Support tls openssl1_1_1q

Linux/build_openssl.sh

@@ -39,11 +39,10 @@ echo $SGXSSL_ROOT
 
 BUILD_SSL_LIB=1
 
-OPENSSL_INSTALL_DIR="$SGXSSL_ROOT/../openssl_source/OpenSSL_install_dir_tmp"
-OPENSSL_VERSION=`ls $SGXSSL_ROOT/../openssl_source/*1.1.1*.tar.gz | head -1 | grep -o '[^/]*$' | sed -s -- 's/\.tar\.gz//'`
+OPENSSL_VERSION=`ls $SGXSSL_ROOT/../openssl_source/*1.1.1q.tar.gz | head -1 | grep -o '[^/]*$' | sed -s -- 's/\.tar\.gz//'`
 if [ "$OPENSSL_VERSION" == "" ] 
 then
-	echo "In order to run this script, OpenSSL tar.gz package must be located in openssl_source/ directory."
+	echo "In order to run this script, OpenSSL 1.1.1q tar.gz package must be located in openssl_source/ directory."
 	exit 1
 fi
 echo $OPENSSL_VERSION
@@ -145,7 +144,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1
 cp x86_64-xlate.pl $OPENSSL_VERSION/crypto/perlasm/ || exit 1
 
 cd $SGXSSL_ROOT/../openssl_source/$OPENSSL_VERSION || exit 1
-perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-hw no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h --prefix=$OPENSSL_INSTALL_DIR || exit 1
+perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-hw no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h || exit 1
 
 sed -i 's/ENGINE_set_default_RAND/dummy_ENGINE_set_default_RAND/' crypto/engine/tb_rand.c
 make build_all_generated || exit 1

Linux/sgx/libsgx_tsgxssl/Makefile

@@ -50,6 +50,11 @@ else
 		SGX_EDGER8R := $(BUILD_DIR)/sgx_edger8r
 		SGX_SDK_INC := $(COMMON_DIR)/inc
 		LIBCXX_INC := $(LINUX_SDK_DIR)/tlibcxx/include
+	else ifeq ($(LINUX_SGX_BUILD), 2)
+		include ../../../../../QuoteGeneration/buildenv.mk
+		SGX_EDGER8R := $(TD_MIGRATION_STD_LIB_PATH)/sgx_edger8r
+		SGX_SDK_INC := $(TD_MIGRATION_STD_INC_PATH)
+		LIBCXX_INC := $(TD_MIGRATION_LINUX_TRUNK_ROOT_PATH)/sdk/tlibcxx/include
 	else
 		SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
 		SGX_SDK_INC := $(SGX_SDK)/include
@@ -93,6 +98,10 @@ Sgx_tssl_Include_Paths := -I. -I$(PACKAGE_INC) -I$(SGX_SDK_INC) -I$(SGX_SDK_INC)
 Common_C_Cpp_Flags := -DOS_ID=$(OS_ID) $(SGX_COMMON_CFLAGS) -nostdinc -fdata-sections -ffunction-sections -Os -Wl,--gc-sections -fvisibility=hidden -fpie -fpic -fstack-protector -fno-builtin-printf -Wformat -Wformat-security $(Sgx_tssl_Include_Paths)
 Sgx_tssl_C_Flags := $(Common_C_Cpp_Flags) -Wno-implicit-function-declaration -std=c11 $(MITIGATION_CFLAGS) $(NO_THREADS_CFLAG)
 Sgx_tssl_Cpp_Flags := $(Common_C_Cpp_Flags) -std=c++11 -nostdinc++ $(MITIGATION_CFLAGS)
+ifeq ($(SKIP_INTELCPU_CHECK), TRUE)
+Sgx_tssl_C_Flags += -DSKIP_INTELCPU_CHECK
+endif
+
 $(shell mkdir -p $(OBJDIR))
 
 .PHONY: all run

Linux/sgx/libsgx_tsgxssl/tdefines.h

@@ -83,7 +83,8 @@ struct timezone
 #elif OS_ID == CentOS
 	#include "/usr/include/bits/confname.h"
 #elif OS_ID == NixPKG
-	#include "bits/confname.h"
+	// This value is from bits/confname.h in nix env
+        #define _SC_PAGESIZE 30
 #else
 	#error Invalid OS ID
 #endif

