Merged PR 10481180: Add OpenSSL implementation for AesGcm test

## Description:

## Admin Checklist:
- [ ] You have updated documentation in symcrypt.h to reflect any changes in behavior
- [ ] You have updated CHANGELOG.md to reflect any changes in behavior
- [ ] You have updated symcryptunittest to exercise any new functionality
- [ ] If you have introduced any symbols in symcrypt.h you have updated production and test dynamic export symbols (exports.ver / exports.def / symcrypt.src) and tested the updated dynamic modules with symcryptunittest
- [ ] If you have introduced functionality that varies based on CPU features, you have manually tested with and without relevant features
- [ ] If you have made significant changes to a particular algorithm, you have checked that performance numbers reported by symcryptunittest are in line with expectations
- [ ] If you have added new algorithms/modes, you have updated the status indicator text for the associated modules if necessary

Add OpenSSL implementation for AesGcm test

Author: yourmsftacct

.pipelines/OneBranch.PullRequest.yml

@@ -146,7 +146,8 @@ extends:
           cc: 'gcc'
           cxx: 'g++'
           skipTests: true
-          additionalArgs: '--no-asm --openssl'
+          additionalArgs: '--no-asm'
+          openssl: true
           identifier: 'NoAsm'
       - template: .pipelines/templates/build-linux.yml@self
         parameters:
@@ -155,7 +156,8 @@ extends:
           cc: 'clang'
           cxx: 'clang++'
           skipTests: true
-          additionalArgs: '--no-asm --openssl'
+          additionalArgs: '--no-asm'
+          openssl: true
           identifier: 'NoAsm'
       - template: .pipelines/templates/build-linux.yml@self
         parameters:

.pipelines/templates/build-linux.yml

@@ -50,7 +50,7 @@ jobs:
     ${{ else }}:
       verbose_build_flag: ''
     ${{ if eq(parameters.openssl, true) }}:
-      openssl_build_flag: '--openssl'
+      openssl_build_flag: '--openssl-build-from-source'
     ${{ else }}:
       openssl_build_flag: ''
 
@@ -86,10 +86,12 @@ jobs:
           apt-get install -y gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf qemu-user
         displayName: 'Install arm cross-compilation tools'
 
-    - ${{ if eq(parameters.openssl, true) }}:
-      - script: |
-          apt-get install -y libssl-dev
-        displayName: 'Install OpenSSL'
+    # TODO: Once we move to Azure Linux 3 we can use the system-provided OpenSSL package.
+    # For now we will built from source since Ubuntu 20.04 doesn't have OpenSSL 3.
+    # - ${{ if eq(parameters.openssl, true) }}:
+    #   - script: |
+    #       apt-get install -y libssl-dev
+    #     displayName: 'Install OpenSSL'
 
     - task: PipAuthenticate@1
       inputs:

.vscode/launch.json

@@ -4,6 +4,14 @@
     // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
     "version": "0.2.0",
     "configurations": [
+        {
+            "type": "lldb",
+            "request": "launch",
+            "name": "(lldb) symcryptunittest",
+            "program": "${workspaceFolder}/bin/exe/symcryptunittest",
+            "args": [],
+            "cwd": "${workspaceFolder}"
+        },
         {
             "name": "(Windows) symcryptunittest",
             "type": "cppvsdbg",
@@ -17,34 +25,5 @@
             "console": "integratedTerminal",
             "internalConsoleOptions": "openOnSessionStart"
         },
-        {
-            "name": "(Windows) symcryptunittest [+openssl +symcrypt +xtsaes]",
-            "type": "cppvsdbg",
-            "request": "launch",
-            "program": "${workspaceFolder}/bin/exe/symcryptunittest.exe",
-            "args": [
-                "+openssl",
-                "+symcrypt",
-                "+xtsaes",
-            ],
-            "stopAtEntry": false,
-            "cwd": "${fileDirname}",
-            "console": "integratedTerminal",
-        },
-        {
-            "name": "(Windows) symcryptunittest [+openssl +symcrypt +xtsaes -vaes]",
-            "type": "cppvsdbg",
-            "request": "launch",
-            "program": "${workspaceFolder}/bin/exe/symcryptunittest.exe",
-            "args": [
-                "+openssl",
-                "+symcrypt",
-                "+xtsaes",
-                "-vaes"
-            ],
-            "stopAtEntry": false,
-            "cwd": "${fileDirname}",
-            "console": "integratedTerminal",
-        },
     ]
 }

