mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

[#3553] Updated to Botab 3 (only)

Browse Source
This commit is contained in:
Francis Dupont 2025-03-25 18:16:31 +01:00
parent a140a853c9
commit de6059ebf3
7 changed files with 12 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
meson.build
View File

@ -222,10 +222,16 @@ LOG4CPLUS_DEP = dependency('log4cplus', fallback: ['log4cplus', 'log4cplus'])
# Cryptography # Cryptography
CRYPTO_DEP = disabler() CRYPTO_DEP = disabler()
botan = disabler() botan = disabler()
foreach dep : ['botan-2', 'botan'] foreach dep : ['botan-3', 'botan']
botan = dependency(dep, required: false) botan = dependency(dep, required: false)
if botan.found() if botan.found()
break version = botan.version()
if version.version_compare('<3.4.0')
message(f'Rejecting too old Botan (@version@ < 3.4.0)')
botan = disabler()
else
break
endif
endif endif
endforeach endforeach
openssl = dependency('openssl', required: false) openssl = dependency('openssl', required: false)

12
src/hooks/dhcp/high_availability/tests/ha_config_unittest.cc
View File

@ -1659,11 +1659,7 @@ TEST_F(HAConfigTest, badTrustAnchor) {
expected += "No such file or directory"; expected += "No such file or directory";
#else #else
expected += "I/O error: DataSource: Failure opening file "; expected += "I/O error: DataSource: Failure opening file ";
#if BOTAN_VERSION_MAJOR > 2
expected += "'/this-file-does-not-exist'"; expected += "'/this-file-does-not-exist'";
#else
expected += "/this-file-does-not-exist";
#endif
#endif #endif
testInvalidConfig(patched, expected); testInvalidConfig(patched, expected);
} }
@ -1704,11 +1700,7 @@ TEST_F(HAConfigTest, badCertFile) {
expected += "No such file or directory"; expected += "No such file or directory";
#else #else
expected += "I/O error: DataSource: Failure opening file "; expected += "I/O error: DataSource: Failure opening file ";
#if BOTAN_VERSION_MAJOR > 2
expected += "'/this-file-does-not-exist'"; expected += "'/this-file-does-not-exist'";
#else
expected += "/this-file-does-not-exist";
#endif
#endif #endif
testInvalidConfig(patched, expected); testInvalidConfig(patched, expected);
} }
@ -1749,11 +1741,7 @@ TEST_F(HAConfigTest, badKeyFile) {
expected += "No such file or directory"; expected += "No such file or directory";
#else #else
expected += "I/O error: DataSource: Failure opening file "; expected += "I/O error: DataSource: Failure opening file ";
#if BOTAN_VERSION_MAJOR > 2
expected += "'/this-file-does-not-exist'"; expected += "'/this-file-does-not-exist'";
#else
expected += "/this-file-does-not-exist";
#endif
#endif #endif
testInvalidConfig(patched, expected); testInvalidConfig(patched, expected);
} }

