mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-08-22 01:49:48 +00:00
Code Issues Releases Wiki Activity

[#3553] Updated to Botab 3 (only)

Browse Source
This commit is contained in:
Francis Dupont 2025-03-25 18:16:31 +01:00
parent a140a853c9
commit de6059ebf3
7 changed files with 12 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
meson.build
View File

@ -222,11 +222,17 @@ LOG4CPLUS_DEP = dependency('log4cplus', fallback: ['log4cplus', 'log4cplus'])
# Cryptography
CRYPTO_DEP = disabler()
botan = disabler()
foreach dep : ['botan-2', 'botan']
foreach dep : ['botan-3', 'botan']
botan = dependency(dep, required: false)
if botan.found()
version = botan.version()
if version.version_compare('<3.4.0')
message(f'Rejecting too old Botan (@version@ < 3.4.0)')
botan = disabler()
else
break
endif
endif
endforeach
openssl = dependency('openssl', required: false)

12
src/hooks/dhcp/high_availability/tests/ha_config_unittest.cc
View File

@ -1659,11 +1659,7 @@ TEST_F(HAConfigTest, badTrustAnchor) {
expected += "No such file or directory";
#else
expected += "I/O error: DataSource: Failure opening file ";
#if BOTAN_VERSION_MAJOR > 2
expected += "'/this-file-does-not-exist'";
#else
expected += "/this-file-does-not-exist";
#endif
#endif
testInvalidConfig(patched, expected);
}
@ -1704,11 +1700,7 @@ TEST_F(HAConfigTest, badCertFile) {
expected += "No such file or directory";
#else
expected += "I/O error: DataSource: Failure opening file ";
#if BOTAN_VERSION_MAJOR > 2
expected += "'/this-file-does-not-exist'";
#else
expected += "/this-file-does-not-exist";
#endif
#endif
testInvalidConfig(patched, expected);
}
@ -1749,11 +1741,7 @@ TEST_F(HAConfigTest, badKeyFile) {
expected += "No such file or directory";
#else
expected += "I/O error: DataSource: Failure opening file ";
#if BOTAN_VERSION_MAJOR > 2
expected += "'/this-file-does-not-exist'";
#else
expected += "/this-file-does-not-exist";
#endif
#endif
testInvalidConfig(patched, expected);
}

46
src/lib/asiolink/botan_tls.cc
View File

@ -18,9 +18,7 @@
#include <botan/data_src.h>
#include <botan/pem.h>
#include <botan/pkcs8.h>
#if BOTAN_VERSION_MAJOR > 2
#include <botan/tls_session_manager_noop.h>
#endif
using namespace isc::cryptolink;
@ -56,28 +54,18 @@ public:
// Certificate chain.
std::vector<Botan::X509_Certificate>
cert_chain(const std::vector<std::string>&,
#if BOTAN_VERSION_MAJOR > 2
const std::vector<Botan::AlgorithmIdentifier>&,
#endif
const std::string&,
const std::string&) override {
return (certs_);
}
// Private key.
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::Private_Key>
#else
Botan::Private_Key*
#endif
private_key_for(const Botan::X509_Certificate&,
const std::string&,
const std::string&) override {
#if BOTAN_VERSION_MAJOR > 2
return (key_);
#else
return (key_.get());
#endif
}
// Set the store from a path.
@ -131,27 +119,15 @@ public:
// Set the private key.
void setPrivateKey(const std::string& file,
#if BOTAN_VERSION_MAJOR > 2
Botan::RandomNumberGenerator&,
#else
Botan::RandomNumberGenerator& rng,
#endif
bool& is_rsa) {
#if BOTAN_VERSION_MAJOR > 2
Botan::DataSource_Stream source(file);
auto priv_key = Botan::PKCS8::load_key(source);
#else
auto priv_key = Botan::PKCS8::load_key(file, rng);
#endif
if (!priv_key) {
isc_throw(Unexpected,
"Botan::PKCS8::load_key failed but not threw?");
}
#if BOTAN_VERSION_MAJOR > 2
key_ = std::move(priv_key);
#else
key_.reset(priv_key);
#endif
is_rsa = (key_->algo_name() == "RSA");
}
@ -291,28 +267,16 @@ public:
if (context_) {
return;
}
#if BOTAN_VERSION_MAJOR > 2
context_.reset(new Botan::TLS::Context(cred_mgr_,
rng_,
sess_mgr_,
policy_));
#else
context_.reset(new Botan::TLS::Context(*cred_mgr_,
*rng_,
*sess_mgr_,
*policy_));
#endif
}
#if BOTAN_VERSION_MAJOR > 2
// Get the context.
virtual std::shared_ptr<Botan::TLS::Context> get() {
return (context_);
}
#else
virtual Botan::TLS::Context& get() {
return (*context_);
}
#endif
// Credentials Manager.
std::shared_ptr<KeaCredentialsManager> cred_mgr_;
@ -335,19 +299,11 @@ TlsContext::TlsContext(TlsRole role)
: TlsContextBase(role), impl_(new TlsContextImpl()) {
}
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::TLS::Context>
TlsContext::getContext() {
impl_->build();
return (impl_->get());
}
#else
Botan::TLS::Context&
TlsContext::getContext() {
impl_->build();
return (impl_->get());
}
#endif
void
TlsContext::setCertRequired(bool cert_required) {

