ASR_BASE
Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1
diff --git a/external/subpack/libs/gost_engine/Makefile b/external/subpack/libs/gost_engine/Makefile
new file mode 100644
index 0000000..e6a8066
--- /dev/null
+++ b/external/subpack/libs/gost_engine/Makefile
@@ -0,0 +1,79 @@
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/openssl-module.mk
+
+PKG_NAME:=gost_engine
+PKG_VERSION:=3.0.3
+PKG_RELEASE:=11
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=v$(PKG_VERSION)
+PKG_SOURCE_URL:=https://github.com/gost-engine/engine
+PKG_MIRROR_HASH:=ad88b0bc4ede265bc91757f0bb9777a381f8e271faa43992a054ddd5f435ad88
+
+PKG_MAINTAINER:=Artur Petrov <github@phpchain.ru>
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/gost_engine/Default
+ $(call Package/openssl/engine/Default)
+ TITLE:=GOST engine for OpenSSL
+ URL:=http://www.openssl.org/
+endef
+
+define Package/gost_engine/Default/description
+Russian GOST crypto algorithms for OpenSSL.
+endef
+
+$(eval $(call Package/openssl/add-engine,gost,libopenssl-gost_engine))
+define Package/libopenssl-gost_engine
+ $(call Package/gost_engine/Default)
+ $(call Package/openssl/engine/Default)
+ TITLE+= (library)
+ URL:=https://github.com/gost-engine/engine/
+endef
+
+define Package/libopenssl-gost_engine/description
+$(call Package/gost_engine/Default/description)
+This package contains the GOST engine library.
+
+Support ciphers:
+GOST2012-GOST8912-GOST8912
+GOST2001-GOST89-GOST89
+endef
+
+define Package/gost_engine-util
+ $(call Package/gost_engine/Default)
+ SECTION:=utils
+ CATEGORY:=Utilities
+ DEPENDS:=+libopenssl-gost_engine
+ TITLE+= (utilities)
+endef
+
+define Package/gost_engine-util/description
+$(call Package/gost_engine/Default/description)
+This package contains the GOST engine command-line utilities gostsum and gost12sum.
+endef
+
+CMAKE_OPTIONS += -DOPENSSL_ENGINES_DIR=/usr/lib/$(ENGINES_DIR)
+
+define Package/libopenssl-gost_engine/install
+ $(INSTALL_DIR) $(1)/usr/lib $(1)/usr/lib/$(ENGINES_DIR) $(1)/etc/ssl/modules.cnf.d
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libgost.so \
+ $(1)/usr/lib/
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/gost.so \
+ $(1)/usr/lib/$(ENGINES_DIR)/
+ $(INSTALL_DATA) ./files/gost.cnf $(1)/etc/ssl/modules.cnf.d/
+endef
+
+define Package/gost_engine-util/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/{gost12sum,gostsum} \
+ $(1)/usr/bin/
+endef
+
+
+$(eval $(call BuildPackage,libopenssl-gost_engine))
+$(eval $(call BuildPackage,gost_engine-util))
diff --git a/external/subpack/libs/gost_engine/files/gost.cnf b/external/subpack/libs/gost_engine/files/gost.cnf
new file mode 100644
index 0000000..8980c52
--- /dev/null
+++ b/external/subpack/libs/gost_engine/files/gost.cnf
@@ -0,0 +1,16 @@
+[gost_sect]
+default_algorithms = ALL
+# CRYPT_PARAMS: OID of default GOST 28147-89 parameters It allows the
+# user to choose between different parameter sets of symmetric cipher
+# algorithm. RFC 4357 specifies several parameters for the
+# GOST 28147-89 algorithm, but OpenSSL doesn't provide user interface
+# to choose one when encrypting. So use engine configuration parameter
+# instead.
