Merge branch 'softhsm:develop' into develop

Author: hansonchar

.appveyor.yml

@@ -41,31 +41,42 @@ init:
     $env:RELEASE_DIR=Join-Path $env:BUILD_DIR "SoftHSMv2-$env:ENV_PLATFORM"
 
     $env:CONFIGURE_OPTIONS = "$env:CONFIGURE_OPTIONS with-crypto-backend=$env:CRYPTO_BACKEND with-$env:CRYPTO_BACKEND=$env:CRYPTO_PACKAGE_PATH\ with-cppunit=$env:CPPUNIT_PATH\"
+cache: 
+  - C:/Tools/vcpkg/installed/
 environment:
+  APPVEYOR_SAVE_CACHE_ON_ERROR: true
   matrix:
-  - CRYPTO_BACKEND: botan
-    ADDITIONAL_CONFIGURE_OPTIONS: disable-eddsa disable-gost with-crypto-backend=botan
   - CRYPTO_BACKEND: openssl
     ADDITIONAL_CONFIGURE_OPTIONS: disable-eddsa disable-gost with-crypto-backend=openssl
+    DB_BACKEND: OFF
+  - CRYPTO_BACKEND: openssl
+    ADDITIONAL_CONFIGURE_OPTIONS: disable-eddsa disable-gost with-crypto-backend=openssl
+    DB_BACKEND: ON
+  - CRYPTO_BACKEND: botan
+    ADDITIONAL_CONFIGURE_OPTIONS: disable-eddsa disable-gost with-crypto-backend=botan
+    DB_BACKEND: OFF
 install:
+# Update vcpkg
+- cd c:\tools\vcpkg
+- cmd: git fetch
+- cmd: bootstrap-vcpkg.bat
+- cmd: vcpkg update
+- cmd: vcpkg upgrade --no-dry-run
 - cmd: vcpkg install sqlite3:x86-windows
+- cmd: vcpkg install openssl-windows:x86-windows
 - cmd: vcpkg install openssl-windows:x64-windows
 - cmd: vcpkg install botan:x86-windows
 - cmd: vcpkg install cppunit:x86-windows
-- cmd: vcpkg install getopt-win32:x86-windows
-build_script:
 - cmd: vcpkg integrate install
-- cmd: cmake -DCMAKE_TOOLCHAIN_FILE=C:/Tools/vcpkg/scripts/buildsystems/vcpkg.cmake -DWITH_CRYPTO_BACKEND=%CRYPTO_BACKEND% -DBUILD_TESTS=OFF -DDISABLE_NON_PAGED_MEMORY=ON -DENABLE_GOST=OFF .
-- cmd: msbuild softhsm2.sln /p:Configuration="Release" /p:Platform="Win32" /p:PlatformToolset=v140 /target:Build
+build_script:
+- cmd: if exist "C:\projects\softhsmv2\build" rmdir /s /q C:\projects\softhsmv2\build
+- cmd: mkdir C:\projects\softhsmv2\build
+- cmd: cmake -Bbuild -DCMAKE_TOOLCHAIN_FILE=C:\Tools\vcpkg\scripts\buildsystems\vcpkg.cmake -DWITH_OBJECTSTORE_BACKEND_DB=%DB_BACKEND% -DWITH_CRYPTO_BACKEND=%CRYPTO_BACKEND% -DBUILD_TESTS=ON -DDISABLE_NON_PAGED_MEMORY=ON -DENABLE_GOST=OFF
+- cmd: cmake -Bbuild --build . --config RelWithDebInfo
+- cmd: ctest -Bbuild -C RelWithDebInfo --progress --verbose
+- cmd: cmake -Bbuild -DCMAKE_INSTALL_PREFIX=build/SoftHSMv2-$(Platform) -DCMAKE_INSTALL_CONFIG_NAME=RelWithDebInfo -P cmake_install.cmake
 - cmd: IF "%ENV_PLATFORM%"=="x86" ( CD win32\Release ) ELSE ( CD win32\x64\Release)
-- cmd: cryptotest.exe
-- cmd: datamgrtest.exe
-- cmd: handlemgrtest.exe
-- cmd: objstoretest.exe
-- cmd: p11test.exe
-- cmd: sessionmgrtest.exe
-- cmd: slotmgrtest.exe
-test: off
+test: on
 artifacts:
 - path: build/SoftHSMv2-$(Platform)
   name: SoftHSMv2-$(PACKAGE_VERSION_NAME)-$(Platform)

