Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update for OpenSSL upgrading to 1.1.1q #132

Merged
merged 2 commits into from
Jul 25, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Linux/build_openssl.sh
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,10 @@
SGXSSL_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
echo $SGXSSL_ROOT

OPENSSL_VERSION=`ls $SGXSSL_ROOT/../openssl_source/*1.1.1*.tar.gz | head -1 | grep -o '[^/]*$' | sed -s -- 's/\.tar\.gz//'`
OPENSSL_VERSION=`ls $SGXSSL_ROOT/../openssl_source/*1.1.1q.tar.gz | head -1 | grep -o '[^/]*$' | sed -s -- 's/\.tar\.gz//'`
if [ "$OPENSSL_VERSION" == "" ]
then
echo "In order to run this script, OpenSSL tar.gz package must be located in openssl_source/ directory."
echo "In order to run this script, OpenSSL 1.1.1q tar.gz package must be located in openssl_source/ directory."
exit 1
fi
echo $OPENSSL_VERSION
Expand Down
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ Introduction
------------
The Intel® Software Guard Extensions SSL (Intel® SGX SSL) cryptographic library is intended to provide cryptographic services for Intel® Software Guard Extensions (SGX) enclave applications.
The Intel® SGX SSL cryptographic library is based on the underlying OpenSSL* Open Source project, providing a full-strength general purpose cryptography library.
Supported OpenSSL version is 1.1.1p. To work with 1.1.0 version please use "openssl_1.1.0" branch.
Supported OpenSSL version is 1.1.1q. To work with 1.1.0 version please use "openssl_1.1.0" branch.

In order to build Intel® SGX SSL libraries based on old OpenSSL version, checkout the tag with the corresponding versioning, e.g. lin_2.5_1.1.1c. Tag naming convention ``[lin/win]_<Intel(R) SGX SDK VERSION>_<OpenSSL VERSION>``.

Expand Down Expand Up @@ -35,11 +35,11 @@ Windows
(Note: Perl, NASM need to be included in machine's PATH variable)

To build Intel® SGX SSL package in Windows OS:
1. Download OpenSSL package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1p.tar.gz)
1. Download OpenSSL package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1q.tar.gz)
2. Download and install latest SGX SDK from [Intel Developer Zone](https://software.intel.com/en-us/sgx-sdk/download). You can find installation guide from the same website.
3. Change the directory to the SGXSSL path and enter the following command:
```
build_all.cmd <OPENSSL_VERSION> [default == openssl-1.1.1]
build_all.cmd
```
This will build the Intel® SGX SSL libraries (libsgx_tsgxssl.lib, libsgx_usgxssl.lib, libsgx_tsgxssl_crypto.lib), which can be found in package/lib/{Win32|X64}/{debug|release}/. And the version with CVE-2020-0551 Mitigation enabled can be found in package/lib/X64/{CVE-2020-0551-CF-Release|CVE-2020-0551-Load-Release}/.

Expand All @@ -51,7 +51,7 @@ Linux
- Intel(R) SGX Linux latest release, including SDK, PSW, and driver

To build Intel® SGX SSL package in Linux OS:
1. Download OpenSSL 1.1.1p package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1p.tar.gz)
1. Download OpenSSL 1.1.1q package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1q.tar.gz)
2. Download and install latest SGX SDK from [01.org](https://01.org/intel-software-guard-extensions/downloads). You can find installation guide in the same website.
3. Source SGX SDK's environment variables.
4. Cd to Linux/ directory and run:
Expand Down
11 changes: 5 additions & 6 deletions Windows/build_all.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ Rem
set SGXSSL_VERSION=1.9.100.%errorlevel%

REM Check if Prerequisites apps available
echo "Validating Prerequisites (perl, nasm)"
echo "Validating Prerequisites (Perl, NASM, OpenSSL source)"
perl -v > nul 2>&1
if %errorlevel% neq 0 (
echo "Build failed, can't find perl."
Expand All @@ -48,12 +48,11 @@ if %errorlevel% neq 0 (
exit /b 1
)

set OPENSSL_VERSION=openssl-1.1.1q

REM This variable must be set to the openssl file name (version) located in the openssl_source folder
if "%1"=="" (
set OPENSSL_VERSION=openssl-1.1.1
) else (
set OPENSSL_VERSION=%1
if not exist ..\openssl_source\%OPENSSL_VERSION%.tar.gz (
echo "Please download %OPENSSL_VERSION%.tar.gz and put at ..\openssl_source\"
exit /b 1
)

for /f "tokens=2*" %%A in ('REG QUERY "HKLM\SOFTWARE\Intel\SGX_PSW" /v Version') DO (
Expand Down