diff --git a/meson.build b/meson.build index 42ea6e7e43..a281aa851a 100644 --- a/meson.build +++ b/meson.build @@ -222,10 +222,16 @@ LOG4CPLUS_DEP = dependency('log4cplus', fallback: ['log4cplus', 'log4cplus']) # Cryptography CRYPTO_DEP = disabler() botan = disabler() -foreach dep : ['botan-2', 'botan'] +foreach dep : ['botan-3', 'botan'] botan = dependency(dep, required: false) if botan.found() - break + version = botan.version() + if version.version_compare('<3.4.0') + message(f'Rejecting too old Botan (@version@ < 3.4.0)') + botan = disabler() + else + break + endif endif endforeach openssl = dependency('openssl', required: false) diff --git a/src/hooks/dhcp/high_availability/tests/ha_config_unittest.cc b/src/hooks/dhcp/high_availability/tests/ha_config_unittest.cc index eee6a1c561..29f3bb8b56 100644 --- a/src/hooks/dhcp/high_availability/tests/ha_config_unittest.cc +++ b/src/hooks/dhcp/high_availability/tests/ha_config_unittest.cc @@ -1659,11 +1659,7 @@ TEST_F(HAConfigTest, badTrustAnchor) { expected += "No such file or directory"; #else expected += "I/O error: DataSource: Failure opening file "; -#if BOTAN_VERSION_MAJOR > 2 expected += "'/this-file-does-not-exist'"; -#else - expected += "/this-file-does-not-exist"; -#endif #endif testInvalidConfig(patched, expected); } @@ -1704,11 +1700,7 @@ TEST_F(HAConfigTest, badCertFile) { expected += "No such file or directory"; #else expected += "I/O error: DataSource: Failure opening file "; -#if BOTAN_VERSION_MAJOR > 2 expected += "'/this-file-does-not-exist'"; -#else - expected += "/this-file-does-not-exist"; -#endif #endif testInvalidConfig(patched, expected); } @@ -1749,11 +1741,7 @@ TEST_F(HAConfigTest, badKeyFile) { expected += "No such file or directory"; #else expected += "I/O error: DataSource: Failure opening file "; -#if BOTAN_VERSION_MAJOR > 2 expected += "'/this-file-does-not-exist'"; -#else - expected += "/this-file-does-not-exist"; -#endif #endif testInvalidConfig(patched, expected); } diff --git a/src/lib/asiolink/botan_tls.cc b/src/lib/asiolink/botan_tls.cc index 18acde5ea8..5a496375ea 100644 --- a/src/lib/asiolink/botan_tls.cc +++ b/src/lib/asiolink/botan_tls.cc @@ -18,9 +18,7 @@ #include #include #include -#if BOTAN_VERSION_MAJOR > 2 #include -#endif using namespace isc::cryptolink; @@ -56,28 +54,18 @@ public: // Certificate chain. std::vector cert_chain(const std::vector&, -#if BOTAN_VERSION_MAJOR > 2 const std::vector&, -#endif const std::string&, const std::string&) override { return (certs_); } // Private key. -#if BOTAN_VERSION_MAJOR > 2 std::shared_ptr -#else - Botan::Private_Key* -#endif private_key_for(const Botan::X509_Certificate&, const std::string&, const std::string&) override { -#if BOTAN_VERSION_MAJOR > 2 return (key_); -#else - return (key_.get()); -#endif } // Set the store from a path. @@ -131,27 +119,15 @@ public: // Set the private key. void setPrivateKey(const std::string& file, -#if BOTAN_VERSION_MAJOR > 2 Botan::RandomNumberGenerator&, -#else - Botan::RandomNumberGenerator& rng, -#endif bool& is_rsa) { -#if BOTAN_VERSION_MAJOR > 2 Botan::DataSource_Stream source(file); auto priv_key = Botan::PKCS8::load_key(source); -#else - auto priv_key = Botan::PKCS8::load_key(file, rng); -#endif if (!priv_key) { isc_throw(Unexpected, "Botan::PKCS8::load_key failed but not threw?"); } -#if BOTAN_VERSION_MAJOR > 2 key_ = std::move(priv_key); -#else - key_.reset(priv_key); -#endif is_rsa = (key_->algo_name() == "RSA"); } @@ -291,28 +267,16 @@ public: if (context_) { return; } -#if BOTAN_VERSION_MAJOR > 2 context_.reset(new Botan::TLS::Context(cred_mgr_, rng_, sess_mgr_, policy_)); -#else - context_.reset(new Botan::TLS::Context(*cred_mgr_, - *rng_, - *sess_mgr_, - *policy_)); -#endif } -#if BOTAN_VERSION_MAJOR > 2 + // Get the context. virtual std::shared_ptr get() { return (context_); } -#else - virtual Botan::TLS::Context& get() { - return (*context_); - } -#endif // Credentials Manager. std::shared_ptr cred_mgr_; @@ -335,19 +299,11 @@ TlsContext::TlsContext(TlsRole role) : TlsContextBase(role), impl_(new TlsContextImpl()) { } -#if BOTAN_VERSION_MAJOR > 2 std::shared_ptr TlsContext::getContext() { impl_->build(); return (impl_->get()); } -#else -Botan::TLS::Context& -TlsContext::getContext() { - impl_->build(); - return (impl_->get()); -} -#endif void TlsContext::setCertRequired(bool cert_required) { diff --git a/src/lib/asiolink/botan_tls.h b/src/lib/asiolink/botan_tls.h index 13afc98d9c..1fe6941031 100644 --- a/src/lib/asiolink/botan_tls.h +++ b/src/lib/asiolink/botan_tls.h @@ -28,17 +28,9 @@ namespace asiolink { /// @brief Translate TLS role into implementation. inline Botan::TLS::Connection_Side roleToImpl(TlsRole role) { if (role == TlsRole::SERVER) { -#if BOTAN_VERSION_MAJOR > 2 return (Botan::TLS::Connection_Side::Server); -#else - return (Botan::TLS::Connection_Side::SERVER); -#endif } else { -#if BOTAN_VERSION_MAJOR > 2 return (Botan::TLS::Connection_Side::Client); -#else - return (Botan::TLS::Connection_Side::CLIENT); -#endif } } @@ -61,11 +53,7 @@ public: explicit TlsContext(TlsRole role); /// @brief Return the underlying context. -#if BOTAN_VERSION_MAJOR > 2 std::shared_ptr getContext(); -#else - Botan::TLS::Context& getContext(); -#endif /// @brief Get the peer certificate requirement mode. /// diff --git a/src/lib/asiolink/botan_wrapper.h b/src/lib/asiolink/botan_wrapper.h index 4044887ab6..9c2a9f09ba 100644 --- a/src/lib/asiolink/botan_wrapper.h +++ b/src/lib/asiolink/botan_wrapper.h @@ -21,14 +21,7 @@ #pragma GCC diagnostic ignored "-Wnon-virtual-dtor" #endif -/// MariaDB defines PROTOCOL_VERSION which is also in a Botan enum... - -#ifdef PROTOCOL_VERSION -#define BOTAN_BACKUP_FOR_PROTOCOL_VERSION PROTOCOL_VERSION -#undef PROTOCOL_VERSION -#endif - -#include +#include #ifdef BOTAN_BACKUP_FOR_PROTOCOL_VERSION #define PROTOCOL_VERSION BOTAN_BACKUP_FOR_PROTOCOL_VERSION diff --git a/src/lib/asiolink/testutils/botan_sample_client.cc b/src/lib/asiolink/testutils/botan_sample_client.cc index 20527355e8..2ce2e9008d 100644 --- a/src/lib/asiolink/testutils/botan_sample_client.cc +++ b/src/lib/asiolink/testutils/botan_sample_client.cc @@ -21,9 +21,7 @@ #include #include #include -#if BOTAN_VERSION_MAJOR > 2 #include -#endif inline std::string CA_(const std::string& filename) { return (std::string(TEST_CA_DIR) + "/" + filename); @@ -38,24 +36,15 @@ using Client_Certificate_Store = Botan::Flatfile_Certificate_Store; class Client_Credentials_Manager : public Botan::Credentials_Manager { public: -#if BOTAN_VERSION_MAJOR > 2 explicit Client_Credentials_Manager() -#else - explicit Client_Credentials_Manager(Botan::RandomNumberGenerator& rng) -#endif : stores_(), certs_(), store_(new Client_Certificate_Store(CA_("kea-ca.crt"))), cert_(Botan::X509_Certificate(CA_("kea-client.crt"))), key_() { -#if BOTAN_VERSION_MAJOR > 2 Botan::DataSource_Stream source(CA_("kea-client.key")); auto priv_key = Botan::PKCS8::load_key(source); key_ = std::move(priv_key); -#else - auto priv_key = Botan::PKCS8::load_key(CA_("kea-client.key"), rng); - key_.reset(priv_key); -#endif stores_.push_back(store_.get()); certs_.push_back(cert_); } @@ -71,29 +60,19 @@ public: std::vector cert_chain(const std::vector&, -#if BOTAN_VERSION_MAJOR > 2 const std::vector&, -#endif const std::string&, const std::string&) override { return certs_; } -#if BOTAN_VERSION_MAJOR > 2 - std::shared_ptr -#else - Botan::Private_Key* -#endif + std::shared_ptr private_key_for(const Botan::X509_Certificate&, const std::string&, const std::string&) override { -#if BOTAN_VERSION_MAJOR > 2 return (key_); -#else - return (key_.get()); -#endif } std::vector stores_; @@ -125,12 +104,8 @@ public: class client { public: - client(boost::asio::io_service& io_context, -#if BOTAN_VERSION_MAJOR > 2 + client(boost::asio::io_context& io_context, std::shared_ptr context, -#else - Botan::TLS::Context& context, -#endif const tcp::endpoint& endpoint) : socket_(io_context, context) { @@ -156,11 +131,7 @@ private: void handshake() { -#if BOTAN_VERSION_MAJOR > 2 socket_.async_handshake(Botan::TLS::Connection_Side::Client, -#else - socket_.async_handshake(Botan::TLS::Connection_Side::CLIENT, -#endif [this](const boost::system::error_code& error) { if (!error) @@ -242,7 +213,6 @@ int main(int argc, char* argv[]) using namespace std; // For atoi. tcp::endpoint endpoint( boost::asio::ip::make_address(argv[1]), atoi(argv[2])); -#if BOTAN_VERSION_MAJOR > 2 std::shared_ptr rng(new Botan::AutoSeeded_RNG()); std::shared_ptr @@ -253,13 +223,6 @@ int main(int argc, char* argv[]) policy(new Client_Policy()); std::shared_ptr ctx(new Botan::TLS::Context(creds_mgr, rng, sess_mgr, policy)); -#else - Botan::AutoSeeded_RNG rng; - Client_Credentials_Manager creds_mgr(rng); - Client_Session_Manager sess_mgr; - Client_Policy policy; - Botan::TLS::Context ctx(creds_mgr, rng, sess_mgr, policy); -#endif client c(io_context, ctx, endpoint); diff --git a/src/lib/asiolink/testutils/botan_sample_server.cc b/src/lib/asiolink/testutils/botan_sample_server.cc index 78860c08b7..cdecfbc572 100644 --- a/src/lib/asiolink/testutils/botan_sample_server.cc +++ b/src/lib/asiolink/testutils/botan_sample_server.cc @@ -20,9 +20,7 @@ #include #include #include -#if BOTAN_VERSION_MAJOR > 2 #include -#endif inline std::string CA_(const std::string& filename) { return (std::string(TEST_CA_DIR) + "/" + filename); @@ -35,24 +33,15 @@ using Server_Certificate_Store = Botan::Flatfile_Certificate_Store; class Server_Credentials_Manager : public Botan::Credentials_Manager { public: -#if BOTAN_VERSION_MAJOR > 2 explicit Server_Credentials_Manager() -#else - explicit Server_Credentials_Manager(Botan::RandomNumberGenerator& rng) -#endif : stores_(), certs_(), store_(new Server_Certificate_Store(CA_("kea-ca.crt"))), cert_(Botan::X509_Certificate(CA_("kea-server.crt"))), key_() { -#if BOTAN_VERSION_MAJOR > 2 Botan::DataSource_Stream source(CA_("kea-server.key")); auto priv_key = Botan::PKCS8::load_key(source); key_ = std::move(priv_key); -#else - auto priv_key = Botan::PKCS8::load_key(CA_("kea-server.key"), rng); - key_.reset(priv_key); -#endif stores_.push_back(store_.get()); certs_.push_back(cert_); } @@ -68,29 +57,19 @@ public: std::vector cert_chain(const std::vector&, -#if BOTAN_VERSION_MAJOR > 2 const std::vector&, -#endif const std::string&, const std::string&) override { return certs_; } -#if BOTAN_VERSION_MAJOR > 2 std::shared_ptr -#else - Botan::Private_Key* -#endif private_key_for(const Botan::X509_Certificate&, const std::string&, const std::string&) override { -#if BOTAN_VERSION_MAJOR > 2 return (key_); -#else - return (key_.get()); -#endif } std::vector stores_; @@ -122,11 +101,7 @@ public: class session : public std::enable_shared_from_this { public: -#if BOTAN_VERSION_MAJOR > 2 session(tcp::socket socket, std::shared_ptr ctx) -#else - session(tcp::socket socket, Botan::TLS::Context& ctx) -#endif : socket_(std::move(socket), ctx) { } @@ -140,11 +115,7 @@ private: void do_handshake() { auto self(shared_from_this()); -#if BOTAN_VERSION_MAJOR > 2 socket_.async_handshake(Botan::TLS::Connection_Side::Server, -#else - socket_.async_handshake(Botan::TLS::Connection_Side::SERVER, -#endif [this, self](const boost::system::error_code& error) { if (!error) @@ -194,24 +165,13 @@ class server public: server(boost::asio::io_context& io_context, unsigned short port, -#if BOTAN_VERSION_MAJOR > 2 std::shared_ptr creds_mgr, std::shared_ptr rng, std::shared_ptr sess_mgr, std::shared_ptr policy -#else - Botan::Credentials_Manager& creds_mgr, - Botan::RandomNumberGenerator& rng, - Botan::TLS::Session_Manager& sess_mgr, - Botan::TLS::Policy& policy -#endif ) : acceptor_(io_context, tcp::endpoint(tcp::v4(), port)), -#if BOTAN_VERSION_MAJOR > 2 context_(new Botan::TLS::Context(creds_mgr, rng, sess_mgr, policy)) -#else - context_(creds_mgr, rng, sess_mgr, policy) -#endif { do_accept(); } @@ -232,11 +192,7 @@ private: } tcp::acceptor acceptor_; -#if BOTAN_VERSION_MAJOR > 2 std::shared_ptr context_; -#else - Botan::TLS::Context context_; -#endif }; int main(int argc, char* argv[]) @@ -250,8 +206,6 @@ int main(int argc, char* argv[]) } boost::asio::io_context io_context; - -#if BOTAN_VERSION_MAJOR > 2 std::shared_ptr rng(new Botan::AutoSeeded_RNG()); std::shared_ptr @@ -260,12 +214,6 @@ int main(int argc, char* argv[]) sess_mgr(new Server_Session_Manager()); std::shared_ptr policy(new Server_Policy()); -#else - Botan::AutoSeeded_RNG rng; - Server_Credentials_Manager creds_mgr(rng); - Server_Session_Manager sess_mgr; - Server_Policy policy; -#endif server s(io_context, std::atoi(argv[1]), creds_mgr, rng, sess_mgr, policy); io_context.run();