46
src/lib/asiolink/botan_tls.cc
View File

@ -18,9 +18,7 @@
#include <botan/data_src.h> #include <botan/data_src.h>
#include <botan/pem.h> #include <botan/pem.h>
#include <botan/pkcs8.h> #include <botan/pkcs8.h>
#if BOTAN_VERSION_MAJOR > 2
#include <botan/tls_session_manager_noop.h> #include <botan/tls_session_manager_noop.h>
#endif
using namespace isc::cryptolink; using namespace isc::cryptolink;
@ -56,28 +54,18 @@ public:
// Certificate chain. // Certificate chain.
std::vector<Botan::X509_Certificate> std::vector<Botan::X509_Certificate>
cert_chain(const std::vector<std::string>&, cert_chain(const std::vector<std::string>&,
#if BOTAN_VERSION_MAJOR > 2
const std::vector<Botan::AlgorithmIdentifier>&, const std::vector<Botan::AlgorithmIdentifier>&,
#endif
const std::string&, const std::string&,
const std::string&) override { const std::string&) override {
return (certs_); return (certs_);
} }
// Private key. // Private key.
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::Private_Key> std::shared_ptr<Botan::Private_Key>
#else
Botan::Private_Key*
#endif
private_key_for(const Botan::X509_Certificate&, private_key_for(const Botan::X509_Certificate&,
const std::string&, const std::string&,
const std::string&) override { const std::string&) override {
#if BOTAN_VERSION_MAJOR > 2
return (key_); return (key_);
#else
return (key_.get());
#endif
} }
// Set the store from a path. // Set the store from a path.
@ -131,27 +119,15 @@ public:
// Set the private key. // Set the private key.
void setPrivateKey(const std::string& file, void setPrivateKey(const std::string& file,
#if BOTAN_VERSION_MAJOR > 2
Botan::RandomNumberGenerator&, Botan::RandomNumberGenerator&,
#else
Botan::RandomNumberGenerator& rng,
#endif
bool& is_rsa) { bool& is_rsa) {
#if BOTAN_VERSION_MAJOR > 2
Botan::DataSource_Stream source(file); Botan::DataSource_Stream source(file);
auto priv_key = Botan::PKCS8::load_key(source); auto priv_key = Botan::PKCS8::load_key(source);
#else
auto priv_key = Botan::PKCS8::load_key(file, rng);
#endif
if (!priv_key) { if (!priv_key) {
isc_throw(Unexpected, isc_throw(Unexpected,
"Botan::PKCS8::load_key failed but not threw?"); "Botan::PKCS8::load_key failed but not threw?");
} }
#if BOTAN_VERSION_MAJOR > 2
key_ = std::move(priv_key); key_ = std::move(priv_key);
#else
key_.reset(priv_key);
#endif
is_rsa = (key_->algo_name() == "RSA"); is_rsa = (key_->algo_name() == "RSA");
} }
@ -291,28 +267,16 @@ public:
if (context_) { if (context_) {
return; return;
} }
#if BOTAN_VERSION_MAJOR > 2
context_.reset(new Botan::TLS::Context(cred_mgr_, context_.reset(new Botan::TLS::Context(cred_mgr_,
rng_, rng_,
sess_mgr_, sess_mgr_,
policy_)); policy_));
#else
context_.reset(new Botan::TLS::Context(*cred_mgr_,
*rng_,
*sess_mgr_,
*policy_));
#endif
} }
#if BOTAN_VERSION_MAJOR > 2 // Get the context.
virtual std::shared_ptr<Botan::TLS::Context> get() { virtual std::shared_ptr<Botan::TLS::Context> get() {
return (context_); return (context_);
} }
#else
virtual Botan::TLS::Context& get() {
return (*context_);
}
#endif
// Credentials Manager. // Credentials Manager.
std::shared_ptr<KeaCredentialsManager> cred_mgr_; std::shared_ptr<KeaCredentialsManager> cred_mgr_;
@ -335,19 +299,11 @@ TlsContext::TlsContext(TlsRole role)
: TlsContextBase(role), impl_(new TlsContextImpl()) { : TlsContextBase(role), impl_(new TlsContextImpl()) {
} }
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::TLS::Context> std::shared_ptr<Botan::TLS::Context>
TlsContext::getContext() { TlsContext::getContext() {
impl_->build(); impl_->build();
return (impl_->get()); return (impl_->get());
} }
#else
Botan::TLS::Context&
TlsContext::getContext() {
impl_->build();
return (impl_->get());
}
#endif
void void
TlsContext::setCertRequired(bool cert_required) { TlsContext::setCertRequired(bool cert_required) {

