From: Kees Monshouwer <mind04@monshouwer.org>
Date: Wed, 25 Oct 2017 20:43:35 +0000 (+0200)
Subject: drop botan 1.x support
X-Git-Tag: rec-4.0.7~2^2^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6776e4b5f11ab8732a02090068dbe1868059447b;p=pdns

drop botan 1.x support

(cherry picked from commit e11963ce69059d1fa47e92927ed48bd744b95348)
---

diff --git a/build-scripts/debian-authoritative/control.in b/build-scripts/debian-authoritative/control.in
index f9ec15bf0..0cef0968d 100644
--- a/build-scripts/debian-authoritative/control.in
+++ b/build-scripts/debian-authoritative/control.in
@@ -4,7 +4,7 @@ Priority: extra
 Standards-Version: 3.9.8
 Maintainer: PowerDNS Autobuilder <powerdns.support@powerdns.com>
 Origin: PowerDNS
-Build-Depends: debhelper (>= 9~), dh-autoreconf, dh-systemd, po-debconf, libtool, flex, bison, libmysqlclient-dev, libpq-dev, libssl-dev, libgdbm-dev, libldap2-dev, libsqlite3-dev, dpkg-dev (>= 1.17.0~), libboost-dev, libboost-serialization-dev, libboost-program-options-dev, libboost-test-dev, autotools-dev, automake, autoconf, liblua5.2-dev, pkg-config, ragel, libgmp-dev, libbotan1.10-dev, libcurl4-openssl-dev, libzmq-dev, libyaml-cpp-dev (>= 0.5), libgeoip-dev, libopendbx1-dev, libcdb-dev, unixodbc-dev (>= 2.3.1), libprotobuf-dev, protobuf-compiler @LIBSYSTEMDDEV@
+Build-Depends: debhelper (>= 9~), dh-autoreconf, dh-systemd, po-debconf, libtool, flex, bison, libmysqlclient-dev, libpq-dev, libssl-dev, libgdbm-dev, libldap2-dev, libsqlite3-dev, dpkg-dev (>= 1.17.0~), libboost-dev, libboost-serialization-dev, libboost-program-options-dev, libboost-test-dev, autotools-dev, automake, autoconf, liblua5.2-dev, pkg-config, ragel, libgmp-dev, libcurl4-openssl-dev, libzmq-dev, libyaml-cpp-dev (>= 0.5), libgeoip-dev, libopendbx1-dev, libcdb-dev, unixodbc-dev (>= 2.3.1), libprotobuf-dev, protobuf-compiler @LIBSYSTEMDDEV@
 Homepage: http://www.powerdns.com/
 
 Package: pdns-server
diff --git a/build-scripts/debian-authoritative/rules b/build-scripts/debian-authoritative/rules
index 4b37fbb7a..1f946e234 100755
--- a/build-scripts/debian-authoritative/rules
+++ b/build-scripts/debian-authoritative/rules
@@ -43,7 +43,6 @@ override_dh_auto_configure:
 		--with-dynmodules="$(backends)" \
 		--with-modules="" \
 		--with-pgsql-includes=`pg_config --includedir` \
-		--enable-botan1.10 \
 		--enable-tools \
 		--enable-unit-tests \
 		$(ENABLE_SYSTEMD)
diff --git a/build-scripts/travis.sh b/build-scripts/travis.sh
index 8ead1b841..c7cbe1279 100755
--- a/build-scripts/travis.sh
+++ b/build-scripts/travis.sh
@@ -353,7 +353,7 @@ install_dnsdist() {
 
 build_auth() {
   run "./bootstrap"
-  # Build without --enable-botan1.10 option, Botan/SoftHSM conflict #2496
+  # Build without --enable-botan, no botan 2.x in Travis CI
   run "CFLAGS='-O1' CXXFLAGS='-O1' ./configure \
     --with-dynmodules='bind gmysql geoip gpgsql gsqlite3 ldap lua mydns opendbx pipe random remote tinydns' \
     --with-modules='' \
@@ -380,9 +380,9 @@ build_recursor() {
   run "tar xf pdns-recursor-*.tar.bz2"
   run "rm -f pdns-recursor-*.tar.bz2"
   run "cd pdns-recursor-*"
+  # Build without --enable-botan, no botan 2.x in Travis CI
   run "CFLAGS='-O1' CXXFLAGS='-O1' ./configure \
     --prefix=$PDNS_RECURSOR_DIR \
-    --enable-botan \
     --enable-libsodium \
     --enable-unit-tests \
     --disable-silent-rules"
@@ -566,12 +566,12 @@ test_repo(){
 }
 