+# Value of this parameter can be either short name, defined in OpenSSL
+# obj_dat.h header file or numeric representation of OID, defined in
+# RFC 4357. Defaults to id-tc26-gost-28147-param-Z
+#CRYPT_PARAMS = id-tc26-gost-28147-param-Z
+
+# PBE_PARAMS: Shortname of default digest alg for PBE
+#PBE_PARAMS =
+
diff --git a/external/subpack/libs/gost_engine/patches/020-cmake-allow-cross-compile.patch b/external/subpack/libs/gost_engine/patches/020-cmake-allow-cross-compile.patch
new file mode 100644
index 0000000..e1a0e3d
--- /dev/null
+++ b/external/subpack/libs/gost_engine/patches/020-cmake-allow-cross-compile.patch
@@ -0,0 +1,59 @@
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -64,31 +64,35 @@ else()
+ add_definitions(-DL_ENDIAN)
+ endif()
+
+-check_c_source_runs("
+- #ifdef _MSC_VER
+- # include <intrin.h>
+- #else
+- # include <x86intrin.h>
+- #endif
+- int main(void) {
+- unsigned long long x = -1, y = 1, r;
+- unsigned char cf;
+- cf = _addcarry_u64(1, x, y, &r);
+- return !(cf == 1 && r == 1);
+- }
+- " ADDCARRY_U64)
++if(NOT CMAKE_CROSSCOMPILING)
++ check_c_source_runs("
++ #ifdef _MSC_VER
++ # include <intrin.h>
++ #else
++ # include <x86intrin.h>
++ #endif
++ int main(void) {
++ unsigned long long x = -1, y = 1, r;
++ unsigned char cf;
++ cf = _addcarry_u64(1, x, y, &r);
++ return !(cf == 1 && r == 1);
++ }
++ " ADDCARRY_U64)
++
++ check_c_source_runs("
++ int main(void) {
++ char buf[16] = { 0, 1, 2 };
++ int *p = (int *)(buf + 1);
++ int *q = (int *)(buf + 2);
++ return (*p == *q);
++ }
++ " RELAXED_ALIGNMENT)
++endif()
++
+ if (ADDCARRY_U64)
+ add_definitions(-DHAVE_ADDCARRY_U64)
+ endif()
+
+-check_c_source_runs("
+- int main(void) {
+- char buf[16] = { 0, 1, 2 };
+- int *p = (int *)(buf + 1);
+- int *q = (int *)(buf + 2);
+- return (*p == *q);
+- }
+- " RELAXED_ALIGNMENT)
+ if (NOT RELAXED_ALIGNMENT)
+ add_definitions(-DSTRICT_ALIGNMENT)
+ endif()
diff --git a/external/subpack/libs/gost_engine/patches/030-dont-build-provider.patch b/external/subpack/libs/gost_engine/patches/030-dont-build-provider.patch
new file mode 100644
index 0000000..59ff87e
--- /dev/null
+++ b/external/subpack/libs/gost_engine/patches/030-dont-build-provider.patch
@@ -0,0 +1,56 @@
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -367,9 +367,11 @@ set_target_properties(lib_gost_engine PR
+ COMPILE_DEFINITIONS "BUILDING_ENGINE_AS_LIBRARY"
+ PUBLIC_HEADER gost-engine.h
+ OUTPUT_NAME "gost")
+-target_link_libraries(lib_gost_engine PRIVATE gost_core gost_err)
++#target_link_libraries(lib_gost_engine PRIVATE gost_core gost_err)
++target_link_libraries(lib_gost_engine PRIVATE gost_core)
+ endif()
+
++if (0)
+ # The GOST provider uses this
+ add_subdirectory(libprov)
+
+@@ -394,6 +396,7 @@ set_target_properties(lib_gost_prov PROP
+ )
+ target_link_libraries(lib_gost_prov PRIVATE gost_core libprov)
+ endif()
++endif()
+
+ set(GOST_SUM_SOURCE_FILES
+ gostsum.c
+@@ -434,15 +437,15 @@ install(FILES gostsum.1 gost12sum.1 DEST
+ install(TARGETS gost_engine EXPORT GostEngineConfig
+ LIBRARY DESTINATION ${OPENSSL_ENGINES_DIR}
+ RUNTIME DESTINATION ${OPENSSL_ENGINES_DIR})
+-install(TARGETS gost_prov EXPORT GostProviderConfig
+- LIBRARY DESTINATION ${OPENSSL_MODULES_DIR}
+- RUNTIME DESTINATION ${OPENSSL_MODULES_DIR})
++#install(TARGETS gost_prov EXPORT GostProviderConfig
