Upgrade the submodules: SymCrypt and SymCrypt-OpenSSL #40

Upgrade the submodules: SymCrypt and SymCrypt-OpenSSL

Improve the SymCrypt performance by upgrading the submodules.
Publish the SymCrypt debug packages.
Fix azp folder name spelling issue.

.azure-pipelins/build-template.yml → .azure-pipelines/build-template.yml

@@ -56,7 +56,7 @@ jobs:
     submodules: true
   - script: |
       cd src/SymCrypt
-      git submodule update --init -- jitterentropy-library
+      git submodule update --init -- 3rdparty/jitterentropy-library
     displayName: 'Checkout Symcrypt submodules'
   - script: |
       set -ex

azure-pipelines.yml

@@ -18,8 +18,8 @@ pr:
       - main
 
 jobs:
-- template: .azure-pipelins/build-template.yml
-- template: .azure-pipelins/build-template.yml
+- template: .azure-pipelines/build-template.yml
+- template: .azure-pipelines/build-template.yml
   parameters:
     pool: sonicbld-arm64
     arch: arm64

rules/symcrypt-openssl.mk

@@ -1,6 +1,6 @@
 # SYMCRYPT_OPENSSL
 
-SYMCRYPT_OPENSSL_VERSION = 0.5
+SYMCRYPT_OPENSSL_VERSION = 0.6
 SYMCRYPT_OPENSSL = symcrypt-openssl_$(SYMCRYPT_OPENSSL_VERSION)_$(ARCH).deb
 $(SYMCRYPT_OPENSSL)_SRC_PATH = $(SRC_PATH)/SymCrypt-OpenSSL-Debian
 $(SYMCRYPT_OPENSSL)_MAKEFILE = Makefile

src/SymCrypt-OpenSSL-Debian/Makefile

@@ -4,6 +4,7 @@ SHELL = /bin/bash
 
 ARCH ?= amd64
 CMAKE_BUILD_TYPE ?= Release
+BUILD_JOBS ?= $(shell nproc)
 BUILD_NAME = symcrypt-openssl
 SYMCRYPT_OPENSSL_VERSION ?= 0.1
 SYMCRYPT_PACKAGE = $(BUILD_NAME)_$(SYMCRYPT_OPENSSL_VERSION)_$(ARCH).deb
@@ -38,12 +39,11 @@ list:
 
 $(LIBSYMCRYPT):
 	cd ../SymCrypt
-	mkdir -p bin
-	cd bin
-	cmake .. -DCMAKE_TOOLCHAIN_FILE=../cmake-toolchain/LinuxUserMode-$(CMAKE_ARCH).cmake -DCMAKE_BUILD_TYPE=$(CMAKE_BUILD_TYPE)
-	cmake --build .
-	mkdir -p $(DEST)
-	cp -a module/$(CMAKE_ARCH)/LinuxUserMode/generic/libsymcrypt.so* $(DEST)/
+	cmake -S . -B bin -DSYMCRYPT_TARGET_ARCH=$(CMAKE_ARCH) -DCMAKE_BUILD_TYPE=$(CMAKE_BUILD_TYPE) -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
+	cmake --build bin -j$(BUILD_JOBS)
+	mkdir -p $(DEST)/debug
+	cp -a bin/module/generic/libsymcrypt.so* $(DEST)/
+	cp -a bin/module/generic/.debug/libsymcrypt.so* $(DEST)/debug/
 