Linux/sgx/libsgx_tsgxssl/texceptions.c

@@ -155,10 +155,12 @@ static void setup_cpuinfo(uint32_t *cpuinfo_table)
         }
     }
 
+#if !defined(SKIP_INTELCPU_CHECK)
 	// Leaf 0
 	if (!is_intel_cpu(cpuinfo[0]))	{
 		SGX_UNREACHABLE_CODE(SET_NO_ERRNO);
 	}
+#endif
 
 	// Leaf 1
 	sgxssl_cpuid_leaf_info(1,

Linux/sgx/libsgx_tsgxssl/tsgxssl_version.cpp

@@ -30,7 +30,7 @@
  */
 
 // This string should be updated before every release!!
-#define STRFILEVER "1.1.1l"
+#define STRFILEVER "1.1.1o"
 
 #define __CONCAT(x, y) x/**/y
 

Linux/sgx/libsgx_usgxssl/Makefile

@@ -48,6 +48,11 @@ else
 		include ../../../../../buildenv.mk
 		SGX_EDGER8R := $(BUILD_DIR)/sgx_edger8r
 		SGX_SDK_INC := $(COMMON_DIR)/inc
+	else ifeq ($(LINUX_SGX_BUILD), 2)
+                include ../../../../../QuoteGeneration/buildenv.mk
+                SGX_EDGER8R := $(TD_MIGRATION_STD_LIB_PATH)/sgx_edger8r
+                SGX_SDK_INC := $(TD_MIGRATION_STD_INC_PATH)
+                LIBCXX_INC := $(TD_MIGRATION_LINUX_TRUNK_ROOT_PATH)/sdk/tlibcxx/include
 	else
 		SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
 		SGX_SDK_INC := $(SGX_SDK)/include

Linux/sgx/libsgx_usgxssl/usgxssl_version.cpp

@@ -30,7 +30,7 @@
  */
 
 // This string should be updated before every release!!
-#define STRFILEVER "1.1.1l"
+#define STRFILEVER "1.1.1o"
 
 #define __CONCAT(x, y) x/**/y
 

Linux/sgx/test_app/sgx_t.mk

@@ -53,6 +53,11 @@ else
 		SGX_EDGER8R := $(BUILD_DIR)/sgx_edger8r
 		SGX_SDK_INC := $(COMMON_DIR)/inc
 		LIBCXX_INC := $(LINUX_SDK_DIR)/tlibcxx/include
+	else ifeq ($(LINUX_SGX_BUILD), 2)
+                include ../../../../../QuoteGeneration/buildenv.mk
+                SGX_EDGER8R := $(TD_MIGRATION_STD_LIB_PATH)/sgx_edger8r
+                SGX_SDK_INC := $(TD_MIGRATION_STD_INC_PATH)
+                LIBCXX_INC := $(TD_MIGRATION_LINUX_TRUNK_ROOT_PATH)/sdk/tlibcxx/include
 	else
 		SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
 		SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign

README.md

@@ -5,7 +5,7 @@ Introduction
 ------------
 The Intel® Software Guard Extensions SSL (Intel® SGX SSL) cryptographic library is intended to provide cryptographic services for Intel® Software Guard Extensions (SGX) enclave applications.
 The Intel® SGX SSL cryptographic library is based on the underlying OpenSSL* Open Source project, providing a full-strength general purpose cryptography library.
-Supported OpenSSL version is 1.1.1m. To work with 1.1.0 version please use "openssl_1.1.0" branch.
+Supported OpenSSL version is 1.1.1q. To work with 1.1.0 version please use "openssl_1.1.0" branch.
 
 In order to build Intel® SGX SSL libraries based on old OpenSSL version, checkout the tag with the corresponding versioning, e.g. lin_2.5_1.1.1c. Tag naming convention ``[lin/win]_<Intel(R) SGX SDK VERSION>_<OpenSSL VERSION>``.
 