.vscode/settings.json

@@ -11,5 +11,18 @@
             "icon": "terminal-powershell",
             "overrideName": true,
         }
-    }
+    },
+    "terminal.integrated.defaultProfile.linux": "SymCrypt Profile",
+    "terminal.integrated.profiles.linux": {
+        "SymCrypt Profile": {
+            "args": [
+                "-c",
+                "[ -f ./.venv/bin/activate ] && . ./.venv/bin/activate; exec bash"
+            ],
+            "path": "bash",
+            "source": "bash",
+            "icon": "terminal-bash",
+            "overrideName": true,
+        }
+    },
 }

.vscode/tasks.json

@@ -11,16 +11,20 @@
             }
         },
     },
+    "linux": {
+        "options": {
+            "shell": {
+                "executable": "bash",
+                "args": [
+                    "-c",
+                ]
+            }
+        },
+    },
     "tasks": [
         {
             "label": "Setup",
             "type": "shell",
-            "command": [
-                "python -m venv .venv;",
-                ". .\\.venv\\Scripts\\activate.ps1;",
-                "pip install -r .\\scripts\\requirements.txt;",
-                "Set-Content -value ('pushd;\n& \"\"\"' + (resolve-path 'C:\\Program Files\\Microsoft Visual Studio\\*\\*\\Common7\\Tools\\Launch-VsDevShell.ps1').path + '\"\"\" -Arch $env:PROCESSOR_ARCHITECTURE -HostArch $env:PROCESSOR_ARCHITECTURE;\npopd') -path '${workspaceFolder}\\.venv\\profile.ps1';",
-            ],
             "options": {
                 "cwd": "${workspaceFolder}/",
             },
@@ -31,14 +35,36 @@
                 "panel": "shared",
                 "showReuseMessage": true,
                 "clear": false,
+            },
+            "windows": {
+                "command": [
+                    "python -m venv .venv;",
+                    ". .\\.venv\\Scripts\\activate.ps1;",
+                    "pip install -r .\\scripts\\requirements.txt;",
+                    "Set-Content -value ('pushd;\n& \"\"\"' + (resolve-path 'C:\\Program Files\\Microsoft Visual Studio\\*\\*\\Common7\\Tools\\Launch-VsDevShell.ps1').path + '\"\"\" -Arch $env:PROCESSOR_ARCHITECTURE -HostArch $env:PROCESSOR_ARCHITECTURE;\npopd') -path '${workspaceFolder}\\.venv\\profile.ps1';",
+                ],                
+            },
+            "linux": {
+                "command": [
+                    "python3 -m venv .venv;",
+                    ". ./.venv/bin/activate;",
+                    "pip install -r ./scripts/requirements.txt;",
+                ],
             }
         },
         {
             "label": "Clean",
             "type": "shell",
-            "command": [
-                "del -recurse bin_*,bin;",
-            ],
+            "windows": {
+                "command": [
+                    "del -recurse bin_*,bin,.venv;",
+                ],
+            },
+            "linux": {
+                "command": [
+                    "rm -rf bin_* bin .venv"
+                ]
+            },
             "options": {
                 "cwd": "${workspaceFolder}/",
             },
@@ -54,16 +80,25 @@
         {
             "label": "Build [Debug]",
             "type": "shell",
-            "command": "python",
-            "args": [
-                ".\\scripts\\build.py",
-                "cmake",
-                "bin",
-                "--arch",
-                "amd64",
-                "--config",
-                "Debug",
-            ],
+            "windows": {
+                "command": "python",
+                "args": [
+                    ".\\scripts\\build.py",
+                    "cmake",
+                    "bin",
+                    "--arch",
+                    "amd64",
+                    "--config",
+                    "Debug",
+                ],
+            },
+            "linux": {
+                "command": [
+                    "[ -f ./.venv/bin/activate ] && . ./.venv/bin/activate;",
+                    "python3 ./scripts/build.py cmake bin --arch amd64 --config Debug;",
+                    "exit",
+                ]
+            },
             "options": {
                 "cwd": "${workspaceFolder}/",
             },

BUILD.md

@@ -89,6 +89,7 @@ apt update
 apt -y install --no-install-recommends \
     cmake \
     python3-pyelftools \
+    build-essential \
     gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf
 ```
 `python3-pyelftools` is for integrity verification and `gcc-arm-linux-gnueabihf` `g++-arm-linux-gnueabihf` are for ARM cross compile
@@ -110,19 +111,19 @@ prerequisites to building OpenSSL.
 
 ```
 winget install nasm strawberryperl
-.\scripts\build.py cmake bin --config Release --openssl-build-from-source
+python3 .\scripts\build.py cmake bin --config Release --openssl-build-from-source
 ```
 
 And on Linux we can use OpenSSL installed by system's package manager.
 
 ```
 sudo apt install -y libssl-dev
-./scripts/build.py cmake bin --config Release --openssl
+python3 ./scripts/build.py cmake bin --config Release --openssl
 ```
 
 To build OpenSSL on Linux we need to install following prerequisites.
 
