Drop botan 1.x support

build-scripts/debian-authoritative/control.in

@@ -4,7 +4,7 @@ Priority: extra
 Standards-Version: 3.9.8
 Maintainer: PowerDNS Autobuilder <[email protected]>
 Origin: PowerDNS
-Build-Depends: debhelper (>= 9~), dh-autoreconf, dh-systemd, po-debconf, curl, libtool, flex, bison, libmysqlclient-dev, libpq-dev, libssl-dev, libgdbm-dev, libldap2-dev, libsqlite3-dev, dpkg-dev (>= 1.17.0~), libboost-dev, libboost-serialization-dev, libboost-program-options-dev, libboost-test-dev, autotools-dev, automake, autoconf, libluajit5.1-dev, pkg-config, ragel, libgmp-dev, libbotan1.10-dev, libcurl4-openssl-dev, libzmq-dev, libyaml-cpp-dev (>= 0.5), libgeoip-dev, libopendbx1-dev, libcdb-dev, unixodbc-dev (>= 2.3.1), libprotobuf-dev, protobuf-compiler, libp11-kit-dev @LIBSYSTEMDDEV@ @LIBSODIUMDEV@
+Build-Depends: debhelper (>= 9~), dh-autoreconf, dh-systemd, po-debconf, curl, libtool, flex, bison, libmysqlclient-dev, libpq-dev, libssl-dev, libgdbm-dev, libldap2-dev, libsqlite3-dev, dpkg-dev (>= 1.17.0~), libboost-dev, libboost-serialization-dev, libboost-program-options-dev, libboost-test-dev, autotools-dev, automake, autoconf, libluajit5.1-dev, pkg-config, ragel, libgmp-dev, libcurl4-openssl-dev, libzmq-dev, libyaml-cpp-dev (>= 0.5), libgeoip-dev, libopendbx1-dev, libcdb-dev, unixodbc-dev (>= 2.3.1), libprotobuf-dev, protobuf-compiler, libp11-kit-dev @LIBSYSTEMDDEV@ @LIBSODIUMDEV@
 Homepage: http://www.powerdns.com/
 
 Package: pdns-server

build-scripts/debian-authoritative/rules

@@ -50,7 +50,6 @@ override_dh_auto_configure:
 		--libexecdir='$${prefix}/lib' \
 		--with-dynmodules="$(backends)" \
 		--with-modules="" \
-		--enable-botan1.10 \
 		--enable-tools \
 		--enable-unit-tests \
 		--with-luajit \

build-scripts/travis.sh

@@ -359,7 +359,7 @@ install_dnsdist() {
 
 build_auth() {
   run "./bootstrap"
-  # Build without --enable-botan1.10 option, Botan/SoftHSM conflict #2496
+  # Build without --enable-botan, no botan 2.x in Travis CI
   run "CFLAGS='-O1' CXXFLAGS='-O1' ./configure \
     --with-dynmodules='bind gmysql geoip gpgsql gsqlite3 ldap lua mydns opendbx pipe random remote tinydns godbc' \
     --with-modules='' \
@@ -386,9 +386,9 @@ build_recursor() {
   run "tar xf pdns-recursor-*.tar.bz2"
   run "rm -f pdns-recursor-*.tar.bz2"
   run "cd pdns-recursor-*"
+  # Build without --enable-botan, no botan 2.x in Travis CI
   run "CFLAGS='-O1' CXXFLAGS='-O1' CXX=${COMPILER} ./configure \
     --prefix=$PDNS_RECURSOR_DIR \
-    --enable-botan \
     --enable-libsodium \
     --enable-unit-tests \
     --disable-silent-rules"
@@ -567,12 +567,12 @@ test_repo(){
 }
 
 # global build requirements
+# Add botan 2.x when available in Travis CI
 run "sudo apt-get -qq --no-install-recommends install \
   libboost-all-dev \
   liblua5.1-dev \
   libedit-dev \
   libprotobuf-dev \
-  libbotan1.10-dev \
   pandoc\
   protobuf-compiler"
 

m4/pdns_enable_botan.m4

@@ -1,5 +1,5 @@
 AC_DEFUN([PDNS_ENABLE_BOTAN],[
-  AC_MSG_CHECKING([whether we will be linking in Botan])
+  AC_MSG_CHECKING([whether we will be linking in Botan 2.x])
   AC_ARG_ENABLE([botan],
     [AS_HELP_STRING([--enable-botan],[use Botan @<:@default=no@:>@])],
     [enable_botan=$enableval],
@@ -9,14 +9,9 @@ AC_DEFUN([PDNS_ENABLE_BOTAN],[
   AM_CONDITIONAL(BOTAN, [test "x$enable_botan" != "xno"])
 
   AS_IF([test "x$enable_botan" != "xno"], [
-    PKG_CHECK_MODULES([BOTAN], [botan-1.10],
+    PKG_CHECK_MODULES([BOTAN], [botan-2],
       [AC_DEFINE([HAVE_BOTAN],[1],[Define to 1 if you have botan])],
-      [
-        PKG_CHECK_MODULES([BOTAN], [botan-2],
-          [AC_DEFINE([HAVE_BOTAN],[1],[Define to 1 if you have botan])],
-          [AC_MSG_ERROR([Could not find botan])]
-        )
-      ]
+      [AC_MSG_ERROR([Could not find botan])]
     )]
   )
 ])