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @softhsm/core

.github/workflows/ci.yml

@@ -0,0 +1,109 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - develop
+      - master
+  pull_request:
+
+jobs:
+  linux:
+    name: Linux (${{ matrix.backend }})
+    runs-on: ubuntu-20.04 # for OpenSSL 1.1.1
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - backend: openssl
+          - backend: botan
+    steps:
+      - uses: actions/checkout@v4
+      - name: Prepare
+        run: |
+          sudo apt update -qq
+          sudo apt install libcppunit-dev libbotan-2-dev p11-kit
+      - name: Build
+        env:
+          CXXFLAGS: -Werror -DBOTAN_NO_DEPRECATED_WARNINGS
+        run: |
+          ./autogen.sh
+          ./configure --with-crypto-backend=${{ matrix.backend }}
+          make
+      - name: Test
+        run: |
+          make check || (find . -name test-suite.log -exec cat {} \; && false)
+
+  macos:
+    name: macOS (${{ matrix.backend }})
+    runs-on: macos-14
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - backend: openssl
+            extra-options: --with-openssl=$(brew --prefix [email protected])
+          - backend: botan
+            extra-options: --with-botan=$(brew --prefix botan@2)
+    steps:
+      - uses: actions/checkout@v4
+      - name: Prepare
+        run: |
+          brew install automake libtool cppunit botan@2
+      - name: Build
+        env:
+          CXXFLAGS: -Werror -DBOTAN_NO_DEPRECATED_WARNINGS
+        run: |
+          ./autogen.sh
+          ./configure --with-crypto-backend=${{ matrix.backend }} ${{ matrix.extra-options }}
+          make
+      - name: Test
+        run: |
+          make check || (find . -name test-suite.log -exec cat {} \; && false)
+
+  windows:
+    name: Windows (${{ matrix.arch }}, ${{ matrix.backend }})
+    runs-on: windows-2022
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arch: x64
+            backend: openssl
+            target-platform: x64
+            build-options:
+          - arch: x64
+            backend: botan
+            target-platform: x64
+            build-options: -DENABLE_ECC=OFF -DENABLE_EDDSA=OFF
+          - arch: x86
+            backend: openssl
+            target-platform: Win32
+            build-options: -DENABLE_ECC=OFF -DENABLE_EDDSA=OFF
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ilammy/msvc-dev-cmd@v1
+        with:
+          arch: ${{ matrix.arch }}
+      - name: Create vcpkg.json
+        run: >
+          echo '{ "dependencies": [ "openssl", "botan", "cppunit" ],
+                  "overrides": [ { "name": "openssl", "version-string": "1.1.1n" },
+                                 { "name": "botan",   "version-string": "2.19.3" } ],
+                  "builtin-baseline": "38d1652f152d36481f2f4e8a85c0f1e14f3769f7" }' > vcpkg.json
+      - uses: seanmiddleditch/vcpkg-action@master
+        id: vcpkg
+        with:
+          manifest-dir: ${{ github.workspace }}
+          triplet: ${{ matrix.arch }}-windows
+          token: ${{ github.token }}
+      - name: Build
+        run: |
+          mkdir build
+          cmake -B build ${{ steps.vcpkg.outputs.vcpkg-cmake-config }} -A ${{ matrix.target-platform }} -DWITH_CRYPTO_BACKEND=${{ matrix.backend }} ${{ matrix.build-options }} -DDISABLE_NON_PAGED_MEMORY=ON -DBUILD_TESTS=ON
+          cmake --build build
+      - name: Test
+        env:
+          CTEST_OUTPUT_ON_FAILURE: 1
+        run: |
+          cmake --build build --target RUN_TESTS