++# LIBRARY DESTINATION ${OPENSSL_MODULES_DIR}
++# RUNTIME DESTINATION ${OPENSSL_MODULES_DIR})
+ if (NOT MSVC)
+ # install engine and provider in library form
+ install(TARGETS lib_gost_engine EXPORT GostEngineConfig
+ LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR})
+-install(TARGETS lib_gost_prov EXPORT GostProviderConfig
+- LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR})
++#install(TARGETS lib_gost_prov EXPORT GostProviderConfig
++# LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR})
+ endif()
+
+ if (MSVC)
+@@ -450,8 +453,8 @@ if (MSVC)
+ EXPORT GostEngineConfig DESTINATION ${CMAKE_INSTALL_BINDIR} OPTIONAL)
+ install(FILES $<TARGET_PDB_FILE:gost_engine>
+ EXPORT GostEngineConfig DESTINATION ${OPENSSL_ENGINES_DIR} OPTIONAL)
+- install(FILES $<TARGET_PDB_FILE:gost_prov>
+- EXPORT GostProviderConfig DESTINATION ${OPENSSL_MODULES_DIR} OPTIONAL)
++# install(FILES $<TARGET_PDB_FILE:gost_prov>
++# EXPORT GostProviderConfig DESTINATION ${OPENSSL_MODULES_DIR} OPTIONAL)
+ endif()
+ install(EXPORT GostEngineConfig DESTINATION share/cmake/GostEngine)
+-install(EXPORT GostProviderConfig DESTINATION share/cmake/GostProvider)
++#install(EXPORT GostProviderConfig DESTINATION share/cmake/GostProvider)
diff --git a/external/subpack/libs/gost_engine/patches/040-dont-build-tests.patch b/external/subpack/libs/gost_engine/patches/040-dont-build-tests.patch
new file mode 100644
index 0000000..08c7b76
--- /dev/null
+++ b/external/subpack/libs/gost_engine/patches/040-dont-build-tests.patch
@@ -0,0 +1,141 @@
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -213,138 +213,6 @@ set(GOST_PROV_SOURCE_FILES
+ gost_prov_mac.c
+ )
+
+-set(TEST_ENVIRONMENT_COMMON
+- CMAKE_CURRENT_SOURCE_DIR=${CMAKE_CURRENT_SOURCE_DIR}
+- PERL5LIB=${CMAKE_CURRENT_SOURCE_DIR}/test
+- OPENSSL_PROGRAM=${OPENSSL_PROGRAM}
+- OPENSSL_CRYPTO_LIBRARY=${OPENSSL_CRYPTO_LIBRARY}
+- )
+-
+-set(TEST_ENVIRONMENT_ENGINE
+- ${TEST_ENVIRONMENT_COMMON}
+- OPENSSL_ENGINES=${CMAKE_RUNTIME_OUTPUT_DIRECTORY}
+- OPENSSL_CONF=${CMAKE_CURRENT_SOURCE_DIR}/test/engine.cnf
+- )
+-
+-set(TEST_ENVIRONMENT_PROVIDER
+- ${TEST_ENVIRONMENT_COMMON}
+- OPENSSL_MODULES=${CMAKE_RUNTIME_OUTPUT_DIRECTORY}
+- OPENSSL_CONF=${CMAKE_CURRENT_SOURCE_DIR}/test/provider.cnf
+- )
+-
+-add_executable(test_digest test_digest.c)
+-target_link_libraries(test_digest OpenSSL::Crypto)
+-add_test(NAME digest-with-engine COMMAND test_digest)
+-set_tests_properties(digest-with-engine
+- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}")
+-add_test(NAME digest-with-provider COMMAND test_digest)
+-set_tests_properties(digest-with-provider
+- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_PROVIDER}")
+-
+-add_executable(test_ciphers test_ciphers.c)
+-target_link_libraries(test_ciphers OpenSSL::Crypto)
+-add_test(NAME ciphers-with-engine COMMAND test_ciphers)
+-set_tests_properties(ciphers-with-engine
+- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}")
+-add_test(NAME ciphers-with-provider COMMAND test_ciphers)
+-set_tests_properties(ciphers-with-provider
+- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_PROVIDER}")
+-
+-# test_curves is an internals testing program, it doesn't need a test env
+-add_executable(test_curves test_curves.c)
+-target_link_libraries(test_curves gost_core gost_err)
+-add_test(NAME curves COMMAND test_curves)
+-