 $(LIBSYMCRYPTENGINE): $(LIBSYMCRYPT)
 	cd ../SymCrypt-OpenSSL

src/openssl.patch/debian.patch/60-disable-evpmac-tests-for-fips.patch

@@ -0,0 +1,142 @@
+diff --git a/test/recipes/30-test_evp_data/evpmac.txt b/test/recipes/30-test_evp_data/evpmac.txt
+index 716897dc73..99a604e2db 100644
+--- a/test/recipes/30-test_evp_data/evpmac.txt
++++ b/test/recipes/30-test_evp_data/evpmac.txt
+@@ -161,24 +161,6 @@ Result = EVPPKEYCTXCTRL_ERROR
+
+ Title = HMAC tests (from RFC2104 and others)
+
+-MAC = HMAC
+-Algorithm = MD5
+-Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+-Input = "Hi There"
+-Output = 9294727a3638bb1c13f48ef8158bfc9d
+-
+-MAC = HMAC
+-Algorithm = MD5
+-Key = "Jefe"
+-Input = "what do ya want for nothing?"
+-Output = 750c783e6ab0b503eaa86e310a5db738
+-
+-MAC = HMAC
+-Algorithm = MD5
+-Key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+-Input = DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
+-Output = 56be34521d144c88dbb8c733f0e8b3f6
+-
+ Title = SHA1
+
+ # HMAC tests from NIST test data
+@@ -203,24 +185,6 @@ Output = 2D51B2F7750E410584662E38F133435F4C4FD42A
+
+ Title = SHA2
+
+-MAC = HMAC
+-Algorithm = SHA224
+-Input = "Sample message for keylen=blocklen"
+-Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F
+-Output = C7405E3AE058E8CD30B08B4140248581ED174CB34E1224BCC1EFC81B
+-
+-MAC = HMAC
+-Algorithm = SHA224
+-Input = "Sample message for keylen<blocklen"
+-Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B
+-Output = E3D249A8CFB67EF8B7A169E9A0A599714A2CECBA65999A51BEB8FBBE
+-
+-MAC = HMAC
+-Algorithm = SHA224
+-Input = "Sample message for keylen=blocklen"
+-Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263
+-Output = 91C52509E5AF8531601AE6230099D90BEF88AAEFB961F4080ABC014D
+-
+ MAC = HMAC
+ Algorithm = SHA256
+ Input = "Sample message for keylen=blocklen"
+@@ -279,87 +243,6 @@ Title = SHA3
+
+ # NIST's test vectors
+
+-MAC = HMAC
+-Algorithm = SHA3-224
+-Input = "Sample message for keylen<blocklen"
+-Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b
+-Output = 332cfd59347fdb8e576e77260be4aba2d6dc53117b3bfb52c6d18c04
+-
+-MAC = HMAC
+-Algorithm = SHA3-224
+-Input = "Sample message for keylen=blocklen"
+-Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f
+-Output = d8b733bcf66c644a12323d564e24dcf3fc75f231f3b67968359100c7
+-
+-MAC = HMAC
+-Algorithm = SHA3-224
+-Input = "Sample message for keylen>blocklen"
+-Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab
+-Output = 078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59
+-
+-MAC = HMAC
+-Algorithm = SHA3-256
+-Input = "Sample message for keylen<blocklen"
+-Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+-Output = 4fe8e202c4f058e8dddc23d8c34e467343e23555e24fc2f025d598f558f67205
+-
+-MAC = HMAC
+-Algorithm = SHA3-256
+-Input = "Sample message for keylen=blocklen"
+-Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687
+-Output = 68b94e2e538a9be4103bebb5aa016d47961d4d1aa906061313b557f8af2c3faa
+-
+-MAC = HMAC
+-Algorithm = SHA3-256
+-Input = "Sample message for keylen>blocklen"
+-Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7
+-Output = 9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258
+-
+-MAC = HMAC
+-Algorithm = SHA3-384
+-Input = "Sample message for keylen<blocklen"
+-Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f
+-Output = d588a3c51f3f2d906e8298c1199aa8ff6296218127f6b38a90b6afe2c5617725bc99987f79b22a557b6520db710b7f42
+-
+-MAC = HMAC
+-Algorithm = SHA3-384
+-Input = "Sample message for keylen=blocklen"
+-Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f6061626364656667
+-Output = a27d24b592e8c8cbf6d4ce6fc5bf62d8fc98bf2d486640d9eb8099e24047837f5f3bffbe92dcce90b4ed5b1e7e44fa90
+-
+-MAC = HMAC
+-Algorithm = SHA3-384
+-Input = "Sample message for keylen>blocklen"
+-Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091929394959697
+-Output = e5ae4c739f455279368ebf36d4f5354c95aa184c899d3870e460ebc288ef1f9470053f73f7c6da2a71bcaec38ce7d6ac
+-
+-MAC = HMAC
+-Algorithm = SHA3-512
+-Input = "Sample message for keylen<blocklen"
+-Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f
+-Output = 4efd629d6c71bf86162658f29943b1c308ce27cdfa6db0d9c3ce81763f9cbce5f7ebe9868031db1a8f8eb7b6b95e5c5e3f657a8996c86a2f6527e307f0213196
+-
+-MAC = HMAC
+-Algorithm = SHA3-512
+-Input = "Sample message for keylen=blocklen"
+-Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f4041424344454647
+-Output = 544e257ea2a3e5ea19a590e6a24b724ce6327757723fe2751b75bf007d80f6b360744bf1b7a88ea585f9765b47911976d3191cf83c039f5ffab0d29cc9d9b6da
+-
+-MAC = HMAC
+-Algorithm = SHA3-512
+-Input = "Sample message for keylen>blocklen"
+-Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687
+-Output = 5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915
+-
+-Title = HMAC self generated tests
+-
+-MAC = HMAC
+-Algorithm = SHAKE128
+-Input = "Test that SHAKE128 fails"
+-Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+-Result = DIGESTSIGNINIT_ERROR
+-
+-
+ Title = CMAC tests (from FIPS module)
+
+ MAC = CMAC

src/openssl.patch/debian.patch/series

@@ -7,3 +7,4 @@ Update-further-expiring-certificates-that-affect-tests.patch
 30-disable-some-evppkey-tests-for-fips.patch
 40-disable-test-cases-with-fips-enabled.patch
 50-disable-some-evpciph-test-for-fips.patch
+60-disable-evpmac-tests-for-fips.patch