From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Thu, 21 Jan 2016 15:04:46 +0000 (+0100)
Subject: Remove Crypto++ support
X-Git-Tag: dnsdist-1.0.0-alpha2~4^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F3283%2Fhead;p=thirdparty%2Fpdns.git

Remove Crypto++ support
---

diff --git a/build-scripts/build-auth-rpm b/build-scripts/build-auth-rpm
index 55409ba99d..9c9b82eeb5 100755
--- a/build-scripts/build-auth-rpm
+++ b/build-scripts/build-auth-rpm
@@ -62,7 +62,6 @@ Requires(postun): /sbin/service
 
 BuildRequires: boost-devel
 BuildRequires: lua-devel
-BuildRequires: cryptopp-devel
 BuildRequires: bison
 Provides: powerdns = %{version}-%{release}
 
@@ -162,7 +161,6 @@ export CPPFLAGS="-DLDAP_DEPRECATED"
 	--with-modules='' \
 	--with-lua \
 	--with-dynmodules='%{backends} random' \
-	--enable-cryptopp \
 	--enable-tools \
 	--enable-remotebackend-http \
 	--enable-unit-tests
@@ -302,7 +300,6 @@ Requires(postun): systemd-units
 BuildRequires: systemd-units
 BuildRequires: boost-devel
 BuildRequires: lua-devel
-BuildRequires: cryptopp-devel
 BuildRequires: bison
 BuildRequires: mbedtls-devel
 Provides: powerdns = %{version}-%{release}
@@ -426,7 +423,6 @@ export CPPFLAGS="-DLDAP_DEPRECATED"
 	--with-system-mbedtls \
 	--with-lua \
 	--with-dynmodules='%{backends} random' \
-	--enable-cryptopp \
 	--enable-tools \
 	--enable-unit-tests
 
diff --git a/build-scripts/debian-authoritative/control b/build-scripts/debian-authoritative/control
index 25880ff112..af7aedf304 100644
--- a/build-scripts/debian-authoritative/control
+++ b/build-scripts/debian-authoritative/control
@@ -4,7 +4,7 @@ Priority: extra
 Standards-Version: 3.9.6
 Maintainer: PowerDNS Autobuilder <powerdns.support@powerdns.com>
 Origin: PowerDNS
-Build-Depends: debhelper (>= 9~), dh-autoreconf, dh-systemd, po-debconf, libtool, flex, bison, libmysqlclient-dev, libpq-dev, libssl-dev, libpolarssl-dev, libgdbm-dev, libldap2-dev, libsqlite3-dev, dpkg-dev (>= 1.17.0~), libboost-dev, libboost-serialization-dev, libboost-program-options-dev, libboost-test-dev, autotools-dev, automake, autoconf, liblua5.2-dev, pkg-config, libcrypto++-dev, ragel, libgmp-dev, libbotan1.10-dev, libcurl4-openssl-dev, libzmq-dev, libyaml-cpp-dev (>= 0.5), libgeoip-dev, libopendbx1-dev, libcdb-dev, unixodbc-dev (>= 2.3.1)
+Build-Depends: debhelper (>= 9~), dh-autoreconf, dh-systemd, po-debconf, libtool, flex, bison, libmysqlclient-dev, libpq-dev, libssl-dev, libpolarssl-dev, libgdbm-dev, libldap2-dev, libsqlite3-dev, dpkg-dev (>= 1.17.0~), libboost-dev, libboost-serialization-dev, libboost-program-options-dev, libboost-test-dev, autotools-dev, automake, autoconf, liblua5.2-dev, pkg-config, ragel, libgmp-dev, libbotan1.10-dev, libcurl4-openssl-dev, libzmq-dev, libyaml-cpp-dev (>= 0.5), libgeoip-dev, libopendbx1-dev, libcdb-dev, unixodbc-dev (>= 2.3.1)
 Homepage: http://www.powerdns.com/
 
 Package: pdns-server
diff --git a/build-scripts/debian-authoritative/rules b/build-scripts/debian-authoritative/rules
index 94b8f9c143..7c8eec6c8d 100755
--- a/build-scripts/debian-authoritative/rules
+++ b/build-scripts/debian-authoritative/rules
@@ -28,7 +28,6 @@ override_dh_auto_configure:
 		--with-modules="" \
 		--with-system-mbedtls \
 		--with-pgsql-includes=`pg_config --includedir` \
-		--enable-cryptopp \
 		--enable-botan1.10 \
 		--enable-tools \
 		--enable-unit-tests
diff --git a/build-scripts/rpm-build-instruction b/build-scripts/rpm-build-instruction
index 4f940e3571..de23d9ea6c 100755
--- a/build-scripts/rpm-build-instruction
+++ b/build-scripts/rpm-build-instruction
@@ -6,7 +6,7 @@ CC="ccache gcc" CXX="ccache g++" CPPFLAGS=-I/usr/local/include/botan-1.10 ./conf
 	--enable-static-binaries \
 	--with-pgsql-lib=/opt/postgresql/lib --with-pgsql-includes=/opt/postgresql/include \
 	--prefix=/usr \
-	--sysconfdir=/etc/powerdns --enable-botan1.10 --enable-cryptopp \
+	--sysconfdir=/etc/powerdns --enable-botan1.10 \
 	--mandir=/usr/man/ \
 && make clean && make -j4 && \
 fakeroot /bin/sh -c "rm -rf /tmp/pdns ; DESTDIR=/tmp/pdns make install-strip" &&
diff --git a/configure.ac b/configure.ac
index e2f0eb40ee..66a77e8143 100644
--- a/configure.ac
+++ b/configure.ac
@@ -144,7 +144,6 @@ PDNS_ENABLE_VERBOSE_LOGGING
 PDNS_WITH_SYSTEM_MBEDTLS
 PDNS_ENABLE_BOTAN
 PDNS_ENABLE_PKCS11
-PDNS_WITH_CRYPTOPP
 PDNS_ENABLE_GSS_TSIG
 
 AS_IF([test "x$static" != "xno"], [
diff --git a/docs/markdown/appendix/crypto-notes-export.md b/docs/markdown/appendix/crypto-notes-export.md
index 7fa71925d1..5cc7d41207 100644
--- a/docs/markdown/appendix/crypto-notes-export.md
+++ b/docs/markdown/appendix/crypto-notes-export.md
@@ -7,8 +7,6 @@ Furthermore, RSA, MD5 and the SHA-based algorithms are supplied as a copy of [mb
 
 Optionally, PowerDNS can link in a copy of the open source [Botan](http://botan.randombits.org/) cryptographic library.
 
-Optionally, PowerDNS can link in a copy of the open source [Crypto++](http://www.cryptopp.com/) library.
-
 Optionally, PowerDNS can link in a copy of the open source [Sodium](https://libsodium.org/) library.
 
 ## Specific United States Export Control Notes
diff --git a/m4/pdns_with_cryptopp.m4 b/m4/pdns_with_cryptopp.m4
deleted file mode 100644
index fc3f0907f0..0000000000
--- a/m4/pdns_with_cryptopp.m4
+++ /dev/null
@@ -1,22 +0,0 @@
-AC_DEFUN([PDNS_WITH_CRYPTOPP],[
-  AC_MSG_CHECKING([whether we will be linking in Crypto++])
-  AC_ARG_ENABLE([cryptopp],
-    [AS_HELP_STRING([--enable-cryptopp],[use Crypto++ @<:@default=no@:>@])],
-    [enable_cryptopp=$enableval],
-    [enable_cryptopp=no],
-  )
-  AC_MSG_RESULT([$enable_cryptopp])
-  AM_CONDITIONAL([CRYPTOPP], [test "x$enable_cryptopp" != "xno"])
-
-  AS_IF([test "x$enable_cryptopp" != "xno"], [
-    PKG_CHECK_MODULES([CRYPTOPP], [libcrypto++], [
-      AC_DEFINE([HAVE_CRYPTOPP], [1], [Define to 1 if you have crypto++])
-    ],[
-      PKG_CHECK_MODULES([CRYPTOPP], [cryptopp],
-       [AC_DEFINE([HAVE_CRYPTOPP], [1], [Define to 1 if you have cryptopp])
-      ],[
-        AC_MSG_ERROR([Could not find crypto++])
-      ])
-    ])
-  ])
-])
diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index 5b5fb0a4ad..38f4688214 100644
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -212,11 +212,6 @@ pdns_server_SOURCES += botan110signers.cc botansigners.cc
 pdns_server_LDADD += $(BOTAN110_LIBS)
 endif
 
-if CRYPTOPP
-pdns_server_SOURCES += cryptoppsigners.cc
-pdns_server_LDADD += $(CRYPTOPP_LIBS)
-endif
-
 if LIBSODIUM
 pdns_server_SOURCES += sodiumsigners.cc
 pdns_server_LDADD += $(LIBSODIUM_LIBS)
@@ -316,11 +311,6 @@ pdnsutil_SOURCES += botan110signers.cc botansigners.cc
 pdnsutil_LDADD += $(BOTAN110_LIBS)
 endif
 