+-add_executable(test_params test_params.c)
+-target_link_libraries(test_params OpenSSL::Crypto)
+-add_test(NAME parameters-with-engine COMMAND test_params)
+-set_tests_properties(parameters-with-engine
+- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}")
+-
+-add_executable(test_derive test_derive.c)
+-target_link_libraries(test_derive OpenSSL::Crypto)
+-add_test(NAME derive-with-engine COMMAND test_derive)
+-set_tests_properties(derive-with-engine
+- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}")
+-
+-add_executable(test_sign test_sign.c)
+-target_link_libraries(test_sign OpenSSL::Crypto)
+-add_test(NAME sign/verify-with-engine COMMAND test_sign)
+-set_tests_properties(sign/verify-with-engine
+- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}")
+-
+-add_executable(test_tls test_tls.c)
+-target_link_libraries(test_tls OpenSSL::SSL)
+-add_test(NAME TLS-with-engine COMMAND test_tls)
+-set_tests_properties(TLS-with-engine
+- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}")
+-
+-add_executable(test_context test_context.c)
+-target_link_libraries(test_context OpenSSL::Crypto)
+-add_test(NAME context-with-engine COMMAND test_context)
+-set_tests_properties(context-with-engine
+- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}")
+-add_test(NAME context-with-provider COMMAND test_context)
+-set_tests_properties(context-with-provider
+- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_PROVIDER}")
+-
+-# test_keyexpimp is an internals testing program, it doesn't need a test env
+-add_executable(test_keyexpimp test_keyexpimp.c)
+-#target_compile_definitions(test_keyexpimp PUBLIC -DOPENSSL_LOAD_CONF)
+-target_link_libraries(test_keyexpimp gost_core gost_err)
+-add_test(NAME keyexpimp COMMAND test_keyexpimp)
+-
+-# test_gost89 is an internals testing program, it doesn't need a test env
+-add_executable(test_gost89 test_gost89.c)
+-target_link_libraries(test_gost89 gost_core gost_err)
+-add_test(NAME gost89 COMMAND test_gost89)
+-
+-add_executable(test_mgm test_mgm.c)
+-target_link_libraries(test_mgm OpenSSL::Crypto)
+-add_test(NAME mgm-with-engine COMMAND test_mgm)
+-set_tests_properties(mgm-with-engine
+- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}")
+-add_test(NAME mgm-with-provider COMMAND test_mgm)
+-set_tests_properties(mgm-with-provider
+- PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_PROVIDER}")
+-
+-if(NOT SKIP_PERL_TESTS)
+- execute_process(COMMAND perl -MTest2::V0 -e ""
+- ERROR_QUIET RESULT_VARIABLE MISSING_TEST2_V0)
+- find_program(HAVE_PROVE NAMES prove)
+- if(NOT MISSING_TEST2_V0 AND HAVE_PROVE)
+- add_test(NAME engine
+- COMMAND prove --merge -PWrapOpenSSL ${CMAKE_CURRENT_SOURCE_DIR}/test :: engine)
+- set_tests_properties(engine PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_ENGINE}")
+- add_test(NAME provider
+- COMMAND prove --merge -PWrapOpenSSL ${CMAKE_CURRENT_SOURCE_DIR}/test :: provider)
+- set_tests_properties(provider PROPERTIES ENVIRONMENT "${TEST_ENVIRONMENT_PROVIDER}")
+- else()
+- message(STATUS "No Test2::V0 perl module (engine and provider tests skipped)")
+- endif()
+-endif()
+-
+-if(NOT MSVC)
+- add_executable(sign benchmark/sign.c)
+- target_link_libraries(sign gost_core gost_err ${CLOCK_GETTIME_LIB})
+-endif()
+-
+-# All that may need to load just built engine will have path to it defined.