CMAKE-WIN-NOTES.md

@@ -0,0 +1,74 @@
+# Building SoftHSMv2 for Windows
+
+This document describes process of building both 32-bit and 64-bit versions of SoftHSMv2.
+
+## Required software
+
+- [Visual Studio](https://visualstudio.microsoft.com/vs/community/) (Community)
+- [C/C++ dependency manager from Microsoft](https://vcpkg.io/)
+- [CMake](https://cmake.org/)
+
+## Prepare working directories
+
+	set VCPKG_HOME=C:\Projects\vcpkg
+	set SOFTHSM_HOME=C:\Projects\SoftHSMv2
+	git clone https://github.com/opendnssec/SoftHSMv2.git %SOFTHSM_HOME%
+	git clone https://github.com/Microsoft/vcpkg.git %VCPKG_HOME%
+
+## Build dependencies
+
+	cd %VCPKG_HOME%
+	bootstrap-vcpkg.bat
+	git fetch
+	git checkout 2021.05.12
+
+	vcpkg install cppunit:x86-windows
+	vcpkg install cppunit:x86-windows-static
+	vcpkg install openssl-windows:x86-windows
+	vcpkg install botan:x86-windows
+	vcpkg install sqlite3:x86-windows
+
+	vcpkg install cppunit:x64-windows
+	vcpkg install cppunit:x64-windows-static
+	vcpkg install openssl-windows:x64-windows
+	vcpkg install botan:x64-windows
+	vcpkg install sqlite3:x64-windows
+
+	vcpkg integrate install
+
+## Configure SoftHSMv2
+
+Build can be configured using the following commands:
+
+	mkdir %SOFTHSM_HOME%\tmp32
+	cd %SOFTHSM_HOME%\tmp32
+	cmake .. -G "Visual Studio 15 2017" -A Win32 -DCMAKE_TOOLCHAIN_FILE=%VCPKG_HOME%\scripts\buildsystems\vcpkg.cmake -DCMAKE_INSTALL_PREFIX=%SOFTHSM_HOME%\out32 -DBUILD_TESTS=ON -DWITH_CRYPTO_BACKEND=openssl -DWITH_OBJECTSTORE_BACKEND_DB=OFF
+
+	mkdir %SOFTHSM_HOME%\tmp64
+	cd %SOFTHSM_HOME%\tmp64
+	cmake .. -G "Visual Studio 15 2017" -A x64 -DCMAKE_TOOLCHAIN_FILE=%VCPKG_HOME%\scripts\buildsystems\vcpkg.cmake -DCMAKE_INSTALL_PREFIX=%SOFTHSM_HOME%\out64 -DBUILD_TESTS=ON -DWITH_CRYPTO_BACKEND=botan -DWITH_OBJECTSTORE_BACKEND_DB=ON
+
+Some options (more can be found in CMakeLists.txt):
+
+	-DBUILD_TESTS=ON                Compile tests along with libraries
+	-DENABLE_EDDSA=ON               Enable support for EDDSA
+	-DWITH_MIGRATE=ON               Build migration tool
+	-DWITH_CRYPTO_BACKEND=          Select crypto backend (openssl|botan)
+	-DDISABLE_NON_PAGED_MEMORY=ON   Disable non-paged memory for secure storage
+	-DWITH_OBJECTSTORE_BACKEND_DB=ON	Enable sqlite3 data storage
+
+## Compile
+
+Compile the source code using the following command:
+
+	cmake --build . --config RelWithDebInfo
+
+## Test
+
+	ctest -C RelWithDebInfo --output-on-failure --progress --verbose
+
+## Install
+
+Install the library using the follow command:
+
+	cmake  -DCMAKE_INSTALL_CONFIG_NAME=RelWithDebInfo  -P cmake_install.cmake