pdns/botansigners.cc

@@ -22,8 +22,7 @@
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
-#include <botan/botan.h>
-#include <botan/build.h>
+#include <botan/auto_rng.h>
 #include <botan/gost_3410.h>
 #include <botan/gost_3411.h>
 #include <botan/pubkey.h>
@@ -47,11 +46,7 @@ class GOSTDNSCryptoKeyEngine : public DNSCryptoKeyEngine
   explicit GOSTDNSCryptoKeyEngine(unsigned int algorithm) : DNSCryptoKeyEngine(algorithm) {}
   ~GOSTDNSCryptoKeyEngine(){}
   void create(unsigned int bits) override;
-#if BOTAN_VERSION_MAJOR < 2
-  string getName() const override { return "Botan 1.10 GOST"; }
-#else
   string getName() const override { return "Botan 2 GOST"; }
-#endif
   storvector_t convertToISCVector() const override;
   std::string getPubKeyHash() const override;
   std::string sign(const std::string& msg) const override;
@@ -70,17 +65,10 @@ class GOSTDNSCryptoKeyEngine : public DNSCryptoKeyEngine
   }
 
 private:
-#if BOTAN_VERSION_MAJOR < 2
-  static EC_Domain_Params getParams()
-  {
-    return EC_Domain_Params("1.2.643.2.2.35.1");
-  }
-#else
   static EC_Group getParams()
   {
     return EC_Group("gost_256A");
   }
-#endif
 
   shared_ptr<GOST_3410_PrivateKey> d_key;
   shared_ptr<GOST_3410_PublicKey> d_pubkey;
@@ -165,11 +153,7 @@ namespace {
 
 BigInt decode_le(const byte msg[], size_t msg_len)
    {
-#if BOTAN_VERSION_MAJOR < 2
-   SecureVector<byte> msg_le(msg, msg_len);
-#else
    Botan::secure_vector<byte> msg_le(msg, msg + msg_len);
-#endif
 
    for(size_t i = 0; i != msg_le.size() / 2; ++i)
       std::swap(msg_le[i], msg_le[msg_le.size()-1-i]);
@@ -206,11 +190,7 @@ std::string GOSTDNSCryptoKeyEngine::getPublicKeyString() const
 
   size_t part_size = std::max(x.bytes(), y.bytes());
 
-#if BOTAN_VERSION_MAJOR < 2
-  MemoryVector<byte> bits(2*part_size);
-#else
   std::vector<byte> bits(2*part_size);
-#endif
 
   x.binary_encode(&bits[part_size - x.bytes()]);
   y.binary_encode(&bits[2*part_size - y.bytes()]);
@@ -235,26 +215,10 @@ std::string GOSTDNSCryptoKeyEngine::getPublicKeyString() const
 std::string GOSTDNSCryptoKeyEngine::sign(const std::string& msg) const
 {
   AutoSeeded_RNG rng;
-#if BOTAN_VERSION_MAJOR < 2
-  GOST_3410_Signature_Operation ops(*d_key);
-
-  string hash= this->hash(msg);
-  SecureVector<byte> signature=ops.sign((byte*)hash.c_str(), hash.length(), rng);
-
-#if BOTAN_VERSION_CODE <= BOTAN_VERSION_CODE_FOR(1,9,12)  // see http://bit.ly/gTytUf
-  string reversed((const char*)signature.begin()+ signature.size()/2, signature.size()/2);
-  reversed.append((const char*)signature.begin(), signature.size()/2);
-  return reversed;
-#else  
-  return string((const char*)signature.begin(), (const char*) signature.end());
-#endif
-
-#else /* BOTAN_VERSION_MAJOR < 2 */
   PK_Signer signer(*d_key, rng, "Raw");
   signer.update(hash(msg));
   auto signature = signer.signature(rng);
   return string(signature.begin(), signature.end());
-#endif /* BOTAN_VERSION_MAJOR < 2*/
 }
 
 std::string GOSTDNSCryptoKeyEngine::hash(const std::string& orig) const
@@ -268,23 +232,9 @@ std::string GOSTDNSCryptoKeyEngine::hash(const std::string& orig) const
 bool GOSTDNSCryptoKeyEngine::verify(const std::string& message, const std::string& signature) const
 {
   std::shared_ptr<GOST_3410_PublicKey> pk = d_pubkey ? d_pubkey : d_key;
-#if BOTAN_VERSION_MAJOR < 2
-  string hash = this->hash(message);
-
-  GOST_3410_Verification_Operation ops(*pk);
-#if BOTAN_VERSION_CODE <= BOTAN_VERSION_CODE_FOR(1,9,12)  // see http://bit.ly/gTytUf
-  string rsignature(signature.substr(32));
-  rsignature.append(signature.substr(0,32));
-  return ops.verify ((byte*)hash.c_str(), hash.length(), (byte*)rsignature.c_str(), rsignature.length());
-#else
-  return ops.verify ((byte*)hash.c_str(), hash.length(), (byte*)signature.c_str(), signature.length());
-#endif
-
-#else /* BOTAN_VERSION_MAJOR < 2 */
   PK_Verifier verifier(*pk, "Raw");
   verifier.update(hash(message));
   return verifier.check_signature(reinterpret_cast<const uint8_t*>(signature.c_str()), signature.size());
-#endif /* BOTAN_VERSION_MAJOR < 2*/
 }
 
 /*
@@ -302,13 +252,7 @@ struct LoaderStruct
 {
   LoaderStruct()
   {
-#if BOTAN_VERSION_MAJOR < 2
-    new Botan::LibraryInitializer("thread_safe=true");
-    // this leaks, but is fine
-    Botan::global_state().set_default_allocator("malloc"); // the other Botan allocator slows down for us
-#endif /* BOTAN_VERSION_MAJOR < 2*/
-
     DNSCryptoKeyEngine::report(12, &GOSTDNSCryptoKeyEngine::maker);
   }
-} loaderBotan110;
+} loaderBotan2;
 }