aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBjörn Gustavsson <[email protected]>2013-05-13 11:13:50 +0200
committerIngela Anderton Andin <[email protected]>2013-05-20 08:41:52 +0200
commit5805b576e5c817faf697985ea2d2ce205d9b52d4 (patch)
tree9d911868ae6815986e91a9b449869dd8bff8ab64
parentb5d466db4dd8891cceaaa5a4b4e81f6edad639d2 (diff)
downloadotp-5805b576e5c817faf697985ea2d2ce205d9b52d4.tar.gz
otp-5805b576e5c817faf697985ea2d2ce205d9b52d4.tar.bz2
otp-5805b576e5c817faf697985ea2d2ce205d9b52d4.zip
beam_lib, compile: Replace use of deprecated crypto functions
Since both the STDLIB and compiler applications turn warnings into errors, we must stop using the old deprecated crypto functions. While we are at it, generalize the format of the key tuple returned by beam_lib:make_crypto_key/2 to facilitate introducing new crypto methods in the future. Change the format to: {Type,Key,IV,BlockSize} where Type, Key, and IV are the first three arguments for either crypto:block_encrypt4/ or crypto:block_decrypt/4, and BlockSize is the block size for the crypto algorithm (it is needed to properly pad the plaintext blocks before encryption).
-rw-r--r--lib/compiler/src/compile.erl20
-rw-r--r--lib/compiler/test/compile_SUITE.erl10
-rw-r--r--lib/compiler/test/compile_SUITE_data/key_compatibility.beambin0 -> 844 bytes
-rw-r--r--lib/compiler/test/compile_SUITE_data/key_compatibility.erl8
-rw-r--r--lib/stdlib/src/beam_lib.erl16
5 files changed, 36 insertions, 18 deletions
diff --git a/lib/compiler/src/compile.erl b/lib/compiler/src/compile.erl
index 745f1d5cf9..2ca403de54 100644
--- a/lib/compiler/src/compile.erl
+++ b/lib/compiler/src/compile.erl
@@ -1197,9 +1197,9 @@ abstract_code(#compile{code=Code,options=Opts,ofile=OFile}) ->
encrypt_abs_code(Abstr, Key0) ->
try
- {Mode,RealKey} = generate_key(Key0),
+ RealKey = generate_key(Key0),
case start_crypto() of
- ok -> {ok,encrypt(Mode, RealKey, Abstr)};
+ ok -> {ok,encrypt(RealKey, Abstr)};
{error,_}=E -> E
end
catch
@@ -1216,19 +1216,19 @@ start_crypto() ->
{error,[{none,?MODULE,no_crypto}]}
end.
-generate_key({Mode,String}) when is_atom(Mode), is_list(String) ->
- {Mode,beam_lib:make_crypto_key(Mode, String)};
+generate_key({Type,String}) when is_atom(Type), is_list(String) ->
+ beam_lib:make_crypto_key(Type, String);
generate_key(String) when is_list(String) ->
generate_key({des3_cbc,String}).
-encrypt(des3_cbc=Mode, {K1,K2,K3, IVec}, Bin0) ->
- Bin1 = case byte_size(Bin0) rem 8 of
+encrypt({des3_cbc=Type,Key,IVec,BlockSize}, Bin0) ->
+ Bin1 = case byte_size(Bin0) rem BlockSize of
0 -> Bin0;
- N -> list_to_binary([Bin0,random_bytes(8-N)])
+ N -> list_to_binary([Bin0,random_bytes(BlockSize-N)])
end,
- Bin = crypto:des3_cbc_encrypt(K1, K2, K3, IVec, Bin1),
- ModeString = atom_to_list(Mode),
- list_to_binary([0,length(ModeString),ModeString,Bin]).