 ```
 sudo apt install -y nasm perl
-.\scripts\build.py cmake bin --config Release --openssl-build-from-source
+python3 ./scripts/build.py cmake bin --config Release --openssl-build-from-source
 ```

CMakeLists.txt

@@ -81,9 +81,6 @@ option(
     OFF)
 
 
-if (SYMCRYPT_TEST_WITH_OPENSSL)
-    include(${CMAKE_SOURCE_DIR}/cmake-configs/OpenSSL.cmake)
-endif()
 include(${CMAKE_SOURCE_DIR}/cmake-configs/SymCrypt-Platforms.cmake)
 
 if(NOT DEFINED CMAKE_BUILD_TYPE)
@@ -122,4 +119,4 @@ configure_file(build/symcrypt.pc.in symcrypt.pc @ONLY)
 
 add_subdirectory(lib)
 add_subdirectory(modules)
-add_subdirectory(unittest)
+add_subdirectory(unittest)

cmake-configs/OpenSSL.cmake

@@ -29,12 +29,12 @@ if(OPENSSL_BUILD_FROM_SOURCE)
         set(ENV{CL} /MP)
         if(OPENSSL_BUILD_TYPE STREQUAL "release")
             execute_process(
-                COMMAND perl Configure no-ssl no-tls1 no-tls1_1 --release
+                COMMAND perl Configure no-ssl no-tls no-dtls no-legacy no-engine no-weak-ssl-ciphers no-rc4 no-rc5 no-rc2 no-md4 no-deprecated no-apps no-docs no-tests  no-shared --release
                 WORKING_DIRECTORY ${OPENSSL_BUILD_ROOT}
                 RESULT_VARIABLE result)
         else()
             execute_process(
-                COMMAND perl Configure no-ssl no-tls1 no-tls1_1 --debug
+                COMMAND perl Configure no-ssl no-tls no-dtls no-legacy no-engine no-weak-ssl-ciphers no-rc4 no-rc5 no-rc2 no-md4 no-deprecated no-apps no-docs no-tests  no-shared --debug
                 WORKING_DIRECTORY ${OPENSSL_BUILD_ROOT}
                 RESULT_VARIABLE result)
         endif()
@@ -61,11 +61,11 @@ if(OPENSSL_BUILD_FROM_SOURCE)
 
     include(${OPENSSL_BUILD_ROOT}/OpenSSLConfig.cmake)
 else()
-    find_package(OpenSSL REQUIRED)
+    find_package(OpenSSL 3 REQUIRED)
 endif()
 
-message("Found OpenSSL include directory ${OPENSSL_INCLUDE_DIR}")
-include_directories(${OPENSSL_INCLUDE_DIR})
-link_directories(${OPENSSL_LIBRARY_DIR})
-link_libraries(${OPENSSL_CRYPTO_LIBRARIES})
-add_compile_options(-DINCLUDE_IMPL_OPENSSL=1)
+if(OPENSSL_VERSION_MAJOR LESS 3)
+    message(FATAL_ERROR "-- Invalid OpenSSL version found ${OPENSSL_VERSION} at ${OPENSSL_INCLUDE_DIR}")
+else()
+    message("-- Found OpenSSL ${OPENSSL_VERSION} include directory ${OPENSSL_INCLUDE_DIR}")
+endif()

unittest/CMakeLists.txt

@@ -79,6 +79,15 @@ if(WIN32 AND SYMCRYPT_TARGET_ARCH MATCHES "X86")
   add_link_options(/SAFESEH:NO)
 endif()
 
+
+if(SYMCRYPT_TEST_WITH_OPENSSL)
+    include(${CMAKE_SOURCE_DIR}/cmake-configs/OpenSSL.cmake)
+    include_directories(${OPENSSL_INCLUDE_DIR})
+    link_directories(${OPENSSL_LIBRARY_DIR})
+    link_libraries(${OPENSSL_CRYPTO_LIBRARIES})
+    add_compile_options(-DINCLUDE_IMPL_OPENSSL=1)
+endif()
+
 include_directories(inc)
 include_directories(lib)
 include_directories(resource)

unittest/inc/openssl_implementations.h

@@ -24,5 +24,13 @@ class XtsImpState<ImpOpenssl, AlgXtsAes> {
     EVP_CIPHER_CTX* decCtx;
 };
 
+template<>
+class AuthEncImpState<ImpOpenssl, AlgAes, ModeGcm> {
+public:
+    EVP_CIPHER_CTX* encCtx;
+    EVP_CIPHER_CTX* decCtx;
+    BOOLEAN inComputation;
+};
+
 VOID
-addOpensslAlgs();
+addOpensslAlgs();