12
src/lib/asiolink/botan_tls.h
View File

@ -28,17 +28,9 @@ namespace asiolink {
/// @brief Translate TLS role into implementation. /// @brief Translate TLS role into implementation.
inline Botan::TLS::Connection_Side roleToImpl(TlsRole role) { inline Botan::TLS::Connection_Side roleToImpl(TlsRole role) {
if (role == TlsRole::SERVER) { if (role == TlsRole::SERVER) {
#if BOTAN_VERSION_MAJOR > 2
return (Botan::TLS::Connection_Side::Server); return (Botan::TLS::Connection_Side::Server);
#else
return (Botan::TLS::Connection_Side::SERVER);
#endif
} else { } else {
#if BOTAN_VERSION_MAJOR > 2
return (Botan::TLS::Connection_Side::Client); return (Botan::TLS::Connection_Side::Client);
#else
return (Botan::TLS::Connection_Side::CLIENT);
#endif
} }
} }
@ -61,11 +53,7 @@ public:
explicit TlsContext(TlsRole role); explicit TlsContext(TlsRole role);
/// @brief Return the underlying context. /// @brief Return the underlying context.
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::TLS::Context> getContext(); std::shared_ptr<Botan::TLS::Context> getContext();
#else
Botan::TLS::Context& getContext();
#endif
/// @brief Get the peer certificate requirement mode. /// @brief Get the peer certificate requirement mode.
/// ///

9
src/lib/asiolink/botan_wrapper.h
View File

@ -21,14 +21,7 @@
#pragma GCC diagnostic ignored "-Wnon-virtual-dtor" #pragma GCC diagnostic ignored "-Wnon-virtual-dtor"
#endif #endif
/// MariaDB defines PROTOCOL_VERSION which is also in a Botan enum... #include <boost/beast/core/error.hpp>
#ifdef PROTOCOL_VERSION
#define BOTAN_BACKUP_FOR_PROTOCOL_VERSION PROTOCOL_VERSION
#undef PROTOCOL_VERSION
#endif
#include <botan/asio_error.h>
#ifdef BOTAN_BACKUP_FOR_PROTOCOL_VERSION #ifdef BOTAN_BACKUP_FOR_PROTOCOL_VERSION
#define PROTOCOL_VERSION BOTAN_BACKUP_FOR_PROTOCOL_VERSION #define PROTOCOL_VERSION BOTAN_BACKUP_FOR_PROTOCOL_VERSION