@@ -42,11 +42,11 @@ Windows
  (Note: Perl, NASM need to be included in machine's PATH variable)
 
 To build Intel® SGX SSL package in Windows OS:
-1. Download OpenSSL package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1m.tar.gz)
+1. Download OpenSSL package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1q.tar.gz)
 2. Download and install latest SGX SDK from [Intel Developer Zone](https://software.intel.com/en-us/sgx-sdk/download). You can find installation guide from the same website.
 3. Change the directory to the SGXSSL path and enter the following command:
 ```
-build_all.cmd <OPENSSL_VERSION> [default == openssl-1.1.1]
+build_all.cmd
 ```
 This will build the Intel® SGX SSL libraries (libsgx_tsgxssl.lib, libsgx_usgxssl.lib, libsgx_tsgxssl_crypto.lib), which can be found in package/lib/{Win32|X64}/{debug|release}/. And the version with CVE-2020-0551 Mitigation enabled can be found in package/lib/X64/{CVE-2020-0551-CF-Release|CVE-2020-0551-Load-Release}/.
 
@@ -58,7 +58,7 @@ Linux
 - Intel(R) SGX Linux latest release, including SDK, PSW, and driver
 
 To build Intel® SGX SSL package in Linux OS:
-1. Download OpenSSL 1.1.1m package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1m.tar.gz)
+1. Download OpenSSL 1.1.1q package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1q.tar.gz)
 2. Download and install latest SGX SDK from [01.org](https://01.org/intel-software-guard-extensions/downloads). You can find installation guide in the same website.
 3. Source SGX SDK's environment variables.
 4. Cd to Linux/ directory and run:
@@ -68,11 +68,12 @@ make all test
 This will build and test the Intel® SGX SSL libraries (libsgx_tsgxssl.a, libsgx_usgxssl.a, libsgx_tsgxssl_crypto.a), which can be found in package/lib64/. And the Intel® SGX SSL trusted libraries (libsgx_tsgxssl.lib,  libsgx_tsgxssl_crypto.lib) with CVE-2020-0551 Mitigation enabled can be found in package/lib64/{cve_2020_0551_cf|cve_2020_0551_load}/.
 
 ### Available `make` flags:
-- DEBUG={1,0}: Libraries build mode, with debug symbols or without.
-- SGX_MODE={HW,SIM}: SGX feature mode. Hardware/Simulation
-- DESTDIR=\<PATH\>: Directory realpath to install Intel® SGX SSL libraries in. Default /opt/intel/sgxssl/
-- VERBOSE={1,0}: Makefile verbose mode. Print compilation commands before executing it.
-- NO_THREADS={1,0}: Enable "no-threads" in the OpenSSL's build configuration options
+- DEBUG={1,0}: Libraries build mode, with debug symbols or without. Default ``0``.
+- NO_THREADS={1,0}: Enable ``no-threads`` in the OpenSSL's build configuration options. Default ``0``.
+- SGX_MODE={HW,SIM}: User can take ``SIM`` to run the unit test on non-SGX platform if necessary. Default ``HW``. 
+- DESTDIR=\<PATH\>: Directory realpath to install Intel® SGX SSL libraries in. Default ``/opt/intel/sgxssl/``. 
+- VERBOSE={1,0}: Makefile verbose mode. Print compilation commands before executing it. Default ``0``.
+
 
