_RIJNDAEL_256``. Example::
-
-			$this->encrypt->set_cipher(MCRYPT_BLOWFISH);
-
-		Please visit php.net for a list of `available ciphers <https://secure.php.net/mcrypt>`_.
-
-		If you'd like to manually test whether your server supports MCrypt you
-		can use::
-
-			echo extension_loaded('mcrypt') ? 'Yup' : 'Nope';
-
-	.. php:method:: set_mode($mode)
-
-		:param	int	$mode: Valid PHP MCrypt mode constant
-		:returns:	CI_Encrypt instance (method chaining)
-		:rtype:	CI_Encrypt
-
-		Permits you to set an Mcrypt mode. By default it uses **MCRYPT_MODE_CBC**.
-		Example::
-
-			$this->encrypt->set_mode(MCRYPT_MODE_CFB);
-
-		Please visit php.net for a list of `available modes <https://secure.php.net/mcrypt>`_.
-
-	.. php:method:: encode_from_legacy($string[, $legacy_mode = MCRYPT_MODE_ECB[, $key = '']])
-
-		:param	string	$string: String to encrypt
-		:param	int	$legacy_mode: Valid PHP MCrypt cipher constant
-		:param	string	$key: Encryption key
-		:returns:	Newly encrypted string
-		:rtype:	string
-
-		Enables you to re-encode data that was originally encrypted with
-		CodeIgniter 1.x to be compatible with the Encrypt library in
-		CodeIgniter 2.x. It is only necessary to use this method if you have
-		encrypted data stored permanently such as in a file or database and are
-		on a server that supports Mcrypt. "Light" use encryption such as
-		encrypted session data or transitory encrypted flashdata require no
-		intervention on your part. However, existing encrypted Sessions will be
-		destroyed since data encrypted prior to 2.x will not be decoded.
-
-		.. important::
-			**Why only a method to re-encode the data instead of maintaining legacy
-			methods for both encoding and decoding?** The algorithms in the
-			Encrypt library have improved in CodeIgniter 2.x both for performance
-			and security, and we do not wish to encourage continued use of the older
-			methods. You can of course extend the Encryption library if you wish and
-			replace the new methods with the old and retain seamless compatibility
-			with CodeIgniter 1.x encrypted data, but this a decision that a
-			developer should make cautiously and deliberately, if at all.
-
-		::
-
-			$new_data = $this->encrypt->encode_from_legacy($old_encrypted_string);
-
-		======================	===============	 =======================================================================
-		Parameter		 Default	  Description
-		======================	===============  =======================================================================
-		**$orig_data**		n/a 		 The original encrypted data from CodeIgniter 1.x's Encryption library
-		**$legacy_mode**	MCRYPT_MODE_ECB	 The Mcrypt mode that was used to generate the original encrypted data.
-							 CodeIgniter 1.x's default was MCRYPT_MODE_ECB, and it will assume that
-							 to be the case unless overridden by this parameter.
-		**$key**		n/a 		 The encryption key. This it typically specified in your config file as
-							 outlined above.
-		======================	===============	 =======================================================================
\ No newline at end of file
diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst
index 833a56c09..643818aa4 100644
--- a/user_guide_src/source/libraries/encryption.rst
+++ b/user_guide_src/source/libraries/encryption.rst
@@ -280,8 +280,8 @@ Configuring the library
 =======================
 
 For usability, performance, but also historical reasons tied to our old
-:doc:`Encrypt Class <encrypt>`, the Encryption library is designed to
-use repeatedly the same driver, encryption cipher, mode and key.
+**Encrypt Class**, the Encryption library is designed to use repeatedly
+the same driver, encryption cipher, mode and key.
 
 As noted in the "Default behavior" section above, this means using an
 auto-detected driver (OpenSSL has a higher priority), the AES-128 ciper
-- 
cgit v1.2.3-24-g4f1b