upgrade symcrypt and scossl (#12167)

Updates SymCrypt to 103.8.0 with ML-DSA and changes for FIPS Updates SymCrypt-OpenSSL to 1.7.0 with minor bugfixes, configurable debug logging, and KeysInUse logging (off by default)
microsoft · Jan 31, 2025 · 38b4cc9 · 38b4cc9
1 parent 37e00c2
commit 38b4cc9
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 16 deletions.
diff --git a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "SymCrypt-OpenSSL-1.6.1.tar.gz": "8766d2f5c977960b1aab0099c0d74190b0705bc29f29ff4b266dac3729644658"
+    "SymCrypt-OpenSSL-1.7.0.tar.gz": "5c89fdea6d1b9523856ebf875a973eb5f0e598aa95ad8b7fbfc819b5cc5161df"
   }
 }
diff --git a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec
@@ -1,6 +1,6 @@
 Summary:        The SymCrypt engine for OpenSSL (SCOSSL) allows the use of OpenSSL with SymCrypt as the provider for core cryptographic operations
 Name:           SymCrypt-OpenSSL
-Version:        1.6.1
+Version:        1.7.0
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
@@ -9,12 +9,12 @@ Group:          System/Libraries
 URL:            https://github.com/microsoft/SymCrypt-OpenSSL
 Source0:        https://github.com/microsoft/SymCrypt-OpenSSL/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 BuildRequires:  openssl-devel
-BuildRequires:  SymCrypt >= 103.6.0
+BuildRequires:  SymCrypt >= 103.8.0
 BuildRequires:  cmake
 BuildRequires:  gcc
 BuildRequires:  make
 
-Requires:       SymCrypt >= 103.6.0
+Requires:       SymCrypt >= 103.8.0
 Requires:       openssl
 
 %description
@@ -36,6 +36,7 @@ The SymCrypt engine for OpenSSL (SCOSSL) allows the use of OpenSSL with SymCrypt
 mkdir bin; cd bin
 
 cmake   .. \
+        -DKEYSINUSE_ENABLED=1 \
         -DOPENSSL_ROOT_DIR="%{_prefix}/local/ssl" \
         -DSYMCRYPT_ROOT_DIR=%{buildroot}%{_includedir}/.. \
         -DCMAKE_TOOLCHAIN_FILE="../cmake-toolchain/LinuxUserMode-%{symcrypt_arch}.cmake" \
@@ -67,6 +68,10 @@ install SymCryptProvider/symcrypt_prov.cnf %{buildroot}%{_sysconfdir}/pki/tls/sy
 %{_sysconfdir}/pki/tls/symcrypt_prov.cnf
 
 %changelog
+* Fri Jan 31 2025 Tobias Brick <[email protected]> - 1.7.0-1
+- Add optional debug logging instead of writing some errors to stderr
+- Add optional KeysInUse feature, which can be turned on by config
+
 * Wed Nov 27 2024 CBL-Mariner Servicing Account <[email protected]> - 1.6.1-1
 - Auto-upgrade to 1.6.1 - bug fixes
 

diff --git a/SPECS/SymCrypt/SymCrypt.signatures.json b/SPECS/SymCrypt/SymCrypt.signatures.json
@@ -1,8 +1,8 @@
 {
  "Signatures": {
-  "SymCrypt-103.6.0.tar.gz": "ce03f03cfea76c38336c67f175ca316f0377b98e2617a3561e0a2dc91114e9ee",
+  "SymCrypt-103.8.0.tar.gz": "d0282d7188451ff3ed5f16db4fb19a38c7d2358d17ff504af1fd66a7a968e8c9",
   "find-debuginfo": "356800f19b755879993103c121c83fb4cc97d0e8656ea34d051daa310f54cedf",
   "jitterentropy-library-3.3.1.tar.gz": "4a50cb02b4836cd5550016e2fc2263e6982abaa11467a9e1cea260c1c2f7d487",
-  "symcrypt-build-environment-variables-v103.6.0.sh": "860e849274bd742c752df74baa3fe9502101f53d43b3a72463a2ffb122221296"
+  "symcrypt-build-environment-variables-v103.8.0.sh": "4e19f55745c0d8a4e22455b52c99c33444dd5e80864d49d5eb2e3edaeff2e7d3"
  }
 }
diff --git a/SPECS/SymCrypt/SymCrypt.spec b/SPECS/SymCrypt/SymCrypt.spec
@@ -1,6 +1,6 @@
 Summary:        A core cryptographic library written by Microsoft
 Name:           SymCrypt
-Version:        103.6.0
+Version:        103.8.0
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
@@ -103,6 +103,10 @@ chmod 755 %{buildroot}%{_libdir}/libsymcrypt.so.%{version}
 %{_includedir}/*
 
 %changelog
+* Fri Jan 31 2025 Tobias Brick <[email protected]> - 103.8.0-1
+- Add FIPS approved services indicator
+- Add ML-DSA implementation
+
 * Mon Nov 25 2024 Tobias Brick <[email protected]> - 103.6.0-1
 - Upgrde to 103.6.0
 

diff --git a/SPECS/SymCrypt/symcrypt-build-environment-variables-v103.6.0.sh b/SPECS/SymCrypt/symcrypt-build-environment-variables-v103.6.0.sh
diff --git a/SPECS/SymCrypt/symcrypt-build-environment-variables-v103.8.0.sh b/SPECS/SymCrypt/symcrypt-build-environment-variables-v103.8.0.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+# Generated by 'generate-env-file.sh'
+export SYMCRYPT_BRANCH=main
+export SYMCRYPT_COMMIT_HASH=53be637
+export SYMCRYPT_COMMIT_TIMESTAMP=2025-01-28T00:44:15+00:00
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -28416,8 +28416,8 @@
         "type": "other",
         "other": {
           "name": "SymCrypt",
-          "version": "103.6.0",
-          "downloadUrl": "https://github.com/microsoft/SymCrypt/archive/v103.6.0.tar.gz"
+          "version": "103.8.0",
+          "downloadUrl": "https://github.com/microsoft/SymCrypt/archive/v103.8.0.tar.gz"
         }
       }
     },
@@ -28426,8 +28426,8 @@
         "type": "other",
         "other": {
           "name": "SymCrypt-OpenSSL",
-          "version": "1.6.1",
-          "downloadUrl": "https://github.com/microsoft/SymCrypt-OpenSSL/archive/v1.6.1.tar.gz"
+          "version": "1.7.0",
+          "downloadUrl": "https://github.com/microsoft/SymCrypt-OpenSSL/archive/v1.7.0.tar.gz"
         }
       }
     },