Merge remote-tracking branch 'upstream/develop' into autoconf-fixes

Author: bjosv

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @softhsm/core

.github/workflows/ci.yml

@@ -0,0 +1,105 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - develop
+      - master
+  pull_request:
+
+jobs:
+  linux:
+    name: Linux (${{ matrix.backend }})
+    runs-on: ubuntu-20.04 # for OpenSSL 1.1.1
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - backend: openssl
+          - backend: botan
+    steps:
+      - uses: actions/checkout@v4
+      - name: Prepare
+        run: |
+          sudo apt update -qq
+          sudo apt install libcppunit-dev libbotan-2-dev p11-kit
+      - name: Build
+        run: |
+          ./autogen.sh
+          ./configure --with-crypto-backend=${{ matrix.backend }}
+          make
+      - name: Test
+        run: |
+          make check || (find . -name test-suite.log -exec cat {} \; && false)
+
+  macos:
+    name: macOS (${{ matrix.backend }})
+    runs-on: macos-14
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - backend: openssl
+            extra-options: --with-openssl=$(brew --prefix [email protected])
+          - backend: botan
+            extra-options: --with-botan=$(brew --prefix botan@2)
+    steps:
+      - uses: actions/checkout@v4
+      - name: Prepare
+        run: |
+          brew install automake libtool cppunit botan@2
+      - name: Build
+        run: |
+          ./autogen.sh
+          ./configure --with-crypto-backend=${{ matrix.backend }} ${{ matrix.extra-options }}
+          make
+      - name: Test
+        run: |
+          make check || (find . -name test-suite.log -exec cat {} \; && false)
+
+  windows:
+    name: Windows (${{ matrix.arch }}, ${{ matrix.backend }})
+    runs-on: windows-2022
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arch: x64
+            backend: openssl
+            target-platform: x64
+            build-options:
+          - arch: x64
+            backend: botan
+            target-platform: x64
+            build-options: -DENABLE_ECC=OFF -DENABLE_EDDSA=OFF
+          - arch: x86
+            backend: openssl
+            target-platform: Win32
+            build-options: -DENABLE_ECC=OFF -DENABLE_EDDSA=OFF
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ilammy/msvc-dev-cmd@v1
+        with:
+          arch: ${{ matrix.arch }}
+      - name: Create vcpkg.json
+        run: >
+          echo '{ "dependencies": [ "openssl", "botan", "cppunit" ],
+                  "overrides": [ { "name": "openssl", "version-string": "1.1.1n" },
+                                 { "name": "botan",   "version-string": "2.19.3" } ],
+                  "builtin-baseline": "38d1652f152d36481f2f4e8a85c0f1e14f3769f7" }' > vcpkg.json
+      - uses: seanmiddleditch/vcpkg-action@master
+        id: vcpkg
+        with:
+          manifest-dir: ${{ github.workspace }}
+          triplet: ${{ matrix.arch }}-windows
+          token: ${{ github.token }}
+      - name: Build
+        run: |
+          mkdir build
+          cmake -B build ${{ steps.vcpkg.outputs.vcpkg-cmake-config }} -A ${{ matrix.target-platform }} -DWITH_CRYPTO_BACKEND=${{ matrix.backend }} ${{ matrix.build-options }} -DDISABLE_NON_PAGED_MEMORY=ON -DBUILD_TESTS=ON
+          cmake --build build
+      - name: Test
+        env:
+          CTEST_OUTPUT_ON_FAILURE: 1
+        run: |
+          cmake --build build --target RUN_TESTS

CMakeLists.txt

@@ -50,7 +50,7 @@ set(DEFAULT_LOG_LEVEL "INFO"
     CACHE STRING "The default log level")
 set(DEFAULT_OBJECTSTORE_BACKEND "file"
     CACHE STRING "Default storage backend for token objects")
-set(DEFAULT_PKCS11_LIB "${CMAKE_INSTALL_FULL_LIBDIR}/softhsm/libsofthsm2.so"
+set(DEFAULT_PKCS11_LIB "${CMAKE_INSTALL_FULL_LIBDIR}/softhsm/libsofthsm2${CMAKE_SHARED_LIBRARY_SUFFIX}"
     CACHE STRING "The default PKCS#11 library")
 set(DEFAULT_SOFTHSM2_CONF "${CMAKE_INSTALL_FULL_SYSCONFDIR}/softhsm2.conf"
     CACHE STRING "The default location of softhsm.conf")

README.md

@@ -64,7 +64,7 @@ The unit tests requires CppUnit.
 If the code is downloaded directly from the code repository, you have to
 prepare the configuration scripts before continuing.
 