12
src/lib/asiolink/botan_tls.h
View File

@ -28,17 +28,9 @@ namespace asiolink {
/// @brief Translate TLS role into implementation.
inline Botan::TLS::Connection_Side roleToImpl(TlsRole role) {
if (role == TlsRole::SERVER) {
#if BOTAN_VERSION_MAJOR > 2
return (Botan::TLS::Connection_Side::Server);
#else
return (Botan::TLS::Connection_Side::SERVER);
#endif
} else {
#if BOTAN_VERSION_MAJOR > 2
return (Botan::TLS::Connection_Side::Client);
#else
return (Botan::TLS::Connection_Side::CLIENT);
#endif
}
}
@ -61,11 +53,7 @@ public:
explicit TlsContext(TlsRole role);
/// @brief Return the underlying context.
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::TLS::Context> getContext();
#else
Botan::TLS::Context& getContext();
#endif
/// @brief Get the peer certificate requirement mode.
///

9
src/lib/asiolink/botan_wrapper.h
View File

@ -21,14 +21,7 @@
#pragma GCC diagnostic ignored "-Wnon-virtual-dtor"
#endif
/// MariaDB defines PROTOCOL_VERSION which is also in a Botan enum...
#ifdef PROTOCOL_VERSION
#define BOTAN_BACKUP_FOR_PROTOCOL_VERSION PROTOCOL_VERSION
#undef PROTOCOL_VERSION
#endif
#include <botan/asio_error.h>
#include <boost/beast/core/error.hpp>
#ifdef BOTAN_BACKUP_FOR_PROTOCOL_VERSION
#define PROTOCOL_VERSION BOTAN_BACKUP_FOR_PROTOCOL_VERSION

