diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh index 9481ac9e..59648656 100755 --- a/Linux/build_openssl.sh +++ b/Linux/build_openssl.sh @@ -37,10 +37,10 @@ SGXSSL_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" echo $SGXSSL_ROOT -OPENSSL_VERSION=`ls $SGXSSL_ROOT/../openssl_source/*1.1.1*.tar.gz | head -1 | grep -o '[^/]*$' | sed -s -- 's/\.tar\.gz//'` +OPENSSL_VERSION=`ls $SGXSSL_ROOT/../openssl_source/*1.1.1q.tar.gz | head -1 | grep -o '[^/]*$' | sed -s -- 's/\.tar\.gz//'` if [ "$OPENSSL_VERSION" == "" ] then - echo "In order to run this script, OpenSSL tar.gz package must be located in openssl_source/ directory." + echo "In order to run this script, OpenSSL 1.1.1q tar.gz package must be located in openssl_source/ directory." exit 1 fi echo $OPENSSL_VERSION diff --git a/README.md b/README.md index d219e41e..9c0836d3 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Introduction ------------ The Intel® Software Guard Extensions SSL (Intel® SGX SSL) cryptographic library is intended to provide cryptographic services for Intel® Software Guard Extensions (SGX) enclave applications. The Intel® SGX SSL cryptographic library is based on the underlying OpenSSL* Open Source project, providing a full-strength general purpose cryptography library. -Supported OpenSSL version is 1.1.1p. To work with 1.1.0 version please use "openssl_1.1.0" branch. +Supported OpenSSL version is 1.1.1q. To work with 1.1.0 version please use "openssl_1.1.0" branch. In order to build Intel® SGX SSL libraries based on old OpenSSL version, checkout the tag with the corresponding versioning, e.g. lin_2.5_1.1.1c. Tag naming convention ``[lin/win]__``. @@ -35,11 +35,11 @@ Windows (Note: Perl, NASM need to be included in machine's PATH variable) To build Intel® SGX SSL package in Windows OS: -1. Download OpenSSL package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1p.tar.gz) +1. Download OpenSSL package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1q.tar.gz) 2. Download and install latest SGX SDK from [Intel Developer Zone](https://software.intel.com/en-us/sgx-sdk/download). You can find installation guide from the same website. 3. Change the directory to the SGXSSL path and enter the following command: ``` -build_all.cmd [default == openssl-1.1.1] +build_all.cmd ``` This will build the Intel® SGX SSL libraries (libsgx_tsgxssl.lib, libsgx_usgxssl.lib, libsgx_tsgxssl_crypto.lib), which can be found in package/lib/{Win32|X64}/{debug|release}/. And the version with CVE-2020-0551 Mitigation enabled can be found in package/lib/X64/{CVE-2020-0551-CF-Release|CVE-2020-0551-Load-Release}/. @@ -51,7 +51,7 @@ Linux - Intel(R) SGX Linux latest release, including SDK, PSW, and driver To build Intel® SGX SSL package in Linux OS: -1. Download OpenSSL 1.1.1p package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1p.tar.gz) +1. Download OpenSSL 1.1.1q package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1q.tar.gz) 2. Download and install latest SGX SDK from [01.org](https://01.org/intel-software-guard-extensions/downloads). You can find installation guide in the same website. 3. Source SGX SDK's environment variables. 4. Cd to Linux/ directory and run: diff --git a/Windows/build_all.cmd b/Windows/build_all.cmd index c476a948..6fc2b918 100644 --- a/Windows/build_all.cmd +++ b/Windows/build_all.cmd @@ -36,7 +36,7 @@ Rem set SGXSSL_VERSION=1.9.100.%errorlevel% REM Check if Prerequisites apps available -echo "Validating Prerequisites (perl, nasm)" +echo "Validating Prerequisites (Perl, NASM, OpenSSL source)" perl -v > nul 2>&1 if %errorlevel% neq 0 ( echo "Build failed, can't find perl." @@ -48,12 +48,11 @@ if %errorlevel% neq 0 ( exit /b 1 ) +set OPENSSL_VERSION=openssl-1.1.1q -REM This variable must be set to the openssl file name (version) located in the openssl_source folder -if "%1"=="" ( - set OPENSSL_VERSION=openssl-1.1.1 -) else ( - set OPENSSL_VERSION=%1 +if not exist ..\openssl_source\%OPENSSL_VERSION%.tar.gz ( + echo "Please download %OPENSSL_VERSION%.tar.gz and put at ..\openssl_source\" + exit /b 1 ) for /f "tokens=2*" %%A in ('REG QUERY "HKLM\SOFTWARE\Intel\SGX_PSW" /v Version') DO (