CMakeLists.txt

@@ -1,5 +1,4 @@
-cmake_minimum_required(VERSION 3.5)
-
+cmake_minimum_required(VERSION 3.16)
 project(softhsm2 C CXX)
 
 # Build Options
@@ -8,8 +7,8 @@ option(DISABLE_NON_PAGED_MEMORY "Disable non-paged memory for secure storage" OF
 option(DISABLE_VISIBILITY "Disables and unsets -fvisibility=hidden" OFF)
 option(ENABLE_64bit "Enable 64-bit compiling" OFF)
 option(ENABLE_ECC "Enable support for ECC" ON)
-option(ENABLE_EDDSA "Enable support for EDDSA" OFF)
-option(ENABLE_GOST "Enable support for GOST" ON)
+option(ENABLE_EDDSA "Enable support for EDDSA" ON)
+option(ENABLE_GOST "Enable support for GOST" OFF)
 option(ENABLE_FIPS "Enable support for FIPS 140-2 mode" OFF)
 option(ENABLE_P11_KIT "Enable p11-kit integration" ON)
 option(ENABLE_PEDANTIC "Enable pedantic compile mode" OFF)
@@ -51,7 +50,7 @@ set(DEFAULT_LOG_LEVEL "INFO"
     CACHE STRING "The default log level")
 set(DEFAULT_OBJECTSTORE_BACKEND "file"
     CACHE STRING "Default storage backend for token objects")
-set(DEFAULT_PKCS11_LIB "${CMAKE_INSTALL_FULL_LIBDIR}/softhsm/libsofthsm2.so"
+set(DEFAULT_PKCS11_LIB "${CMAKE_INSTALL_FULL_LIBDIR}/softhsm/libsofthsm2${CMAKE_SHARED_LIBRARY_SUFFIX}"
     CACHE STRING "The default PKCS#11 library")
 set(DEFAULT_SOFTHSM2_CONF "${CMAKE_INSTALL_FULL_SYSCONFDIR}/softhsm2.conf"
     CACHE STRING "The default location of softhsm.conf")
@@ -80,11 +79,37 @@ if(NOT CMAKE_BUILD_TYPE)
     set(CMAKE_BUILD_TYPE RelWithDebInfo CACHE STRING "Default build type for SoftHSMv2 project" FORCE)
 endif(NOT CMAKE_BUILD_TYPE)
 
+
+set(CMAKE_CXX_FLAGS_MAINTAINER "-Wall -Wabi" CACHE STRING
+ "Flags used by the C++ compiler during maintainer builds."
+  FORCE)
+set(CMAKE_C_FLAGS_MAINTAINER "-Wall -pedantic" CACHE STRING
+  "Flags used by the C compiler during maintainer builds."
+  FORCE)
+set(CMAKE_EXE_LINKER_FLAGS_MAINTAINER
+  "-Wl,--warn-unresolved-symbols,--warn-once" CACHE STRING
+  "Flags used for linking binaries during maintainer builds."
+  FORCE)
+set(CMAKE_SHARED_LINKER_FLAGS_MAINTAINER
+  "-Wl,--warn-unresolved-symbols,--warn-once" CACHE STRING
+  "Flags used by the shared libraries linker during maintainer builds."
+  FORCE)
+mark_as_advanced(
+  CMAKE_CXX_FLAGS_MAINTAINER
+  CMAKE_C_FLAGS_MAINTAINER
+  CMAKE_EXE_LINKER_FLAGS_MAINTAINER
+  CMAKE_SHARED_LINKER_FLAGS_MAINTAINER)
+
+set(CMAKE_BUILD_TYPE "${CMAKE_BUILD_TYPE}" CACHE STRING
+  "Choose the type of build, options are: None Debug Release RelWithDebInfo MinSizeRel Maintainer."
+  FORCE)
+
+
 message(STATUS "Build Configuration: ${CMAKE_BUILD_TYPE}")
 