 To install Intel® SGX SSL libraries in Linux OS, run:
 ```

Windows/build_all.cmd

@@ -1,6 +1,6 @@
 @echo off
 Rem 
-Rem Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+Rem Copyright (C) 2011-2022 Intel Corporation. All rights reserved.
 Rem 
 Rem Redistribution and use in source and binary forms, with or without
 Rem modification, are permitted provided that the following conditions
@@ -36,7 +36,7 @@ Rem
 set SGXSSL_VERSION=1.9.100.%errorlevel%
 
 REM Check if Prerequisites apps available
-echo "Validating Prerequisites (perl, nasm)"
+echo "Validating Prerequisites (Perl, NASM, OpenSSL source)"
 perl -v > nul 2>&1
 if %errorlevel% neq 0 (
 	echo "Build failed, can't find perl."
@@ -48,12 +48,11 @@ if %errorlevel% neq 0 (
 	exit /b 1
 )
 
+set OPENSSL_VERSION=openssl-1.1.1q
 
-REM This variable must be set to the openssl file name (version) located in the openssl_source folder
-if "%1"=="" (
-	set OPENSSL_VERSION=openssl-1.1.1
-) else (
-	set OPENSSL_VERSION=%1
+if not exist ..\openssl_source\%OPENSSL_VERSION%.tar.gz (
+        echo "Please download %OPENSSL_VERSION%.tar.gz and put at ..\openssl_source\"
+	exit /b 1
 )
 
 for /f "tokens=2*" %%A in ('REG QUERY "HKLM\SOFTWARE\Intel\SGX_PSW" /v Version') DO (
@@ -118,12 +117,13 @@ if %errorlevel% neq 0 (
 
 REM # generate list of tools used for creating this release
 set BUILD_TOOLS_FILENAME=sgxssl.%SGXSSL_VERSION%.build-tools.txt
-echo "OpenSSL package version:" >> %BUILD_TOOLS_FILENAME%
+echo "OpenSSL package version:" > %BUILD_TOOLS_FILENAME%
 echo "%OPENSSL_VERSION%" >> %BUILD_TOOLS_FILENAME%
-echo "SVN revision:" >> %BUILD_TOOLS_FILENAME%
-echo "%SVN_REVISION%" >> %BUILD_TOOLS_FILENAME%
+echo "GIT commit:" >> %BUILD_TOOLS_FILENAME%
+git log -1 --pretty=format:%%h >> %BUILD_TOOLS_FILENAME%
+echo; >> %BUILD_TOOLS_FILENAME%
 echo "perl --version:" >> %BUILD_TOOLS_FILENAME%
-perl --version >> %BUILD_TOOLS_FILENAME%
+perl --version | findstr ver >> %BUILD_TOOLS_FILENAME%
 
 
 echo "Build completed: Zipping package  %date% %time%"

Windows/build_package.cmd

@@ -38,7 +38,6 @@ set SGXSSL_ROOT=%cd%
 set SGXSSL_SOLUTION=%SGXSSL_ROOT%\sgx\
 set OPENSSL_VERSION=%2
 set TEST_MODE=%4
-set OPENSSL_INSTALL_DIR=%SGXSSL_ROOT%\..\openssl_source\OpenSSL_install_dir_tmp
 set PROCESSOR_ARCHITECTURE=AMD64
 set WIN_SDK_VER=8.1
 perl svn_revision.pl > sgx\libsgx_tsgxssl\tsgxssl_version.h
@@ -143,7 +142,7 @@ if "%my_Configuration%"=="CVE-2020-0551-CF-Release" (
 		set CVE_2020_0551_MITIGATIONS=-Qspectre-load
 	)
 )
-perl Configure --config=sgx_config.conf %OPENSSL_CFG_PLFM%  %CVE_2020_0551_MITIGATIONS% no-dtls no-ssl2 no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-hw no-dso no-shared no-ui-console no-ssl3 no-md2 no-md4 no-stdio -FI"%SGXSSL_ROOT%\..\openssl_source\bypass_to_sgxssl.h" -D_NO_CRT_STDIO_INLINE -DOPENSSL_NO_SOCK -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASYNC -arch:IA32  --prefix=%OPENSSL_INSTALL_DIR%
+perl Configure --config=sgx_config.conf %OPENSSL_CFG_PLFM%  %CVE_2020_0551_MITIGATIONS% no-dtls no-ssl2 no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-hw no-dso no-shared no-ui-console no-ssl3 no-md2 no-md4 no-stdio -FI"%SGXSSL_ROOT%\..\openssl_source\bypass_to_sgxssl.h" -D_NO_CRT_STDIO_INLINE -DOPENSSL_NO_SOCK -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASYNC -arch:IA32 