-1. You need to install automake, autoconf, libtool, libtool-ltdl-devel (RHEL/CentOS), pkg-config.
+1. You need to install automake, autoconf, libtool, libtool-ltdl-devel (RHEL/CentOS/Fedora), pkg-config.
 2. Run the command 'sh autogen.sh'
 
 ### Configure
@@ -113,18 +113,18 @@ Running the unit tests requires CppUnit.
 
 ### Install Library
 
-Install the library using the follow command:
+Install the library using the following command:
 
 	sudo make install
 
 ### Configure
 
 The default location of the config file is /etc/softhsm2.conf. This location
-can be change by setting the environment variable.
+can be changed by setting the SOFTHSM2\_CONF environment variable.
 
 	export SOFTHSM2_CONF=/home/user/config.file
 
-Details on the configuration can be found in "man softhsm2.conf".
+Details on the configuration can be found through command "man softhsm2.conf".
 
 Create the token directory you defined in your config file:
 

src/lib/SoftHSM.cpp

@@ -597,7 +597,7 @@ CK_RV SoftHSM::C_Initialize(CK_VOID_PTR pInitArgs)
 	}
 
 	// Load the enabled list of algorithms
-	prepareSupportedMecahnisms(mechanisms_table);
+	prepareSupportedMechanisms(mechanisms_table);
 
 	isRemovable = Configuration::i()->getBool("slots.removable", false);
 
@@ -720,7 +720,7 @@ CK_RV SoftHSM::C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
 	return token->getTokenInfo(pInfo);
 }
 
-void SoftHSM::prepareSupportedMecahnisms(std::map<std::string, CK_MECHANISM_TYPE> &t)
+void SoftHSM::prepareSupportedMechanisms(std::map<std::string, CK_MECHANISM_TYPE> &t)
 {
 #ifndef WITH_FIPS
 	t["CKM_MD5"]			= CKM_MD5;

src/lib/SoftHSM.h

@@ -490,7 +490,7 @@ class SoftHSM
 	CK_RV MechParamCheckRSAPKCSOAEP(CK_MECHANISM_PTR pMechanism);
 
 	bool isMechanismPermitted(OSObject* key, CK_MECHANISM_PTR pMechanism);
-	void prepareSupportedMecahnisms(std::map<std::string, CK_MECHANISM_TYPE> &t);
+	void prepareSupportedMechanisms(std::map<std::string, CK_MECHANISM_TYPE> &t);
 	bool detectFork(void);
 };
 

src/lib/crypto/BotanSymmetricAlgorithm.cpp

@@ -169,7 +169,26 @@ bool BotanSymmetricAlgorithm::encryptInit(const SymmetricKey* key, const SymMode
 	try
 	{
 		Botan::SymmetricKey botanKey = Botan::SymmetricKey(key->getKeyBits().const_byte_str(), key->getKeyBits().size());
-		if (mode == SymMode::GCM)
+		if (mode == SymMode::ECB)
+		{
+			// ECB cipher mode was dropped in Botan 2.0
+			const std::vector<std::string> algo_parts = split_on_delim(cipherName, '/');
+			const std::string cipher_name = algo_parts[0];
+			bool with_pkcs7_padding;
+			if (algo_parts.size() == 3 && algo_parts[2] == "PKCS7")
+			{
+				with_pkcs7_padding = true;
+			}
+			else
+			{
+				with_pkcs7_padding = false;
+			}
+			std::unique_ptr<Botan::BlockCipher> bc(Botan::BlockCipher::create(cipher_name));
+			Botan::Keyed_Filter* cipher = new Botan::Cipher_Mode_Filter(new Botan::ECB_Encryption(bc.release(), with_pkcs7_padding));
+			cipher->set_key(botanKey);
+			cryption = new Botan::Pipe(cipher);
+		}
+		else if (mode == SymMode::GCM)
 		{
 			Botan::AEAD_Mode* aead = Botan::get_aead(cipherName, Botan::ENCRYPTION);
 			aead->set_key(botanKey);
@@ -385,7 +404,26 @@ bool BotanSymmetricAlgorithm::decryptInit(const SymmetricKey* key, const SymMode
 	try
 	{
 		Botan::SymmetricKey botanKey = Botan::SymmetricKey(key->getKeyBits().const_byte_str(), key->getKeyBits().size());
-		if (mode == SymMode::GCM)
+		if (mode == SymMode::ECB)
+		{
+			// ECB cipher mode was dropped in Botan 2.0
+			const std::vector<std::string> algo_parts = split_on_delim(cipherName, '/');
+			const std::string cipher_name = algo_parts[0];
+			bool with_pkcs7_padding;
+			if (algo_parts.size() == 3 && algo_parts[2] == "PKCS7")
+			{
+				with_pkcs7_padding = true;
+			}
+			else
+			{
+				with_pkcs7_padding = false;
+			}
+			std::unique_ptr<Botan::BlockCipher> bc(Botan::BlockCipher::create(cipher_name));
+			Botan::Keyed_Filter* cipher = new Botan::Cipher_Mode_Filter(new Botan::ECB_Decryption(bc.release(),with_pkcs7_padding));
+			cipher->set_key(botanKey);
+			cryption = new Botan::Pipe(cipher);
+		}
+		else if (mode == SymMode::GCM)
 		{
 			Botan::AEAD_Mode* aead = Botan::get_aead(cipherName, Botan::DECRYPTION);
 			aead->set_key(botanKey);