 # Build Modules Path
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH}
-                      ${CMAKE_SOURCE_DIR}/modules
+                      ${CMAKE_SOURCE_DIR}/cmake/modules
                       )
 
 # Custom Modules
@@ -102,6 +127,7 @@ add_subdirectory(src)
 # p11-kit
 set(default_softhsm2_lib ${DEFAULT_PKCS11_LIB})
 configure_file(softhsm2.module.in softhsm2.module)
+
 if(ENABLE_P11_KIT)
     install(FILES ${PROJECT_BINARY_DIR}/softhsm2.module
             DESTINATION ${P11KIT_PATH}

Makefile.am

@@ -21,9 +21,9 @@ EXTRA_DIST =	$(srcdir)/CMakeLists.txt \
 		$(srcdir)/FIPS-NOTES.md \
 		$(srcdir)/LICENSE \
 		$(srcdir)/m4/*.m4 \
-		$(srcdir)/modules/*.cmake \
-		$(srcdir)/modules/tests/*.c \
-		$(srcdir)/modules/tests/*.cpp \
+		$(srcdir)/cmake/modules/*.cmake \
+		$(srcdir)/cmake/modules/tests/*.c \
+		$(srcdir)/cmake/modules/tests/*.cpp \
 		$(srcdir)/OSX-NOTES.md \
 		$(srcdir)/README.md \
 		$(srcdir)/win32/convarch/convarch.vcxproj.in \

README.md

@@ -1,6 +1,7 @@
 # SoftHSM version 2
 
-SoftHSM is part of the OpenDNSSEC project. Read more at www.opendnssec.org.
+SoftHSM started as part of the OpenDNSSEC project. Today it's a standalone
+project.
 
 [![Travis Build Status](https://api.travis-ci.org/opendnssec/SoftHSMv2.png)](https://travis-ci.org/opendnssec/SoftHSMv2)
 [![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/github/opendnssec/SoftHSMv2?svg=true)](https://ci.appveyor.com/project/opendnssec/softhsmv2)
@@ -18,7 +19,7 @@ computer.
 A potential problem with the use of the PKCS#11 interface is that it might
 limit the wide spread use of OpenDNSSEC, since a potential user might not be
 willing to invest in a new hardware device. To counter this effect, OpenDNSSEC
-is providing a software implementation of a generic cryptographic device with a
+provided a software implementation of a generic cryptographic device with a
 PKCS#11 interface, the SoftHSM. SoftHSM is designed to meet the requirements of
 OpenDNSSEC, but can also work together with other cryptographic products
 because of the PKCS#11 interface.
@@ -64,7 +65,7 @@ The unit tests requires CppUnit.
 If the code is downloaded directly from the code repository, you have to
 prepare the configuration scripts before continuing.
 
-1. You need to install automake, autoconf, libtool, libtool-ltdl-devel (RHEL/CentOS), pkg-config.
+1. You need to install automake, autoconf, libtool, libtool-ltdl-devel (RHEL/CentOS/Fedora), pkg-config.
 2. Run the command 'sh autogen.sh'
 
 ### Configure
@@ -113,18 +114,18 @@ Running the unit tests requires CppUnit.
 
 ### Install Library
 
-Install the library using the follow command:
+Install the library using the following command:
 
 	sudo make install
 
 ### Configure
 
 The default location of the config file is /etc/softhsm2.conf. This location
-can be change by setting the environment variable.
+can be changed by setting the SOFTHSM2\_CONF environment variable.
 
 	export SOFTHSM2_CONF=/home/user/config.file
 
-Details on the configuration can be found in "man softhsm2.conf".
+Details on the configuration can be found through command "man softhsm2.conf".
 
 Create the token directory you defined in your config file: