replace most boost serialization with existing monero serialization

This reduces the attack surface for data that can come from
malicious sources (exported output and key images, multisig
transactions...) since the monero serialization is already
exposed to the outside, and the boost lib we were using had
a few known crashers.

For interoperability, a new load-deprecated-formats wallet
setting is added (off by default). This allows loading boost
format data if there is no alternative. It will likely go
at some point, along with the ability to load those.

Notably, the peer lists file still uses the boost serialization
code, as the data it stores is define in epee, while the new
serialization code is in monero, and migrating it was fairly
hairy. Since this file is local and not obtained from anyone
else, the marginal risk is minimal, but it could be migrated
later if needed.

Some tests and tools also do, this will stay as is for now.

10 files changed, 10 insertions, 12 deletions

diff --git a/tests/core_tests/chaingen.h b/tests/core_tests/chaingen.h
index edaa9b20a..8b6135510 100644
--- a/tests/core_tests/chaingen.h
+++ b/tests/core_tests/chaingen.h
@@ -35,8 +35,6 @@
 #include <iostream>
 #include <stdint.h>
 
-#include <boost/archive/binary_oarchive.hpp>
-#include <boost/archive/binary_iarchive.hpp>
 #include <boost/program_options.hpp>
 #include <boost/optional.hpp>
 #include <boost/serialization/vector.hpp>
diff --git a/tests/data/fuzz/cold-outputs/OUTPUTS1 b/tests/data/fuzz/cold-outputs/OUTPUTS1
deleted file mode 100644
index f449f61ad..000000000
--- a/tests/data/fuzz/cold-outputs/OUTPUTS1
+++ /dev/null
diff --git a/tests/data/fuzz/cold-outputs/OUTPUTS2 b/tests/data/fuzz/cold-outputs/OUTPUTS2
deleted file mode 100644
index 33cf39024..000000000
--- a/tests/data/fuzz/cold-outputs/OUTPUTS2
+++ /dev/null
diff --git a/tests/data/fuzz/cold-outputs/out-all-6 b/tests/data/fuzz/cold-outputs/out-all-6
new file mode 100644
index 000000000..d24fc604f
--- /dev/null
+++ b/tests/data/fuzz/cold-outputs/out-all-6
diff --git a/tests/data/fuzz/cold-outputs/out-none-6 b/tests/data/fuzz/cold-outputs/out-none-6
new file mode 100644
index 000000000..c5390590c
--- /dev/null
+++ b/tests/data/fuzz/cold-outputs/out-none-6
diff --git a/tests/data/fuzz/cold-transaction/CTX1 b/tests/data/fuzz/cold-transaction/CTX1
index 0afecedbc..4b9ee45dc 100644
--- a/tests/data/fuzz/cold-transaction/CTX1
+++ b/tests/data/fuzz/cold-transaction/CTX1
diff --git a/tests/fuzz/cold-outputs.cpp b/tests/fuzz/cold-outputs.cpp
index 797a369a5..2698a36ba 100644
--- a/tests/fuzz/cold-outputs.cpp
+++ b/tests/fuzz/cold-outputs.cpp
@@ -40,7 +40,7 @@ BEGIN_INIT_SIMPLE_FUZZER()
   static tools::wallet2 local_wallet;
   wallet = &local_wallet;
 
-  static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f";
+  static const char * const spendkey_hex = "f285d4ac9e66271256fc7cde0d3d6b36f66efff6ccd766706c408e86f4997a0d";
   crypto::secret_key spendkey;
   epee::string_tools::hex_to_pod(spendkey_hex, spendkey);
 
@@ -50,12 +50,12 @@ BEGIN_INIT_SIMPLE_FUZZER()
 END_INIT_SIMPLE_FUZZER()
 
 BEGIN_SIMPLE_FUZZER()
-  std::string s = std::string("\x01\x16serialization::archive") + std::string((const char*)buf, len);
+  std::string s((const char*)buf, len);
   std::pair<size_t, std::vector<tools::wallet2::transfer_details>> outputs;
   std::stringstream iss;
   iss << s;
-  boost::archive::portable_binary_iarchive ar(iss);
-  ar >> outputs;
+  binary_archive<false> ar(iss);
+  ::serialization::serialize(ar, outputs);
   size_t n_outputs = wallet->import_outputs(outputs);
   std::cout << boost::lexical_cast<std::string>(n_outputs) << " outputs imported" << std::endl;
 END_SIMPLE_FUZZER()
diff --git a/tests/fuzz/cold-transaction.cpp b/tests/fuzz/cold-transaction.cpp
index 36fb35e15..135343704 100644
--- a/tests/fuzz/cold-transaction.cpp
+++ b/tests/fuzz/cold-transaction.cpp
@@ -40,7 +40,7 @@ BEGIN_INIT_SIMPLE_FUZZER()
   static tools::wallet2 local_wallet;
   wallet = &local_wallet;
 
-  static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f";
+  static const char * const spendkey_hex = "f285d4ac9e66271256fc7cde0d3d6b36f66efff6ccd766706c408e86f4997a0d";
   crypto::secret_key spendkey;
   epee::string_tools::hex_to_pod(spendkey_hex, spendkey);
 
@@ -50,12 +50,12 @@ BEGIN_INIT_SIMPLE_FUZZER()
 END_INIT_SIMPLE_FUZZER()
 
 BEGIN_SIMPLE_FUZZER()
-  std::string s = std::string("\x01\x16serialization::archive") + std::string((const char*)buf, len);
+  std::string s((const char*)buf, len);
   tools::wallet2::unsigned_tx_set exported_txs;
   std::stringstream iss;
   iss << s;
-  boost::archive::portable_binary_iarchive ar(iss);
-  ar >> exported_txs;
+  binary_archive<false> ar(iss);
+  ::serialization::serialize(ar, exported_txs);
   std::vector<tools::wallet2::pending_tx> ptx;
   bool success = wallet->sign_tx(exported_txs, "/tmp/cold-transaction-test-signed", ptx);
   std::cout << (success ? "signed" : "error") << std::endl;
diff --git a/tests/unit_tests/serialization.cpp b/tests/unit_tests/serialization.cpp
index b460559ff..ee0a7818c 100644
--- a/tests/unit_tests/serialization.cpp
+++ b/tests/unit_tests/serialization.cpp
@@ -42,7 +42,7 @@
 #include "serialization/json_archive.h"
 #include "serialization/debug_archive.h"
 #include "serialization/variant.h"
-#include "serialization/vector.h"
+#include "serialization/containers.h"
 #include "serialization/binary_utils.h"
 #include "wallet/wallet2.h"
 #include "gtest/gtest.h"
diff --git a/tests/unit_tests/varint.cpp b/tests/unit_tests/varint.cpp
index ca5af5ad2..a8dee677a 100644
--- a/tests/unit_tests/varint.cpp
+++ b/tests/unit_tests/varint.cpp
@@ -40,7 +40,7 @@
 #include "serialization/json_archive.h"
 #include "serialization/debug_archive.h"
 #include "serialization/variant.h"
-#include "serialization/vector.h"
+#include "serialization/containers.h"
 #include "serialization/binary_utils.h"
 #include "gtest/gtest.h"
 using namespace std;