src/lib/crypto/Botan_ecb.h

@@ -22,7 +22,7 @@ namespace Botan {
 /**
 * ECB mode
 */
-class BOTAN_DLL ECB_Mode : public Cipher_Mode
+class ECB_Mode : public Cipher_Mode
    {
    public:
       std::string name() const override;
@@ -57,7 +57,7 @@ class BOTAN_DLL ECB_Mode : public Cipher_Mode
 /**
 * ECB Encryption
 */
-class BOTAN_DLL ECB_Encryption final : public ECB_Mode
+class ECB_Encryption final : public ECB_Mode
    {
    public:
       /**
@@ -78,7 +78,7 @@ class BOTAN_DLL ECB_Encryption final : public ECB_Mode
 /**
 * ECB Decryption
 */
-class BOTAN_DLL ECB_Decryption final : public ECB_Mode
+class ECB_Decryption final : public ECB_Mode
    {
    public:
       /**

src/lib/crypto/CMakeLists.txt

@@ -95,6 +95,7 @@ if(WITH_BOTAN)
                         BotanDSAKeyPair.cpp
                         BotanDSAPrivateKey.cpp
                         BotanDSAPublicKey.cpp
+                        Botan_ecb.cpp
                         BotanECDH.cpp
                         BotanECDHKeyPair.cpp
                         BotanECDHPrivateKey.cpp

src/lib/test/CMakeLists.txt

@@ -32,18 +32,19 @@ set(SOURCES p11test.cpp
 add_executable(${PROJECT_NAME} ${SOURCES})
 
 if(CMAKE_CXX_COMPILER_ID STREQUAL "MSVC")
-    list(APPEND SOURCES ${PROJECT_SOURCE_DIR}/../win32/setenv.cpp ${PROJECT_SOURCE_DIR}/../win32/syslog.cpp)
+    target_sources(${PROJECT_NAME} PRIVATE
+                   ${PROJECT_SOURCE_DIR}/../win32/setenv.cpp
+                   ${PROJECT_SOURCE_DIR}/../win32/syslog.cpp)
     list(APPEND COMPILE_OPTIONS "/DCRYPTOKI_STATIC")
 else()
-    list(APPEND SOURCES "ForkTests.cpp")
+    target_sources(${PROJECT_NAME} PRIVATE "ForkTests.cpp")
     set_target_properties(${PROJECT_NAME} PROPERTIES LINK_FLAGS -pthread)
 endif()
 
 include_directories(${INCLUDE_DIRS})
 
 
 target_link_libraries(${PROJECT_NAME} softhsm2-static ${SQLITE3_LIBS} ${CPPUNIT_LIBRARIES})
-set_target_properties(${PROJECT_NAME} PROPERTIES LINK_FLAGS -pthread)
 
 target_compile_options(${PROJECT_NAME} PRIVATE ${COMPILE_OPTIONS})