41
src/lib/asiolink/testutils/botan_sample_client.cc
View File

@ -21,9 +21,7 @@
#include <botan/certstor_flatfile.h> #include <botan/certstor_flatfile.h>
#include <botan/pkcs8.h> #include <botan/pkcs8.h>
#include <botan/auto_rng.h> #include <botan/auto_rng.h>
#if BOTAN_VERSION_MAJOR > 2
#include <botan/tls_session_manager_noop.h> #include <botan/tls_session_manager_noop.h>
#endif
inline std::string CA_(const std::string& filename) { inline std::string CA_(const std::string& filename) {
return (std::string(TEST_CA_DIR) + "/" + filename); return (std::string(TEST_CA_DIR) + "/" + filename);
@ -38,24 +36,15 @@ using Client_Certificate_Store = Botan::Flatfile_Certificate_Store;
class Client_Credentials_Manager : public Botan::Credentials_Manager class Client_Credentials_Manager : public Botan::Credentials_Manager
{ {
public: public:
#if BOTAN_VERSION_MAJOR > 2
explicit Client_Credentials_Manager() explicit Client_Credentials_Manager()
#else
explicit Client_Credentials_Manager(Botan::RandomNumberGenerator& rng)
#endif
: stores_(), certs_(), : stores_(), certs_(),
store_(new Client_Certificate_Store(CA_("kea-ca.crt"))), store_(new Client_Certificate_Store(CA_("kea-ca.crt"))),
cert_(Botan::X509_Certificate(CA_("kea-client.crt"))), cert_(Botan::X509_Certificate(CA_("kea-client.crt"))),
key_() key_()
{ {
#if BOTAN_VERSION_MAJOR > 2
Botan::DataSource_Stream source(CA_("kea-client.key")); Botan::DataSource_Stream source(CA_("kea-client.key"));
auto priv_key = Botan::PKCS8::load_key(source); auto priv_key = Botan::PKCS8::load_key(source);
key_ = std::move(priv_key); key_ = std::move(priv_key);
#else
auto priv_key = Botan::PKCS8::load_key(CA_("kea-client.key"), rng);
key_.reset(priv_key);
#endif
stores_.push_back(store_.get()); stores_.push_back(store_.get());
certs_.push_back(cert_); certs_.push_back(cert_);
} }
@ -71,29 +60,19 @@ public:
std::vector<Botan::X509_Certificate> std::vector<Botan::X509_Certificate>
cert_chain(const std::vector<std::string>&, cert_chain(const std::vector<std::string>&,
#if BOTAN_VERSION_MAJOR > 2
const std::vector<Botan::AlgorithmIdentifier>&, const std::vector<Botan::AlgorithmIdentifier>&,
#endif
const std::string&, const std::string&,
const std::string&) override const std::string&) override
{ {
return certs_; return certs_;
} }
#if BOTAN_VERSION_MAJOR > 2 std::shared_ptr<Botan::Private_Key>
std::shared_ptr<Botan::Private_Key>
#else
Botan::Private_Key*
#endif
private_key_for(const Botan::X509_Certificate&, private_key_for(const Botan::X509_Certificate&,
const std::string&, const std::string&,
const std::string&) override const std::string&) override
{ {
#if BOTAN_VERSION_MAJOR > 2
return (key_); return (key_);
#else
return (key_.get());
#endif
} }
std::vector<Botan::Certificate_Store*> stores_; std::vector<Botan::Certificate_Store*> stores_;
@ -125,12 +104,8 @@ public:
class client class client
{ {
public: public:
client(boost::asio::io_service& io_context, client(boost::asio::io_context& io_context,
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::TLS::Context> context, std::shared_ptr<Botan::TLS::Context> context,
#else
Botan::TLS::Context& context,
#endif
const tcp::endpoint& endpoint) const tcp::endpoint& endpoint)
: socket_(io_context, context) : socket_(io_context, context)
{ {
@ -156,11 +131,7 @@ private:
void handshake() void handshake()
{ {
#if BOTAN_VERSION_MAJOR > 2
socket_.async_handshake(Botan::TLS::Connection_Side::Client, socket_.async_handshake(Botan::TLS::Connection_Side::Client,
#else
socket_.async_handshake(Botan::TLS::Connection_Side::CLIENT,
#endif
[this](const boost::system::error_code& error) [this](const boost::system::error_code& error)
{ {
if (!error) if (!error)
@ -242,7 +213,6 @@ int main(int argc, char* argv[])
using namespace std; // For atoi. using namespace std; // For atoi.
tcp::endpoint endpoint( tcp::endpoint endpoint(
boost::asio::ip::make_address(argv[1]), atoi(argv[2])); boost::asio::ip::make_address(argv[1]), atoi(argv[2]));
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::AutoSeeded_RNG> std::shared_ptr<Botan::AutoSeeded_RNG>
rng(new Botan::AutoSeeded_RNG()); rng(new Botan::AutoSeeded_RNG());
std::shared_ptr<Client_Credentials_Manager> std::shared_ptr<Client_Credentials_Manager>
@ -253,13 +223,6 @@ int main(int argc, char* argv[])
policy(new Client_Policy()); policy(new Client_Policy());
std::shared_ptr<Botan::TLS::Context> std::shared_ptr<Botan::TLS::Context>
ctx(new Botan::TLS::Context(creds_mgr, rng, sess_mgr, policy)); ctx(new Botan::TLS::Context(creds_mgr, rng, sess_mgr, policy));
#else
Botan::AutoSeeded_RNG rng;
Client_Credentials_Manager creds_mgr(rng);
Client_Session_Manager sess_mgr;
Client_Policy policy;
Botan::TLS::Context ctx(creds_mgr, rng, sess_mgr, policy);
#endif
client c(io_context, ctx, endpoint); client c(io_context, ctx, endpoint);