-if CRYPTOPP
-pdnsutil_SOURCES += cryptoppsigners.cc
-pdnsutil_LDADD += $(CRYPTOPP_LIBS)
-endif
-
 if LIBSODIUM
 pdnsutil_SOURCES += sodiumsigners.cc
 pdnsutil_LDADD += $(LIBSODIUM_LIBS)
diff --git a/pdns/cryptoppsigners.cc b/pdns/cryptoppsigners.cc
deleted file mode 100644
index 12ec589d71..0000000000
--- a/pdns/cryptoppsigners.cc
+++ /dev/null
@@ -1,199 +0,0 @@
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-#include <cryptopp/osrng.h>
-#include <cryptopp/aes.h>
-#include <cryptopp/integer.h>
-#include <cryptopp/sha.h>
-#include <cryptopp/eccrypto.h>
-#include <cryptopp/oids.h>
-#include <cryptopp/filters.h>
-#include "dnssecinfra.hh"
-using namespace CryptoPP;
-
-template<class HASHER, class CURVE, int BITS> 
-class CryptoPPECDSADNSCryptoKeyEngine : public DNSCryptoKeyEngine
-{
-public:
-  explicit CryptoPPECDSADNSCryptoKeyEngine(unsigned int algo) : DNSCryptoKeyEngine(algo)
-  {}
-  void create(unsigned int bits);
-  string getName() const { return "CryptoPP ECDSA"; }
-  storvector_t convertToISCVector() const;
-  std::string getPubKeyHash() const;
-  std::string sign(const std::string& msg) const; 
-  std::string hash(const std::string& hash) const; 
-  bool verify(const std::string& msg, const std::string& signature) const;
-  std::string getPublicKeyString() const;
-  int getBits() const;
-  void fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& stormap);
-  void fromPublicKeyString(const std::string& content);
-  // void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw);
-
-  static DNSCryptoKeyEngine* maker(unsigned int algorithm)
-  {
-    return new CryptoPPECDSADNSCryptoKeyEngine(algorithm);
-  }
-
-private:
-  typedef typename ECDSA<ECP, HASHER>::PrivateKey privatekey_t;
-  typedef typename ECDSA<ECP, HASHER>::PublicKey publickey_t;
-  shared_ptr<privatekey_t> d_key;
-  shared_ptr<publickey_t> d_pubkey;
-};
-
-template<class HASHER, class CURVE, int BITS> void CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::create(unsigned int bits)
-{
-  if(bits != BITS)
-    throw runtime_error("This CryptoPP class can only hosts keys of length "+std::to_string(BITS));
-  AutoSeededRandomPool prng;
-  privatekey_t* privateKey = new privatekey_t();
-  CryptoPP::OID oid=CURVE();
-  privateKey->Initialize( prng, oid);
-  d_key= shared_ptr<privatekey_t>(privateKey);
-    
-  publickey_t* publicKey = new publickey_t();
-  d_key->MakePublicKey(*publicKey);
-  d_pubkey = shared_ptr<publickey_t>(publicKey);
-}
-
-template<class HASHER, class CURVE, int BITS>
-int CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::getBits() const
-{
-  return BITS;
-}
-
-template<class HASHER, class CURVE, int BITS>
-DNSCryptoKeyEngine::storvector_t CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::convertToISCVector() const
-{
-   /* Algorithm: 13 (ECDSAP256SHA256)
-   PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ= */
-  string algostr=std::to_string(d_algorithm);
-  if(d_algorithm==13) 
-    algostr+=" (ECDSAP256SHA256)";
-  else if(d_algorithm==14)
-    algostr+=" (ECDSAP384SHA384)";
-  else
-    algostr+=" (?)";
-  
-  storvector_t storvect;
-  storvect.push_back(make_pair("Algorithm", algostr));
-  
-  const CryptoPP::Integer& pe=d_key->GetPrivateExponent();
-  size_t len = BITS/8;
-  unsigned char buffer[len];
-  pe.Encode(buffer, len);
-  storvect.push_back(make_pair("PrivateKey", string((char*)buffer, sizeof(buffer))));
-  return storvect;
-}
-
-template<class HASHER, class CURVE, int BITS>
-void CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& stormap )
-{
-  AutoSeededRandomPool prng;
-  privatekey_t* privateKey = new privatekey_t;
-  const CryptoPP::Integer x(reinterpret_cast<const unsigned char*>(stormap["privatekey"].c_str()), BITS/8); // well it should be this long