39
src/lib/asiolink/testutils/botan_sample_client.cc
View File

@ -21,9 +21,7 @@
#include <botan/certstor_flatfile.h>
#include <botan/pkcs8.h>
#include <botan/auto_rng.h>
#if BOTAN_VERSION_MAJOR > 2
#include <botan/tls_session_manager_noop.h>
#endif
inline std::string CA_(const std::string& filename) {
return (std::string(TEST_CA_DIR) + "/" + filename);
@ -38,24 +36,15 @@ using Client_Certificate_Store = Botan::Flatfile_Certificate_Store;
class Client_Credentials_Manager : public Botan::Credentials_Manager
{
public:
#if BOTAN_VERSION_MAJOR > 2
explicit Client_Credentials_Manager()
#else
explicit Client_Credentials_Manager(Botan::RandomNumberGenerator& rng)
#endif
: stores_(), certs_(),
store_(new Client_Certificate_Store(CA_("kea-ca.crt"))),
cert_(Botan::X509_Certificate(CA_("kea-client.crt"))),
key_()
{
#if BOTAN_VERSION_MAJOR > 2
Botan::DataSource_Stream source(CA_("kea-client.key"));
auto priv_key = Botan::PKCS8::load_key(source);
key_ = std::move(priv_key);
#else
auto priv_key = Botan::PKCS8::load_key(CA_("kea-client.key"), rng);
key_.reset(priv_key);
#endif
stores_.push_back(store_.get());
certs_.push_back(cert_);
}
@ -71,29 +60,19 @@ public:
std::vector<Botan::X509_Certificate>
cert_chain(const std::vector<std::string>&,
#if BOTAN_VERSION_MAJOR > 2
const std::vector<Botan::AlgorithmIdentifier>&,
#endif
const std::string&,
const std::string&) override
{
return certs_;
}
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::Private_Key>
#else
Botan::Private_Key*
#endif
private_key_for(const Botan::X509_Certificate&,
const std::string&,
const std::string&) override
{
#if BOTAN_VERSION_MAJOR > 2
return (key_);
#else
return (key_.get());
#endif
}
std::vector<Botan::Certificate_Store*> stores_;
@ -125,12 +104,8 @@ public:
class client
{
public:
client(boost::asio::io_service& io_context,
#if BOTAN_VERSION_MAJOR > 2
client(boost::asio::io_context& io_context,
std::shared_ptr<Botan::TLS::Context> context,
#else
Botan::TLS::Context& context,
#endif
const tcp::endpoint& endpoint)
: socket_(io_context, context)
{
@ -156,11 +131,7 @@ private:
void handshake()
{
#if BOTAN_VERSION_MAJOR > 2
socket_.async_handshake(Botan::TLS::Connection_Side::Client,
#else
socket_.async_handshake(Botan::TLS::Connection_Side::CLIENT,
#endif
[this](const boost::system::error_code& error)
{
if (!error)
@ -242,7 +213,6 @@ int main(int argc, char* argv[])
using namespace std; // For atoi.
tcp::endpoint endpoint(
boost::asio::ip::make_address(argv[1]), atoi(argv[2]));
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::AutoSeeded_RNG>
rng(new Botan::AutoSeeded_RNG());
std::shared_ptr<Client_Credentials_Manager>
@ -253,13 +223,6 @@ int main(int argc, char* argv[])
policy(new Client_Policy());
std::shared_ptr<Botan::TLS::Context>
ctx(new Botan::TLS::Context(creds_mgr, rng, sess_mgr, policy));
#else
Botan::AutoSeeded_RNG rng;
Client_Credentials_Manager creds_mgr(rng);
Client_Session_Manager sess_mgr;
Client_Policy policy;
Botan::TLS::Context ctx(creds_mgr, rng, sess_mgr, policy);
#endif
client c(io_context, ctx, endpoint);