 # global build requirements
+# Add botan 2.x when available in Travis CI
 run "sudo apt-get -qq --no-install-recommends install \
   libboost-all-dev \
   liblua5.1-dev \
   libedit-dev \
   libprotobuf-dev \
-  libbotan1.10-dev \
   pandoc\
   protobuf-compiler"
 
diff --git a/m4/pdns_enable_botan.m4 b/m4/pdns_enable_botan.m4
index 6728bf4c9..6299d2793 100644
--- a/m4/pdns_enable_botan.m4
+++ b/m4/pdns_enable_botan.m4
@@ -1,5 +1,5 @@
 AC_DEFUN([PDNS_ENABLE_BOTAN],[
-  AC_MSG_CHECKING([whether we will be linking in Botan])
+  AC_MSG_CHECKING([whether we will be linking in Botan 2.x])
   AC_ARG_ENABLE([botan],
     [AS_HELP_STRING([--enable-botan],[use Botan @<:@default=no@:>@])],
     [enable_botan=$enableval],
@@ -9,14 +9,9 @@ AC_DEFUN([PDNS_ENABLE_BOTAN],[
   AM_CONDITIONAL(BOTAN, [test "x$enable_botan" != "xno"])
 
   AS_IF([test "x$enable_botan" != "xno"], [
-    PKG_CHECK_MODULES([BOTAN], [botan-1.10],
+    PKG_CHECK_MODULES([BOTAN], [botan-2],
       [AC_DEFINE([HAVE_BOTAN],[1],[Define to 1 if you have botan])],
-      [
-        PKG_CHECK_MODULES([BOTAN], [botan-2],
-          [AC_DEFINE([HAVE_BOTAN],[1],[Define to 1 if you have botan])],
-          [AC_MSG_ERROR([Could not find botan])]
-        )
-      ]
+      [AC_MSG_ERROR([Could not find botan])]
     )]
   )
 ])
diff --git a/pdns/botansigners.cc b/pdns/botansigners.cc
index 2c25d991c..2681da08a 100644
--- a/pdns/botansigners.cc
+++ b/pdns/botansigners.cc
@@ -47,11 +47,7 @@ public:
   explicit GOSTDNSCryptoKeyEngine(unsigned int algorithm) : DNSCryptoKeyEngine(algorithm) {}
   ~GOSTDNSCryptoKeyEngine(){}
   void create(unsigned int bits) override;
-#if BOTAN_VERSION_MAJOR < 2
-  string getName() const override { return "Botan 1.10 GOST"; }
-#else
   string getName() const override { return "Botan 2 GOST"; }
-#endif
   storvector_t convertToISCVector() const override;
   std::string getPubKeyHash() const override;
   std::string sign(const std::string& msg) const override;
@@ -70,17 +66,10 @@ public:
   }
 
 private:
-#if BOTAN_VERSION_MAJOR < 2
-  static EC_Domain_Params getParams()
-  {
-    return EC_Domain_Params("1.2.643.2.2.35.1");
-  }
-#else
   static EC_Group getParams()
   {
     return EC_Group("gost_256A");
   }
-#endif
 
   shared_ptr<GOST_3410_PrivateKey> d_key;
   shared_ptr<GOST_3410_PublicKey> d_pubkey;
@@ -165,11 +154,7 @@ namespace {
 
