by Martin von Gagern: https://code.monotone.ca/p/monotone/issues/182/ ============================================================ --- src/database.cc 4c259f963c440fc95564dfec99b2f832f0bad643 +++ src/database.cc 87efeeff2d3263ba98af684a4022f1897434ed2d @@ -3425,9 +3425,8 @@ database::encrypt_rsa(key_id const & pub rsa_pub_key pub; get_key(pub_id, pub); - SecureVector pub_block; - pub_block.set(reinterpret_cast(pub().data()), - pub().size()); + SecureVector pub_block + (reinterpret_cast(pub().data()), pub().size()); shared_ptr x509_key(Botan::X509::load_key(pub_block)); shared_ptr pub_key @@ -3471,14 +3470,13 @@ database::check_signature(key_id const & else { rsa_pub_key pub; - SecureVector pub_block; if (!public_key_exists(id)) return cert_unknown; get_key(id, pub); - pub_block.set(reinterpret_cast(pub().data()), - pub().size()); + SecureVector pub_block + (reinterpret_cast(pub().data()), pub().size()); L(FL("building verifier for %d-byte pub key") % pub_block.size()); shared_ptr x509_key(Botan::X509::load_key(pub_block)); ============================================================ --- src/gzip.cc e7c19bee910e3d421fd073933810ec52092b1d9b +++ src/gzip.cc bab290412cff6031b2d3bf9d1439a08499d39640 @@ -137,7 +137,7 @@ void Gzip_Compression::start_msg() /************************************************* * Compress Input with Gzip * *************************************************/ -void Gzip_Compression::write(const byte input[], u32bit length) +void Gzip_Compression::write(const byte input[], filter_length_t length) { count += length; @@ -267,7 +267,7 @@ void Gzip_Decompression::start_msg() /************************************************* * Decompress Input with Gzip * *************************************************/ -void Gzip_Decompression::write(const byte input[], u32bit length) +void Gzip_Decompression::write(const byte input[], filter_length_t length) { if(length) no_writes = false; @@ -284,8 +284,8 @@ void Gzip_Decompression::write(const byt // Check the gzip header if (pos < sizeof(GZIP::GZIP_HEADER)) { - u32bit len = std::min((u32bit)sizeof(GZIP::GZIP_HEADER)-pos, length); - u32bit cmplen = len; + filter_length_t len = std::min((filter_length_t)sizeof(GZIP::GZIP_HEADER)-pos, length); + filter_length_t cmplen = len; // The last byte is the OS flag - we don't care about that if (pos + len - 1 >= GZIP::HEADER_POS_OS) cmplen--; @@ -346,8 +346,14 @@ u32bit Gzip_Decompression::eat_footer(co if (footer.size() >= GZIP::FOOTER_LENGTH) throw Decoding_Error("Gzip_Decompression: Data integrity error in footer"); +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11) + size_t eat_len = std::min(GZIP::FOOTER_LENGTH-footer.size(), + static_cast(length)); + footer += std::make_pair(input, eat_len); +#else u32bit eat_len = std::min(GZIP::FOOTER_LENGTH-footer.size(), length); footer.append(input, eat_len); +#endif if (footer.size() == GZIP::FOOTER_LENGTH) { @@ -377,7 +383,12 @@ void Gzip_Decompression::check_footer() for (int i = 0; i < 4; i++) buf[3-i] = tmpbuf[i]; +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11) + tmpbuf.resize(4); + tmpbuf.copy(footer.begin(), 4); +#else tmpbuf.set(footer.begin(), 4); +#endif if (buf != tmpbuf) throw Decoding_Error("Gzip_Decompression: Data integrity error - CRC32 error"); @@ -412,7 +423,11 @@ void Gzip_Decompression::clear() no_writes = true; inflateReset(&(zlib->stream)); +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11) + footer.clear(); +#else footer.destroy(); +#endif pos = 0; datacount = 0; } ============================================================ --- src/gzip.hh 649dfc0b250954f39c0f73870f8bec3f32f7fa43 +++ src/gzip.hh f462dfc1df71ae1e9a8203606fd29d9e0eda9b2a @@ -7,6 +7,7 @@ #ifndef BOTAN_EXT_GZIP_H__ #define BOTAN_EXT_GZIP_H__ +#include #include #include @@ -30,13 +31,19 @@ namespace GZIP { } +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11) + typedef size_t filter_length_t; +#else + typedef u32bit filter_length_t; +#endif + /************************************************* * Gzip Compression Filter * *************************************************/ class Gzip_Compression : public Filter { public: - void write(const byte input[], u32bit length); + void write(const byte input[], filter_length_t length); void start_msg(); void end_msg(); std::string name() const { return "Gzip_Compression"; } @@ -60,7 +67,7 @@ class Gzip_Decompression : public Filter class Gzip_Decompression : public Filter { public: - void write(const byte input[], u32bit length); + void write(const byte input[], filter_length_t length); void start_msg(); void end_msg(); std::string name() const { return "Gzip_Decompression"; } ============================================================ --- src/key_packet.cc d1306df89dd684badac02c03744cd446381c07d3 +++ src/key_packet.cc c97262d161b23c9640972188979669b3e95afe7b @@ -106,8 +106,8 @@ namespace void validate_public_key_data(string const & name, string const & keydata) const { string decoded = decode_base64_as(keydata, origin::user); - Botan::SecureVector key_block; - key_block.set(reinterpret_cast(decoded.c_str()), decoded.size()); + Botan::SecureVector key_block + (reinterpret_cast(decoded.c_str()), decoded.size()); try { Botan::X509::load_key(key_block); ============================================================ --- src/key_store.cc 64c4c4bed1fadc26b51207b9f61343f9dd7d3c6e +++ src/key_store.cc 1b1f1a989c21ee0dc69c540783ffb1fe4bceabf5 @@ -572,13 +572,19 @@ key_store_state::decrypt_private_key(key try // with empty passphrase { Botan::DataSource_Memory ds(kp.priv()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7) +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11) + pkcs8_key.reset(Botan::PKCS8::load_key(ds, lazy_rng::get(), Dummy_UI())); +#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7) pkcs8_key.reset(Botan::PKCS8::load_key(ds, lazy_rng::get(), "")); #else pkcs8_key.reset(Botan::PKCS8::load_key(ds, "")); #endif } +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11) + catch (Passphrase_Required & e) +#else catch (Botan::Exception & e) +#endif { L(FL("failed to load key with no passphrase: %s") % e.what()); @@ -856,9 +862,9 @@ key_store::make_signature(database & db, { if (agent.connected()) { //grab the monotone public key as an RSA_PublicKey - SecureVector pub_block; - pub_block.set(reinterpret_cast(key.pub().data()), - key.pub().size()); + SecureVector pub_block + (reinterpret_cast(key.pub().data()), + key.pub().size()); L(FL("make_signature: building %d-byte pub key") % pub_block.size()); shared_ptr x509_key = shared_ptr(Botan::X509::load_key(pub_block)); @@ -1031,8 +1037,14 @@ key_store_state::migrate_old_key_pair for (;;) try { +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11) + arc4_key.resize(phrase().size()); + arc4_key.copy(reinterpret_cast(phrase().data()), + phrase().size()); +#else arc4_key.set(reinterpret_cast(phrase().data()), phrase().size()); +#endif Pipe arc4_decryptor(get_cipher("ARC4", arc4_key, Botan::DECRYPTION)); ============================================================ --- src/monotone.cc a25ecdd170a601db798b63a60add7681609a34c4 +++ src/monotone.cc 2c5f57762bc687a90f75e732f39d2181fc50bd6d @@ -170,11 +170,16 @@ cpp_main(int argc, char ** argv) // versions, including all of the stable branch 1.8.x. E(linked_botan_version < BOTAN_VERSION_CODE_FOR(1,9,0), origin::system, F("this monotone binary does not work with Botan 1.9.x")); -#else +#elif BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,11) E(linked_botan_version > BOTAN_VERSION_CODE_FOR(1,7,22), origin::system, F("this monotone binary requires Botan 1.7.22 or newer")); E(linked_botan_version < BOTAN_VERSION_CODE_FOR(1,9,0), origin::system, F("this monotone binary does not work with Botan 1.9.x")); +#else + E(linked_botan_version > BOTAN_VERSION_CODE_FOR(1,9,11), origin::system, + F("this monotone binary requires Botan 1.9.11 or newer")); + E(linked_botan_version < BOTAN_VERSION_CODE_FOR(1,11,0), origin::system, + F("this monotone binary does not work with Botan 1.11.x")); #endif app_state app; ============================================================ --- src/packet.cc f61360ed2524fdf53411bd24d022a2a3c9e6e9c7 +++ src/packet.cc 6f6739c4756933843a2d865dc6790de9013626b7 @@ -156,8 +156,8 @@ namespace void validate_public_key_data(string const & name, string const & keydata) const { string decoded = decode_base64_as(keydata, origin::user); - Botan::SecureVector key_block; - key_block.set(reinterpret_cast(decoded.c_str()), decoded.size()); + Botan::SecureVector key_block + (reinterpret_cast(decoded.c_str()), decoded.size()); try { Botan::X509::load_key(key_block); @@ -175,7 +175,9 @@ namespace Botan::DataSource_Memory ds(decoded); try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7) +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11) + Botan::PKCS8::load_key(ds, lazy_rng::get(), Dummy_UI()); +#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7) Botan::PKCS8::load_key(ds, lazy_rng::get(), string()); #else Botan::PKCS8::load_key(ds, string()); @@ -189,7 +191,11 @@ namespace } // since we do not want to prompt for a password to decode it finally, // we ignore all other exceptions +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11) + catch (Passphrase_Required) {} +#else catch (Botan::Invalid_Argument) {} +#endif } void validate_certname(string const & cn) const { @@ -460,8 +466,14 @@ read_packets(istream & in, packet_consum return count; } +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11) +std::string Dummy_UI::get_passphrase(const std::string&, + const std::string&, + Botan::User_Interface::UI_Result&) const { + throw Passphrase_Required(); +} +#endif - // Local Variables: // mode: C++ // fill-column: 76 ============================================================ --- src/packet.hh 0a224e6e92f244e2c3e9a5cdb935eb8613d7e85b +++ src/packet.hh 6c7d90e0bd9abe1e2e97da8ed40808fe438ea34b @@ -84,8 +84,26 @@ size_t read_packets(std::istream & in, p size_t read_packets(std::istream & in, packet_consumer & cons); +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11) +// work around botan commit 2d09d7d0cd4bd0e7155d001dd65a4f29103b158c +#include +class Dummy_UI : public Botan::User_Interface +{ +public: + virtual std::string get_passphrase(const std::string&, + const std::string&, + Botan::User_Interface::UI_Result&) const; +}; +class Passphrase_Required : public Botan::Exception { +public: + Passphrase_Required(const std::string& m = "Passphrase required") : + Botan::Exception(m) + {} +}; #endif +#endif + // Local Variables: // mode: C++ // fill-column: 76 ============================================================ --- src/sha1.cc 5e1aa972d7c7d66e06320b039989652b830dcd75 +++ src/sha1.cc 42e48b22fd88b25e0d38d4f91e1f13f8a83c7120 @@ -50,9 +50,12 @@ CMD_HIDDEN(benchmark_sha1, "benchmark_sh Botan::Default_Benchmark_Timer timer; std::map results = Botan::algorithm_benchmark("SHA-1", milliseconds, timer, rng, af); +#elif BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,11) + std::map results = + Botan::algorithm_benchmark("SHA-1", milliseconds, rng, af); #else std::map results = - Botan::algorithm_benchmark("SHA-1", milliseconds, rng, af); + Botan::algorithm_benchmark("SHA-1", af, rng, milliseconds, 16); #endif for(std::map::const_iterator i = results.begin(); ============================================================ --- src/ssh_agent.cc 6d188e7012a0b82f782563b09bbd7adf3f70cf75 +++ src/ssh_agent.cc 4a0dcab873559e934e41c5f220b5434d35600d9b @@ -385,9 +385,9 @@ ssh_agent::has_key(const keypair & key) ssh_agent::has_key(const keypair & key) { //grab the monotone public key as an RSA_PublicKey - SecureVector pub_block; - pub_block.set(reinterpret_cast((key.pub)().data()), - (key.pub)().size()); + SecureVector pub_block + (reinterpret_cast((key.pub)().data()), + (key.pub)().size()); L(FL("has_key: building %d-byte pub key") % pub_block.size()); shared_ptr x509_key = shared_ptr(Botan::X509::load_key(pub_block)); ============================================================ --- src/transforms.cc cdfb6854ef4992faba21074145f3c8269b845b11 +++ src/transforms.cc 789e01bbff42020d04d8dba8f6b97588fbe4ca3d @@ -53,10 +53,10 @@ using Botan::Hash_Filter; // paradigm "must" be used. this program is intended for source code // control and I make no bones about it. -NORETURN(static inline void error_in_transform(Botan::Exception & e)); +NORETURN(static inline void error_in_transform(std::exception & e)); static inline void -error_in_transform(Botan::Exception & e, origin::type caused_by) +error_in_transform(std::exception & e, origin::type caused_by) { // these classes can all indicate data corruption if (typeid(e) == typeid(Botan::Encoding_Error) @@ -107,7 +107,7 @@ error_in_transform(Botan::Exception & e, pipe->process_msg(in); \ out = pipe->read_all_as_string(Pipe::LAST_MESSAGE); \ } \ - catch (Botan::Exception & e) \ + catch (std::exception & e) \ { \ pipe.reset(new Pipe(new T(carg))); \ error_in_transform(e, made_from); \ @@ -173,7 +173,7 @@ template<> string xform tmp = pipe->read_all_as_string(Pipe::LAST_MESSAGE); out = base64< gzip >(tmp, in.made_from); } - catch (Botan::Exception & e) + catch (std::exception & e) { pipe.reset(new Pipe(new Gzip_Compression, new Base64_Encoder)); @@ -237,7 +237,7 @@ void unpack(base64< gzip > const & in pipe->process_msg(in()); out = T(pipe->read_all_as_string(Pipe::LAST_MESSAGE), in.made_from); } - catch (Botan::Exception & e) + catch (std::exception & e) { pipe.reset(new Pipe(new Base64_Decoder, new Gzip_Decompression)); @@ -264,7 +264,7 @@ calculate_ident(data const & dat, p->process_msg(dat()); ident = id(p->read_all_as_string(Pipe::LAST_MESSAGE), dat.made_from); } - catch (Botan::Exception & e) + catch (std::exception & e) { p.reset(new Pipe(new Hash_Filter("SHA-160"))); error_in_transform(e, dat.made_from);