-  CryptoPP::OID oid=CURVE();
-  privateKey->Initialize(oid, x);
-  bool result = privateKey->Validate(prng, 3);
-  if (!result) {
-      throw runtime_error("Cannot load private key - validation failed!");
-  }
-  d_key = shared_ptr<privatekey_t>(privateKey);
-  publickey_t* publicKey = new publickey_t();
-  d_key->MakePublicKey(*publicKey);
-  d_pubkey = shared_ptr<publickey_t>(publicKey);
-  drc.d_algorithm = pdns_stou(stormap["algorithm"]);
-}
-
-template<class HASHER, class CURVE, int BITS>
-std::string CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::getPubKeyHash() const
-{
-  return getPublicKeyString(); // sad, hashme please!
-}
-template<class HASHER, class CURVE, int BITS>
-std::string CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::getPublicKeyString() const
-{
-  const ECP::Point& q = d_pubkey->GetPublicElement();
-
-  const CryptoPP::Integer& qx = q.x;
-  const CryptoPP::Integer& qy = q.y;
-
-  size_t len = BITS/8;
-  unsigned char buffer[len*2];
-  qx.Encode(buffer, len);
-  qy.Encode(buffer + len, len);
-
-  return string((char*)buffer, sizeof(buffer));
-}
-template<class HASHER, class CURVE, int BITS>
-void CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::fromPublicKeyString(const std::string& rawString) 
-{
-  CryptoPP::Integer x, y;
-  x.Decode((byte*)rawString.c_str(), rawString.size()/2);
-  y.Decode((byte*)rawString.c_str() + rawString.size()/2, rawString.size()/2);
-  
-  ECP::Point q(x,y);
-  
-  publickey_t* pubkey = new publickey_t;
-  CryptoPP::OID oid=CURVE();
-  pubkey->Initialize(oid, q);
-  d_pubkey = shared_ptr<publickey_t>(pubkey);
-  d_key.reset();
-}
-template<class HASHER, class CURVE, int BITS>
-std::string CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::sign(const std::string& msg) const
-{  
-  string signature;
-  AutoSeededRandomPool prng;
-  StringSource( msg, true /*pump all*/,
-    new SignerFilter( prng,
-        typename ECDSA<ECP,HASHER>::Signer( *d_key ),
-        new StringSink( signature )
-    ) // SignerFilter
-  ); // StringSource
-  return signature;
-
-}
-template<class HASHER, class CURVE, int BITS>
-std::string CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::hash(const std::string& orig) const
-{
-  string hash;
-  HASHER hasher;
-  StringSource( orig, true /*pump all*/,
-    new HashFilter(hasher, new StringSink( hash )
-    ) // HashFilter
-  ); // StringSource
-  return hash;
-}
-template<class HASHER, class CURVE, int BITS>
-bool CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::verify(const std::string& msg, const std::string& signature) const
-{
-  byte result;
-  StringSource( signature+msg, true /*pump all*/,
-    new SignatureVerificationFilter(
-        typename ECDSA<ECP,HASHER>::Verifier(*d_pubkey),
-        new ArraySink( (byte*)&result, sizeof(result) )
-    ) // SignatureVerificationFilter
-  );
-  return result;
-}
-
-namespace {
-struct WrapperSECP256R1
-{
-  operator CryptoPP::OID () const  {    return CryptoPP::ASN1::secp256r1();  }
-};
-struct WrapperSECP384R1
-{
-  operator CryptoPP::OID () const  {    return CryptoPP::ASN1::secp384r1();  }
-};
-struct LoaderStruct
-{
-  LoaderStruct()
-  {
-    DNSCryptoKeyEngine::report(13, &CryptoPPECDSADNSCryptoKeyEngine<SHA256, WrapperSECP256R1, 256>::maker, true);
-    DNSCryptoKeyEngine::report(14, &CryptoPPECDSADNSCryptoKeyEngine<SHA384, WrapperSECP384R1, 384>::maker, true);
-  }
-} loaderCryptoPP;
-}
diff --git a/pdns/version.cc b/pdns/version.cc
index 4fe07c19ed..fb37876817 100644
--- a/pdns/version.cc
+++ b/pdns/version.cc
@@ -93,9 +93,6 @@ void showBuildConfiguration()
 #ifdef HAVE_BOTAN110
     "botan1.10 " <<
 #endif
-#ifdef HAVE_CRYPTOPP
-    "cryptopp " <<
-#endif
 #ifdef HAVE_LIBSODIUM
     "sodium " <<
 #endif