52
src/lib/asiolink/testutils/botan_sample_server.cc
View File

@ -20,9 +20,7 @@
#include <botan/certstor_flatfile.h>
#include <botan/pkcs8.h>
#include <botan/auto_rng.h>
#if BOTAN_VERSION_MAJOR > 2
#include <botan/tls_session_manager_noop.h>
#endif
inline std::string CA_(const std::string& filename) {
return (std::string(TEST_CA_DIR) + "/" + filename);
@ -35,24 +33,15 @@ using Server_Certificate_Store = Botan::Flatfile_Certificate_Store;
class Server_Credentials_Manager : public Botan::Credentials_Manager
{
public:
#if BOTAN_VERSION_MAJOR > 2
explicit Server_Credentials_Manager()
#else
explicit Server_Credentials_Manager(Botan::RandomNumberGenerator& rng)
#endif
: stores_(), certs_(),
store_(new Server_Certificate_Store(CA_("kea-ca.crt"))),
cert_(Botan::X509_Certificate(CA_("kea-server.crt"))),
key_()
{
#if BOTAN_VERSION_MAJOR > 2
Botan::DataSource_Stream source(CA_("kea-server.key"));
auto priv_key = Botan::PKCS8::load_key(source);
key_ = std::move(priv_key);
#else
auto priv_key = Botan::PKCS8::load_key(CA_("kea-server.key"), rng);
key_.reset(priv_key);
#endif
stores_.push_back(store_.get());
certs_.push_back(cert_);
}
@ -68,29 +57,19 @@ public:
std::vector<Botan::X509_Certificate>
cert_chain(const std::vector<std::string>&,
#if BOTAN_VERSION_MAJOR > 2
const std::vector<Botan::AlgorithmIdentifier>&,
#endif
const std::string&,
const std::string&) override
{
return certs_;
}
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::Private_Key>
#else
Botan::Private_Key*
#endif
private_key_for(const Botan::X509_Certificate&,
const std::string&,
const std::string&) override
{
#if BOTAN_VERSION_MAJOR > 2
return (key_);
#else
return (key_.get());
#endif
}
std::vector<Botan::Certificate_Store*> stores_;
@ -122,11 +101,7 @@ public:
class session : public std::enable_shared_from_this<session>
{
public:
#if BOTAN_VERSION_MAJOR > 2
session(tcp::socket socket, std::shared_ptr<Botan::TLS::Context> ctx)
#else
session(tcp::socket socket, Botan::TLS::Context& ctx)
#endif
: socket_(std::move(socket), ctx)
{
}
@ -140,11 +115,7 @@ private:
void do_handshake()
{
auto self(shared_from_this());
#if BOTAN_VERSION_MAJOR > 2
socket_.async_handshake(Botan::TLS::Connection_Side::Server,
#else
socket_.async_handshake(Botan::TLS::Connection_Side::SERVER,
#endif
[this, self](const boost::system::error_code& error)
{
if (!error)
@ -194,24 +165,13 @@ class server
public:
server(boost::asio::io_context& io_context,
unsigned short port,
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::Credentials_Manager> creds_mgr,
std::shared_ptr<Botan::RandomNumberGenerator> rng,
std::shared_ptr<Botan::TLS::Session_Manager> sess_mgr,
std::shared_ptr<Botan::TLS::Policy> policy
#else
Botan::Credentials_Manager& creds_mgr,
Botan::RandomNumberGenerator& rng,
Botan::TLS::Session_Manager& sess_mgr,
Botan::TLS::Policy& policy
#endif
)
: acceptor_(io_context, tcp::endpoint(tcp::v4(), port)),
#if BOTAN_VERSION_MAJOR > 2
context_(new Botan::TLS::Context(creds_mgr, rng, sess_mgr, policy))
#else
context_(creds_mgr, rng, sess_mgr, policy)
#endif
{
do_accept();
}
@ -232,11 +192,7 @@ private:
}
tcp::acceptor acceptor_;
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::TLS::Context> context_;
#else
Botan::TLS::Context context_;
#endif
};
int main(int argc, char* argv[])
@ -250,8 +206,6 @@ int main(int argc, char* argv[])
}
boost::asio::io_context io_context;
#if BOTAN_VERSION_MAJOR > 2
std::shared_ptr<Botan::AutoSeeded_RNG>
rng(new Botan::AutoSeeded_RNG());
std::shared_ptr<Server_Credentials_Manager>
@ -260,12 +214,6 @@ int main(int argc, char* argv[])
sess_mgr(new Server_Session_Manager());
std::shared_ptr<Server_Policy>
policy(new Server_Policy());
#else
Botan::AutoSeeded_RNG rng;
Server_Credentials_Manager creds_mgr(rng);
Server_Session_Manager sess_mgr;
Server_Policy policy;
#endif
server s(io_context, std::atoi(argv[1]), creds_mgr, rng, sess_mgr, policy);
io_context.run();