 BigInt decode_le(const byte msg[], size_t msg_len)
    {
-#if BOTAN_VERSION_MAJOR < 2
-   SecureVector<byte> msg_le(msg, msg_len);
-#else
    Botan::secure_vector<byte> msg_le(msg, msg + msg_len);
-#endif
 
    for(size_t i = 0; i != msg_le.size() / 2; ++i)
       std::swap(msg_le[i], msg_le[msg_le.size()-1-i]);
@@ -205,11 +190,7 @@ std::string GOSTDNSCryptoKeyEngine::getPublicKeyString() const
   
   size_t part_size = std::max(x.bytes(), y.bytes());
  
-#if BOTAN_VERSION_MAJOR < 2
-  MemoryVector<byte> bits(2*part_size);
-#else
   std::vector<byte> bits(2*part_size);
-#endif
 
   x.binary_encode(&bits[part_size - x.bytes()]);
   y.binary_encode(&bits[2*part_size - y.bytes()]);
@@ -234,26 +215,10 @@ std::string GOSTDNSCryptoKeyEngine::getPublicKeyString() const
 std::string GOSTDNSCryptoKeyEngine::sign(const std::string& msg) const
 {
   AutoSeeded_RNG rng;
-#if BOTAN_VERSION_MAJOR < 2
-  GOST_3410_Signature_Operation ops(*d_key);
-  
-  string hash= this->hash(msg);
-  SecureVector<byte> signature=ops.sign((byte*)hash.c_str(), hash.length(), rng);
-
-#if BOTAN_VERSION_CODE <= BOTAN_VERSION_CODE_FOR(1,9,12)  // see http://bit.ly/gTytUf
-  string reversed((const char*)signature.begin()+ signature.size()/2, signature.size()/2);
-  reversed.append((const char*)signature.begin(), signature.size()/2);
-  return reversed;
-#else  
-  return string((const char*)signature.begin(), (const char*) signature.end());
-#endif
-
-#else /* BOTAN_VERSION_MAJOR < 2 */
   PK_Signer signer(*d_key, rng, "Raw");
   signer.update(hash(msg));
   auto signature = signer.signature(rng);
   return string(signature.begin(), signature.end());
-#endif /* BOTAN_VERSION_MAJOR < 2*/
 }
 
 std::string GOSTDNSCryptoKeyEngine::hash(const std::string& orig) const
@@ -267,23 +232,9 @@ std::string GOSTDNSCryptoKeyEngine::hash(const std::string& orig) const
 bool GOSTDNSCryptoKeyEngine::verify(const std::string& message, const std::string& signature) const
 {
   std::shared_ptr<GOST_3410_PublicKey> pk = d_pubkey ? d_pubkey : d_key;
-#if BOTAN_VERSION_MAJOR < 2
-  string hash = this->hash(message);
-
-  GOST_3410_Verification_Operation ops(*pk);
-#if BOTAN_VERSION_CODE <= BOTAN_VERSION_CODE_FOR(1,9,12)  // see http://bit.ly/gTytUf
-  string rsignature(signature.substr(32));
-  rsignature.append(signature.substr(0,32));
-  return ops.verify ((byte*)hash.c_str(), hash.length(), (byte*)rsignature.c_str(), rsignature.length());
-#else
-  return ops.verify ((byte*)hash.c_str(), hash.length(), (byte*)signature.c_str(), signature.length());
-#endif
-
-#else /* BOTAN_VERSION_MAJOR < 2 */
   PK_Verifier verifier(*pk, "Raw");
   verifier.update(hash(message));
   return verifier.check_signature(reinterpret_cast<const uint8_t*>(signature.c_str()), signature.size());
-#endif /* BOTAN_VERSION_MAJOR < 2*/
 }
 
 /*
@@ -301,13 +252,7 @@ struct LoaderStruct
 {
   LoaderStruct()
   {
-#if BOTAN_VERSION_MAJOR < 2
-    new Botan::LibraryInitializer("thread_safe=true");
-    // this leaks, but is fine
-    Botan::global_state().set_default_allocator("malloc"); // the other Botan allocator slows down for us
-#endif /* BOTAN_VERSION_MAJOR < 2*/
-
     DNSCryptoKeyEngine::report(12, &GOSTDNSCryptoKeyEngine::maker);
   }
-} loaderBotan110;
+} loaderBotan2;
 }