52
src/lib/asiolink/testutils/botan_sample_server.cc
View File

@ -20,9 +20,7 @@
#include <botan/certstor_flatfile.h> #include <botan/certstor_flatfile.h>
#include <botan/pkcs8.h> #include <botan/pkcs8.h>
#include <botan/auto_rng.h> #include <botan/auto_rng.h>
#if BOTAN_VERSION_MAJOR > 2
#include <botan/tls_session_manager_noop.h> #include <botan/tls_session_manager_noop.h>
#endif
inline std::string CA_(const std::string& filename) { inline std::string CA_(const std::string& filename) {
return (std::string(TEST_CA_DIR) + "/" + filename); return (std::string(TEST_CA_DIR) + "/" + filename);
@ -35,24 +33,15 @@ using Server_Certificate_Store = Botan::Flatfile_Certificate_Store;
class Server_Credentials_Manager : public Botan::Credentials_Manager class Server_Credentials_Manager : public Botan::Credentials_Manager
{ {
public: public:
#if BOTAN_VERSION_MAJOR > 2
explicit Server_Credentials_Manager() explicit Server_Credentials_Manager()
#else
explicit Server_Credentials_Manager(Botan::RandomNumberGenerator& rng)
#endif
: stores_(), certs_(), : stores_(), certs_(),
store_(new Server_Certificate_Store(CA_("kea-ca.crt"))), store_(new Server_Certificate_Store(CA_("kea-ca.crt"))),
cert_(Botan::X509_Certificate(CA_("kea-server.crt"))), cert_(Botan::X509_Certificate(CA_("kea-server.crt"))),
key_() key_()
{ {
#if BOTAN_VERSION_MAJOR > 2
Botan::DataSource_Stream source(CA_("kea-server.key")); Botan::DataSource_Stream source(CA_("kea-server.key"));
auto priv_key = Botan::PKCS8::load_key(source); auto priv_key = Botan::PKCS8::load_key(source);
key_ = std::move(priv_key); key_ = std::move(priv_key);
#else
auto priv_key = Botan::PKCS8::load_key(CA_("kea-server.key"), rng);
key_.reset(priv_key);
#endif
stores_.push_back(store_.get()); stores_.push_back(store_.get());
certs_.push_back(cert_); certs_.push_back(cert_);
} }
@ -68,29 +57,19 @@ public:
std::vector<Botan::X509_Certificate> std::vector<Botan::X509_Certificate>
cert_chain(const std::vector<std::string>&, cert_chain(const std::vector<std::string>&,
#if BOTAN_VERSION_MAJOR > 2
const std::vector<Botan::AlgorithmIdentifier>&, const std::vector<Botan::AlgorithmIdentifier>&,
#endif
const std::string&, const std::string&,
const std::string&) override const std::string&) override
{ {
return certs_; return certs_;
} }
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::Private_Key> std::shared_ptr<Botan::Private_Key>
#else
Botan::Private_Key*
#endif
private_key_for(const Botan::X509_Certificate&, private_key_for(const Botan::X509_Certificate&,
const std::string&, const std::string&,
const std::string&) override const std::string&) override
{ {
#if BOTAN_VERSION_MAJOR > 2
return (key_); return (key_);
#else
return (key_.get());
#endif
} }
std::vector<Botan::Certificate_Store*> stores_; std::vector<Botan::Certificate_Store*> stores_;
@ -122,11 +101,7 @@ public:
class session : public std::enable_shared_from_this<session> class session : public std::enable_shared_from_this<session>
{ {
public: public:
#if BOTAN_VERSION_MAJOR > 2
session(tcp::socket socket, std::shared_ptr<Botan::TLS::Context> ctx) session(tcp::socket socket, std::shared_ptr<Botan::TLS::Context> ctx)