+ Bin = crypto:block_encrypt(Type, Key, IVec, Bin1),
+ TypeString = atom_to_list(Type),
+ list_to_binary([0,length(TypeString),TypeString,Bin]).
random_bytes(N) ->
{A,B,C} = now(),
diff --git a/lib/compiler/test/compile_SUITE.erl b/lib/compiler/test/compile_SUITE.erl
index 229e5a98a1..c635d13c89 100644
--- a/lib/compiler/test/compile_SUITE.erl
+++ b/lib/compiler/test/compile_SUITE.erl
@@ -492,6 +492,16 @@ encrypted_abstr_1(Simple, Target) ->
?line {error,beam_lib,{key_missing_or_invalid,"simple.beam",abstract_code}} =
beam_lib:chunks("simple.beam", [abstract_code]),
?line ok = file:set_cwd(OldCwd),
+
+ %% Test key compatibility by reading a BEAM file produced before
+ %% the update to the new crypto functions.
+ install_crypto_key("an old key"),
+ KeyCompat = filename:join(filename:dirname(Simple),
+ "key_compatibility"),
+ {ok,{key_compatibility,[Chunk]}} = beam_lib:chunks(KeyCompat,
+ [abstract_code]),
+ {abstract_code,{raw_abstract_v1,_}} = Chunk,
+
ok.
diff --git a/lib/compiler/test/compile_SUITE_data/key_compatibility.beam b/lib/compiler/test/compile_SUITE_data/key_compatibility.beam
new file mode 100644
index 0000000000..28329d2423
--- /dev/null
+++ b/lib/compiler/test/compile_SUITE_data/key_compatibility.beam
Binary files differ
diff --git a/lib/compiler/test/compile_SUITE_data/key_compatibility.erl b/lib/compiler/test/compile_SUITE_data/key_compatibility.erl
new file mode 100644
index 0000000000..e2931f1b12
--- /dev/null
+++ b/lib/compiler/test/compile_SUITE_data/key_compatibility.erl
@@ -0,0 +1,8 @@
+-module(key_compatibility).
+-export([main/0]).
+
+%% Compile like this:
+%% erlc +'{debug_info_key,"an old key"}' key_compatibility.erl
+
+main() ->
+ ok.
diff --git a/lib/stdlib/src/beam_lib.erl b/lib/stdlib/src/beam_lib.erl
index fe7e0f8e60..2e9ebece0e 100644
--- a/lib/stdlib/src/beam_lib.erl
+++ b/lib/stdlib/src/beam_lib.erl
@@ -302,10 +302,10 @@ clear_crypto_key_fun() ->
-spec make_crypto_key(mode(), string()) ->
{binary(), binary(), binary(), binary()}.
-make_crypto_key(des3_cbc, String) ->
+make_crypto_key(des3_cbc=Type, String) ->
<<K1:8/binary,K2:8/binary>> = First = erlang:md5(String),
<<K3:8/binary,IVec:8/binary>> = erlang:md5([First|reverse(String)]),
- {K1,K2,K3,IVec}.
+ {Type,[K1,K2,K3],IVec,8}.
%%
%% Local functions
@@ -864,20 +864,20 @@ mandatory_chunks() ->
-define(CRYPTO_KEY_SERVER, beam_lib__crypto_key_server).
-decrypt_abst(Mode, Module, File, Id, AtomTable, Bin) ->
+decrypt_abst(Type, Module, File, Id, AtomTable, Bin) ->
try
- KeyString = get_crypto_key({debug_info, Mode, Module, File}),
- Key = make_crypto_key(des3_cbc, KeyString),
- Term = decrypt_abst_1(Mode, Key, Bin),
+ KeyString = get_crypto_key({debug_info, Type, Module, File}),
+ Key = make_crypto_key(Type, KeyString),
+ Term = decrypt_abst_1(Key, Bin),
{AtomTable, {Id, Term}}
catch
_:_ ->
error({key_missing_or_invalid, File, Id})
end.
-decrypt_abst_1(des3_cbc, {K1, K2, K3, IVec}, Bin) ->
+decrypt_abst_1({Type,Key,IVec,_BlockSize}, Bin) ->
ok = start_crypto(),
- NewBin = crypto:des3_cbc_decrypt(K1, K2, K3, IVec, Bin),
+ NewBin = crypto:block_decrypt(Type, Key, IVec, Bin),
binary_to_term(NewBin).
start_crypto() ->