+-set(BINARY_TESTS_TARGETS
+- test_digest
+- test_ciphers
+- test_curves
+- test_params
+- test_derive
+- test_sign
+- test_context
+- test_keyexpimp
+- test_gost89
+- test_tls
+- test_mgm
+- )
+-set_property(TARGET ${BINARY_TESTS_TARGETS} APPEND PROPERTY COMPILE_DEFINITIONS ENGINE_DIR="${OUTPUT_DIRECTORY}")
+-
+ add_library(gost_core STATIC ${GOST_LIB_SOURCE_FILES})
+ set_target_properties(gost_core PROPERTIES POSITION_INDEPENDENT_CODE ON)
+ target_link_libraries(gost_core PRIVATE OpenSSL::Crypto)
diff --git a/external/subpack/libs/gost_engine/test.sh b/external/subpack/libs/gost_engine/test.sh
new file mode 100644
index 0000000..b2cef4b
--- /dev/null
+++ b/external/subpack/libs/gost_engine/test.sh
@@ -0,0 +1,80 @@
+#!/bin/sh
+# shellcheck disable=SC2059
+
+run_md_test () {
+ [ $# -ge 3 ] || {
+ echo "Error: insufficient args to run_md_test()" >&2
+ exit 1
+ }
+ DGST="$1"; shift
+ INP="$1"; shift
+ EXP="$1"; shift
+ printf "Testing digest %s: " "$DGST" >&2
+ OUT="$(printf "$INP" | openssl dgst -"$DGST" "$@")" || exit 1
+ [ -z "${OUT%%*"$EXP"}" ] || {
+ printf "Failure: expected: '%s', got '%s'\n" "$EXP" "$OUT" >&2
+ exit 1
+ }
+ echo OK >&2 || true
+}
+
+run_cipher_test() {
+ [ $# -ge 5 ] || {
+ echo "Error: insufficient args to run_cipher_test()" >&2
+ exit 1
+ }
+ ALG="$1"; shift
+ KEY="$1"; shift
+ IV="$1"; shift
+ CLEAR_TEXT="$1"; shift
+ CIPHER_TEXT="$1"; shift
+ printf "Testing %s encryption: " "$ALG" >&2
+ OUT="$(printf "$CLEAR_TEXT" | openssl enc -e -"$ALG" -K "$KEY" -iv "$IV" "$@" -a -A)" || exit 1
+ [ -z "${OUT%"$CIPHER_TEXT"}" ] || {
+ printf "Encryption failure: expected: '%s', got '%s'\n" "$CIPHER_TEXT" "$OUT" >&2
+ exit 1
+ }
+ echo OK >&2
+ printf "Testing %s decryption: " "$ALG" >&2
+ OUT="$(printf "$CIPHER_TEXT" | openssl enc -d -"$ALG" -K "$KEY" -iv "$IV" "$@" -a -A)" || exit 1
+ [ -z "${OUT%"$(printf "$CLEAR_TEXT")"}" ] || {
+ echo "Decryption failure!" >&2
+ echo "----------- expected hexdump -------------" >&2
+ printf "$CLEAR_TEXT" | hexdump -C
+ echo "------------ result hexdump --------------" >&2
+ echo "$OUT" | hexdump -C >&2
+ exit 1
+ }
+ echo OK >&2 || true
+}
+
+case "$1" in
+ libopenssl-gost_engine)
+ opkg install openssl-util
+ run_md_test \
+ md_gost12_256 \
+ 012345678901234567890123456789012345678901234567890123456789012 \
+ 9d151eefd8590b89daa6ba6cb74af9275dd051026bb149a452fd84e5e57b5500
+ export CRYPT_PARAMS="1.2.643.2.2.31.1"
+ run_cipher_test \
+ gost89 \
+ 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF \
+ 0000000000000000 \
+ "The quick brown fox jumps over the lazy dog\n" \
+ "B/QQLGGFxKCeZ24mm/pLycXfZXWRa4eb0TqJOiKF7maQEHze73oxXS61S/o="
+ ;;
+ gost_engine-util)
+ printf "Testing gost12sum: "
+ EXP=9d151eefd8590b89daa6ba6cb74af9275dd051026bb149a452fd84e5e57b5500
+ OUT=$(printf 012345678901234567890123456789012345678901234567890123456789012 | gost12sum)
+ [ -z "${OUT##"$EXP"*}" ] || {
+ printf "Failure: expected: '%s', got '%s'\n" "$EXP" "$OUT" >&2
+ exit 1
+ }
+ echo OK >&2 || true
+ ;;
+ *)
+ echo "Unexpected package '$1'" >&2
+ exit 1
+ ;;
+esac