#else
session(tcp::socket socket, Botan::TLS::Context& ctx)
#endif
: socket_(std::move(socket), ctx) : socket_(std::move(socket), ctx)
{ {
} }
@ -140,11 +115,7 @@ private:
void do_handshake() void do_handshake()
{ {
auto self(shared_from_this()); auto self(shared_from_this());
#if BOTAN_VERSION_MAJOR > 2
socket_.async_handshake(Botan::TLS::Connection_Side::Server, socket_.async_handshake(Botan::TLS::Connection_Side::Server,
#else
socket_.async_handshake(Botan::TLS::Connection_Side::SERVER,
#endif
[this, self](const boost::system::error_code& error) [this, self](const boost::system::error_code& error)
{ {
if (!error) if (!error)
@ -194,24 +165,13 @@ class server
public: public:
server(boost::asio::io_context& io_context, server(boost::asio::io_context& io_context,
unsigned short port, unsigned short port,
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::Credentials_Manager> creds_mgr, std::shared_ptr<Botan::Credentials_Manager> creds_mgr,
std::shared_ptr<Botan::RandomNumberGenerator> rng, std::shared_ptr<Botan::RandomNumberGenerator> rng,
std::shared_ptr<Botan::TLS::Session_Manager> sess_mgr, std::shared_ptr<Botan::TLS::Session_Manager> sess_mgr,
std::shared_ptr<Botan::TLS::Policy> policy std::shared_ptr<Botan::TLS::Policy> policy
#else
Botan::Credentials_Manager& creds_mgr,
Botan::RandomNumberGenerator& rng,
Botan::TLS::Session_Manager& sess_mgr,
Botan::TLS::Policy& policy
#endif
) )
: acceptor_(io_context, tcp::endpoint(tcp::v4(), port)), : acceptor_(io_context, tcp::endpoint(tcp::v4(), port)),
#if BOTAN_VERSION_MAJOR > 2
context_(new Botan::TLS::Context(creds_mgr, rng, sess_mgr, policy)) context_(new Botan::TLS::Context(creds_mgr, rng, sess_mgr, policy))
#else
context_(creds_mgr, rng, sess_mgr, policy)
#endif
{ {
do_accept(); do_accept();
} }
@ -232,11 +192,7 @@ private:
} }
tcp::acceptor acceptor_; tcp::acceptor acceptor_;
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::TLS::Context> context_; std::shared_ptr<Botan::TLS::Context> context_;
#else
Botan::TLS::Context context_;
#endif
}; };
int main(int argc, char* argv[]) int main(int argc, char* argv[])
@ -250,8 +206,6 @@ int main(int argc, char* argv[])
} }
boost::asio::io_context io_context; boost::asio::io_context io_context;
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::AutoSeeded_RNG> std::shared_ptr<Botan::AutoSeeded_RNG>
rng(new Botan::AutoSeeded_RNG()); rng(new Botan::AutoSeeded_RNG());
std::shared_ptr<Server_Credentials_Manager> std::shared_ptr<Server_Credentials_Manager>
@ -260,12 +214,6 @@ int main(int argc, char* argv[])
sess_mgr(new Server_Session_Manager()); sess_mgr(new Server_Session_Manager());
std::shared_ptr<Server_Policy> std::shared_ptr<Server_Policy>
policy(new Server_Policy()); policy(new Server_Policy());
#else
Botan::AutoSeeded_RNG rng;
Server_Credentials_Manager creds_mgr(rng);
Server_Session_Manager sess_mgr;
Server_Policy policy;
#endif
server s(io_context, std::atoi(argv[1]), creds_mgr, rng, sess_mgr, policy); server s(io_context, std::atoi(argv[1]), creds_mgr, rng, sess_mgr, policy);
io_context.run(); io_context.run();