 call powershell -Command "(Get-Content crypto\engine\tb_rand.c) |  Foreach-Object {$_ -replace 'ENGINE_set_default_RAND', 'dummy_ENGINE_set_default_RAND'} | Out-File crypto\engine\tb_rand.c"
 
 copy /y "%SGXSDKInstallPath%scripts\sgx-asm-pp.py" .

Windows/sgx/libsgx_tsgxssl/libsgx_tsgxssl.vcxproj

@@ -341,6 +341,8 @@
       <ProgramDataBaseFileName>$(IntDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <OmitDefaultLibName>true</OmitDefaultLibName>
       <AdditionalOptions>/d2FH4-  /Zc:tlsGuards- %(AdditionalOptions)</AdditionalOptions>
+      <UseFullPaths>false</UseFullPaths>
+      <DebugInformationFormat>None</DebugInformationFormat>
     </ClCompile>
     <Lib>
       <LinkTimeCodeGeneration>true</LinkTimeCodeGeneration>

Windows/sgx/libsgx_tsgxssl/tadvapi32.cpp

@@ -31,7 +31,6 @@
 
 #include "tcommon.h"
 
-#include "sgx_trts.h"
 #include "string.h"
 
 extern "C" {
@@ -153,4 +152,4 @@ int WINAPI sgxssl_MessageBoxW(
 	return 0;
 }
 
-}
+}

Windows/sgx/libsgx_tsgxssl/tcommon.h

@@ -34,7 +34,7 @@
 
 #include <stdlib.h>
 #include <sgx_trts.h>
-#include "libsgx_tsgxssl_t.h"
+#include "sgx_tsgxssl_t.h"
 #include "errno.h"
 
 #include "defines.h"

Windows/sgx/libsgx_tsgxssl/tcpu_utils.cpp

@@ -35,8 +35,7 @@
 // It contains masks for g_cpu_feature_indicator bits
 #include "se_cpu_feature_defs.h"
 
-#include "libsgx_tsgxssl_t.h"
-#include "tCommon.h"
+#include "tcommon.h"
 
 extern "C" {
 

Windows/sgx/libsgx_tsgxssl/texceptions.cpp

@@ -29,7 +29,6 @@
  *
  */
 
-#include <sgx_trts.h>
 #include <sgx_trts_exception.h>
 #include <sgx_cpuid.h>
 #include <stdlib.h>

Windows/sgx/libsgx_tsgxssl/tkernel32.cpp

@@ -33,11 +33,9 @@
 #include <stdlib.h>
 #include <map>
 
-#include <sgx_trts.h>
 #include <sgx_spinlock.h>
 
 #include "tcommon.h"
-#include "libsgx_tsgxssl_t.h"
 
 extern "C" {
 

Windows/sgx/libsgx_tsgxssl/tkernel32_file.cpp

@@ -31,9 +31,7 @@
 
 #define printf	sgxssl_printf
 
-#include <sgx_trts.h>
 #include "tcommon.h"
-#include "libsgx_tsgxssl_t.h"
 
 extern "C" {
 

Windows/sgx/libsgx_tsgxssl/tkernel32_module.cpp

@@ -31,9 +31,7 @@
 
 #include <stdio.h>
 #include <string>
-#include <sgx_trts.h>
 #include "tcommon.h"
-#include "libsgx_tsgxssl_t.h"
 
 extern "C" {
 

Windows/sgx/libsgx_tsgxssl/tkernel32_threading.cpp

@@ -32,14 +32,11 @@
 #pragma warning(disable:4197)
 #include <map>
 #include <vector>
-#include <sgx_trts.h>
 #include <sgx_thread.h>
 #include <sgx_spinlock.h>
 
 #include "tcommon.h"
 
-#include "libsgx_tsgxssl_t.h"
-
 #define NTAPI __stdcall
 
 //////////////////// LAST ERROR ////////////////////

Windows/sgx/libsgx_tsgxssl/tstdio.cpp

@@ -34,7 +34,6 @@
 #include <wchar.h>
 #include <string.h>
 #include "tcommon.h"
-#include "libsgx_tsgxssl_t.h"
 #include "tSgxSSL_api.h"
 
 extern PRINT_TO_STDOUT_STDERR_CB s_print_cb;
@@ -530,4 +529,4 @@ int sgx_print(const char *format, ...)
 }
 
 
-}
+}

Windows/sgx/libsgx_tsgxssl/tstdlib.cpp

@@ -33,7 +33,6 @@
 #include <string.h>
 #include "tcommon.h"
 #include "errno.h"
-#include "libsgx_tsgxssl_t.h"
 #include "tSgxSSL_api.h"