Build softhsm2 with botan2 crypto backend for EDDSA/GOST support

security/softhsm2/Makefile

@@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.3 2020/04/30 18:18:27 pvk Exp $
+# $OpenBSD: Makefile,v 1.4 2020/09/22 03:20:26 pvk Exp $
 
 COMMENT =	software PKCS\#11 cryptographic token
 
 DISTNAME =	softhsm-2.6.1
 PKGNAME =	${DISTNAME:S/-/2-/}
+REVISION =	0
 
 CATEGORIES =	security
 
@@ -14,13 +15,17 @@ MAINTAINER =	Pavel Korovin <pvk@openbsd.org>
 # BSD
 PERMIT_PACKAGE =	Yes
 
-WANTLIB +=	${COMPILER_LIBCXX} c crypto m sqlite3 z
+WANTLIB +=	${COMPILER_LIBCXX} botan-2 bz2 c crypto lzma m sqlite3 z
 
 MASTER_SITES =	http://dist.opendnssec.org/source/
 
 COMPILER =	base-clang ports-gcc base-gcc
+
 BUILD_DEPENDS = devel/cppunit
-LIB_DEPENDS =	databases/sqlite3
+
+LIB_DEPENDS =	databases/sqlite3 \
+		security/botan2
+
 TEST_DEPENDS =	${BUILD_DEPENDS}
 
 FAKE_FLAGS =	sysconfdir=${PREFIX}/share/examples/softhsm2
@@ -28,7 +33,8 @@ FAKE_FLAGS =	sysconfdir=${PREFIX}/share/examples/softhsm2
 SEPARATE_BUILD =	Yes
 CONFIGURE_STYLE =	gnu
 
-CONFIGURE_ARGS =	--disable-gost \
+CONFIGURE_ARGS =	--with-crypto-backend=botan \
+			--with-botan=${PREFIX} \
 			--with-migrate \
 			--with-objectstore-backend-db \
 			--with-sqlite3=${PREFIX} \

security/softhsm2/patches/patch-src_lib_crypto_BotanEDDSA_cpp

@@ -0,0 +1,24 @@
+$OpenBSD: patch-src_lib_crypto_BotanEDDSA_cpp,v 1.1 2020/09/22 03:20:26 pvk Exp $
+
+Fix advertised min and max mechanism sizes according to final PKCS#11 3.0 specification:
+https://github.com/opendnssec/SoftHSMv2/pull/522/commits/967e66a52fc28dc2f5a4951b855ae3bdf63f0129#diff-578e0360192ab803850af30f6d49d046
+
+Index: src/lib/crypto/BotanEDDSA.cpp
+--- src/lib/crypto/BotanEDDSA.cpp.orig
++++ src/lib/crypto/BotanEDDSA.cpp
+@@ -396,13 +396,13 @@ bool BotanEDDSA::deriveKey(SymmetricKey **ppSymmetricK
+ unsigned long BotanEDDSA::getMinKeySize()
+ {
+ 	// Only Ed25519 is supported
+-	return 32*8;
++	return 255;
+ }
+ 
+ unsigned long BotanEDDSA::getMaxKeySize()
+ {
+ 	// Only Ed25519 is supported
+-	return 32*8;
++	return 255;
+ }
+ 
+ bool BotanEDDSA::reconstructKeyPair(AsymmetricKeyPair** ppKeyPair, ByteString& serialisedData)

security/softhsm2/patches/patch-src_lib_crypto_OSSLEDDSA_cpp

@@ -0,0 +1,24 @@
+$OpenBSD: patch-src_lib_crypto_OSSLEDDSA_cpp,v 1.1 2020/09/22 03:20:26 pvk Exp $
+
+Fix advertised min and max mechanism sizes according to final PKCS#11 3.0 specification:
+https://github.com/opendnssec/SoftHSMv2/pull/522/commits/967e66a52fc28dc2f5a4951b855ae3bdf63f0129#diff-1176fa922674b142de4554690263544c
+
+Index: src/lib/crypto/OSSLEDDSA.cpp
+--- src/lib/crypto/OSSLEDDSA.cpp.orig
++++ src/lib/crypto/OSSLEDDSA.cpp
+@@ -363,13 +363,13 @@ bool OSSLEDDSA::deriveKey(SymmetricKey **ppSymmetricKe
+ unsigned long OSSLEDDSA::getMinKeySize()
+ {
+ 	// Ed25519 is supported
+-	return 32*8;
++	return 255;
+ }
+ 
+ unsigned long OSSLEDDSA::getMaxKeySize()
+ {
+ 	// Ed448 is supported
+-	return 57*8;
++	return 448;
+ }
+ 
+ bool OSSLEDDSA::reconstructKeyPair(AsymmetricKeyPair** ppKeyPair, ByteString& serialisedData)

security/softhsm2/patches/patch-src_lib_test_ForkTests_cpp

@@ -0,0 +1,16 @@
+$OpenBSD: patch-src_lib_test_ForkTests_cpp,v 1.1 2020/09/22 03:20:26 pvk Exp $
+
+Remove unused variable:
+https://github.com/opendnssec/SoftHSMv2/pull/522/commits/f375912d0160f3a1847aaef1bb00b40bc0cb8d41
+
+Index: src/lib/test/ForkTests.cpp
+--- src/lib/test/ForkTests.cpp.orig
++++ src/lib/test/ForkTests.cpp
+@@ -94,7 +94,6 @@ void ForkTests::testFork()
+ void ForkTests::testResetOnFork()
+ {
+ 	CK_RV rv;
+-	CK_SLOT_INFO slotInfo;
+ 	pid_t pid;
+ 
+ 	// Just make sure that we finalize any previous failed tests