diff options
| author | Nick Vatamaniuc <vatamane@apache.org> | 2021-05-13 02:21:36 -0400 |
|---|---|---|
| committer | Nick Vatamaniuc <nickva@users.noreply.github.com> | 2021-05-14 15:11:40 -0400 |
| commit | ff4ca2ab5b1d696f819342c18c16aaf523f1dd30 (patch) | |
| tree | 16b840ceb1d51c425a1ed324a22d89cc5a3c270c | |
| parent | fe7ac3799484c3e484a94620ebb720f9b548cf4c (diff) | |
| download | couchdb-ff4ca2ab5b1d696f819342c18c16aaf523f1dd30.tar.gz | |
Erlang 24 support
Switching crypto functions to use the new ones such as:
```
crypto:hmac(Alg, Key, Message) -> crypto:mac(hmac, Alg, Key, Message)
```
To simplify Erlang 24 support, in which some crypto functions have
been removed, bump the minimum version to 22.
Other fixes were in dependencies:
* Bumped meck to 0.9.2. New meck from upstream supports Erlang
24. Also required bumping folsom since it depends on meck
* Example in passage module would not compile, so commented out
the parse transform. Required bumping jaeger passage since it
depends on passage
| -rw-r--r-- | build-aux/Jenkinsfile.pr | 1 | ||||
| -rw-r--r-- | rebar.config.script | 10 | ||||
| -rw-r--r-- | src/couch/src/couch_hotp.erl | 2 | ||||
| -rw-r--r-- | src/couch/src/couch_httpd_auth.erl | 6 | ||||
| -rw-r--r-- | src/couch/src/couch_passwords.erl | 4 | ||||
| -rw-r--r-- | src/couch/src/couch_util.erl | 26 | ||||
| -rw-r--r-- | src/jwtf/src/jwtf.erl | 29 |
7 files changed, 65 insertions, 13 deletions
diff --git a/build-aux/Jenkinsfile.pr b/build-aux/Jenkinsfile.pr index 77362b193..8d89b33ab 100644 --- a/build-aux/Jenkinsfile.pr +++ b/build-aux/Jenkinsfile.pr @@ -107,6 +107,7 @@ pipeline { axes { axis { name 'ERLANG_VERSION' + // kerl can't build 24 yet values '21.3.8.22', '22.3.4.17', '23.3.1' } } diff --git a/rebar.config.script b/rebar.config.script index 214918238..eb37d5b41 100644 --- a/rebar.config.script +++ b/rebar.config.script @@ -149,16 +149,16 @@ DepDescs = [ {fauxton, {url, "https://github.com/apache/couchdb-fauxton"}, {tag, "v1.2.6"}, [raw]}, %% Third party deps -{folsom, "folsom", {tag, "CouchDB-0.8.3"}}, +{folsom, "folsom", {tag, "CouchDB-0.8.4"}}, {hyper, "hyper", {tag, "CouchDB-2.2.0-6"}}, {ibrowse, "ibrowse", {tag, "CouchDB-4.4.2-2"}}, -{jaeger_passage, "jaeger-passage", {tag, "CouchDB-0.1.14-2"}}, +{jaeger_passage, "jaeger-passage", {tag, "CouchDB-0.1.14-4"}}, {jiffy, "jiffy", {tag, "CouchDB-1.0.5-1"}}, {local, "local", {tag, "0.2.1"}}, {mochiweb, "mochiweb", {tag, "v2.20.0"}}, -{meck, "meck", {tag, "0.8.8"}}, +{meck, "meck", {tag, "0.9.2"}}, {recon, "recon", {tag, "2.5.0"}}, -{passage, "passage", {tag, "0.2.6"}}, +{passage, "passage", {tag, "CouchDB-0.2.6-1"}}, {thrift_protocol, "thrift-protocol", {tag, "0.1.5"}} ]. @@ -192,7 +192,7 @@ ErlOpts = case os:getenv("ERL_OPTS") of end. AddConfig = [ - {require_otp_vsn, "21|22|23"}, + {require_otp_vsn, "21|22|23|24"}, {deps_dir, "src"}, {deps, lists:map(MakeDep, DepDescs ++ OptionalDeps)}, {sub_dirs, SubDirs}, diff --git a/src/couch/src/couch_hotp.erl b/src/couch/src/couch_hotp.erl index 9a620fa87..4ba81c9bf 100644 --- a/src/couch/src/couch_hotp.erl +++ b/src/couch/src/couch_hotp.erl @@ -16,7 +16,7 @@ generate(Alg, Key, Counter, OutputLen) when is_atom(Alg), is_binary(Key), is_integer(Counter), is_integer(OutputLen) -> - Hmac = crypto:hmac(Alg, Key, <<Counter:64>>), + Hmac = couch_util:hmac(Alg, Key, <<Counter:64>>), Offset = binary:last(Hmac) band 16#f, Code = ((binary:at(Hmac, Offset) band 16#7f) bsl 24) + diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index b7402202d..93b00bd1a 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -176,7 +176,7 @@ proxy_auth_user(Req) -> undefined -> Req#httpd{user_ctx=#user_ctx{name=?l2b(UserName), roles=Roles}}; Secret -> - ExpectedToken = couch_util:to_hex(crypto:hmac(sha, Secret, UserName)), + ExpectedToken = couch_util:to_hex(couch_util:hmac(sha, Secret, UserName)), case header_value(Req, XHeaderToken) of Token when Token == ExpectedToken -> Req#httpd{user_ctx=#user_ctx{name=?l2b(UserName), @@ -263,7 +263,7 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req, AuthModule) -> {ok, UserProps, _AuthCtx} -> UserSalt = couch_util:get_value(<<"salt">>, UserProps, <<"">>), FullSecret = <<Secret/binary, UserSalt/binary>>, - ExpectedHash = crypto:hmac(sha, FullSecret, User ++ ":" ++ TimeStr), + ExpectedHash = couch_util:hmac(sha, FullSecret, User ++ ":" ++ TimeStr), Hash = ?l2b(HashStr), Timeout = list_to_integer( config:get("couch_httpd_auth", "timeout", "600")), @@ -315,7 +315,7 @@ cookie_auth_header(_Req, _Headers) -> []. cookie_auth_cookie(Req, User, Secret, TimeStamp) -> SessionData = User ++ ":" ++ erlang:integer_to_list(TimeStamp, 16), - Hash = crypto:hmac(sha, Secret, SessionData), + Hash = couch_util:hmac(sha, Secret, SessionData), mochiweb_cookies:cookie("AuthSession", couch_util:encodeBase64Url(SessionData ++ ":" ++ ?b2l(Hash)), [{path, "/"}] ++ cookie_scheme(Req) ++ max_age() ++ cookie_domain() ++ same_site()). diff --git a/src/couch/src/couch_passwords.erl b/src/couch/src/couch_passwords.erl index baf78f5d5..87ed15144 100644 --- a/src/couch/src/couch_passwords.erl +++ b/src/couch/src/couch_passwords.erl @@ -114,12 +114,12 @@ pbkdf2(_Password, _Salt, Iterations, _BlockIndex, Iteration, _Prev, Acc) when Iteration > Iterations -> Acc; pbkdf2(Password, Salt, Iterations, BlockIndex, 1, _Prev, _Acc) -> - InitialBlock = crypto:hmac(sha, Password, + InitialBlock = couch_util:hmac(sha, Password, <<Salt/binary,BlockIndex:32/integer>>), pbkdf2(Password, Salt, Iterations, BlockIndex, 2, InitialBlock, InitialBlock); pbkdf2(Password, Salt, Iterations, BlockIndex, Iteration, Prev, Acc) -> - Next = crypto:hmac(sha, Password, Prev), + Next = couch_util:hmac(sha, Password, Prev), pbkdf2(Password, Salt, Iterations, BlockIndex, Iteration + 1, Next, crypto:exor(Next, Acc)). diff --git a/src/couch/src/couch_util.erl b/src/couch/src/couch_util.erl index af7b7ff0a..37bf2fc6c 100644 --- a/src/couch/src/couch_util.erl +++ b/src/couch/src/couch_util.erl @@ -40,6 +40,7 @@ -export([check_md5/2]). -export([set_mqd_off_heap/1]). -export([set_process_priority/2]). +-export([hmac/3]). -include_lib("couch/include/couch_db.hrl"). @@ -769,3 +770,28 @@ check_config_blacklist(Section) -> end end, ?BLACKLIST_CONFIG_SECTIONS), ok. + + +-ifdef(OTP_RELEASE). + +-if(?OTP_RELEASE >= 22). + +% OTP >= 22 +hmac(Alg, Key, Message) -> + crypto:mac(hmac, Alg, Key, Message). + +-else. + +% OTP >= 21, < 22 +hmac(Alg, Key, Message) -> + crypto:hmac(Alg, Key, Message). + +-endif. % -if(?OTP_RELEASE >= 22) + +-else. + +% OTP < 21 +hmac(Alg, Key, Message) -> + crypto:hmac(Alg, Key, Message). + +-endif. % -ifdef(OTP_RELEASE) diff --git a/src/jwtf/src/jwtf.erl b/src/jwtf/src/jwtf.erl index a0bbf1fc1..4c4f80c70 100644 --- a/src/jwtf/src/jwtf.erl +++ b/src/jwtf/src/jwtf.erl @@ -65,7 +65,7 @@ encode(Header = {HeaderProps}, Claims, Key) -> {public_key, Algorithm} -> public_key:sign(Message, Algorithm, Key); {hmac, Algorithm} -> - crypto:hmac(Algorithm, Key, Message) + hmac(Algorithm, Key, Message) end, EncodedSignatureOrMac = b64url:encode(SignatureOrMac), {ok, <<Message/binary, $., EncodedSignatureOrMac/binary>>} @@ -290,7 +290,7 @@ public_key_verify(Algorithm, Message, Signature, PublicKey) -> hmac_verify(Algorithm, Message, HMAC, SecretKey) -> - case crypto:hmac(Algorithm, SecretKey, Message) of + case hmac(Algorithm, SecretKey, Message) of HMAC -> ok; _ -> @@ -352,6 +352,31 @@ prop(Prop, Props) -> proplists:get_value(Prop, Props). +-ifdef(OTP_RELEASE). + +-if(?OTP_RELEASE >= 22). + +% OTP >= 22 +hmac(Alg, Key, Message) -> + crypto:mac(hmac, Alg, Key, Message). + +-else. + +% OTP >= 21, < 22 +hmac(Alg, Key, Message) -> + crypto:hmac(Alg, Key, Message). + +-endif. % -if(?OTP_RELEASE >= 22) + +-else. + +% OTP < 21 +hmac(Alg, Key, Message) -> + crypto:hmac(Alg, Key, Message). + +-endif. % -ifdef(OTP_RELEASE) + + -ifdef(TEST). -include_lib("eunit/include/eunit.hrl"). |