Browse Source

Use latest sgxssl and remove an insecure flag

Signed-off-by: Zhang Lili Z <lili.z.zhang@intel.com>
Zhang Lili Z 5 years ago
parent
commit
43b8f79721
2 changed files with 32 additions and 10 deletions
  1. 27 7
      external/sgxssl/prepare_sgxssl.sh
  2. 5 3
      sdk/tlibcrypto/Makefile

+ 27 - 7
external/sgxssl/prepare_sgxssl.sh

@@ -34,15 +34,24 @@ top_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 openssl_out_dir=$top_dir/openssl_source
 openssl_ver_name=openssl-1.1.0h
 sgxssl_github_archive=https://github.com/01org/intel-sgx-ssl/archive
-sgxssl_ver_name=sdk_2.1_integ
-sgxssl_ver=sdk_2.1_integ
-build_script=$top_dir/Linux/build_sgxssl.sh
+sgxssl_ver_name=v2.2
+sgxssl_ver=2.2
+build_script=$top_dir/Linux/build_openssl.sh
 server_url_path=https://www.openssl.org/source/
 full_openssl_url=$server_url_path/$openssl_ver_name.tar.gz
 full_openssl_url_old=$server_url_path/old/1.1.0/$openssl_ver_name.tar.gz
 
+sgxssl_chksum=e2ad431ef7ef1377d1d91266ac95e1dd2e83b2491e91bbb5460e8b043a169ab7
+openssl_chksum=5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517
 if [ ! -f $build_script ]; then
-	wget $sgxssl_github_archive/$sgxssl_ver_name.zip -P $top_dir --no-check-certificate || exit 1
+	wget $sgxssl_github_archive/$sgxssl_ver_name.zip -P $top_dir || exit 1
+	sha256sum $top_dir/$sgxssl_ver_name.zip > check_sum_sgxssl.txt
+	grep $sgxssl_chksum check_sum_sgxssl.txt
+	if [ $? -ne 0 ]; then 
+		echo "File $top_dir/$sgxssl_ver_name.zip checksum failure"
+		rm -f $top_dir/$sgxssl_ver_name.zip check_sum_sgxssl.txt
+		exit -1
+	fi
 	unzip -qq $top_dir/$sgxssl_ver_name.zip -d $top_dir || exit 1
 	mv $top_dir/intel-sgx-ssl-$sgxssl_ver/* $top_dir || exit 1
 	rm $top_dir/$sgxssl_ver_name.zip || exit 1
@@ -50,7 +59,18 @@ if [ ! -f $build_script ]; then
 fi
 
 if [ ! -f $openssl_out_dir/$openssl_ver_name.tar.gz ]; then
-	wget $full_openssl_url_old -P $openssl_out_dir --no-check-certificate || wget $full_openssl_url -P $openssl_out_dir --no-check-certificate || exit 1
+	wget $full_openssl_url_old -P $openssl_out_dir || wget $full_openssl_url -P $openssl_out_dir || exit 1
+	sha256sum $openssl_out_dir/$openssl_ver_name.tar.gz > check_sum_openssl.txt
+	grep $openssl_chksum check_sum_openssl.txt
+	if [ $? -ne 0 ]; then
+		echo "File $openssl_out_dir/$openssl_ver_name.tar.gz checksum failure"
+		rm -f $openssl_out_dir/$openssl_ver_name.tar.gz check_sum_openssl.txt
+		exit -1 
+	fi
 fi
-chmod +x $build_script
-$build_script no-clean linux-sgx || exit 1
+rm -f check_sum_sgxssl.txt check_sum_openssl.txt
+
+pushd $top_dir/Linux/
+make clean all LINUX_SGX_BUILD=1
+make clean all LINUX_SGX_BUILD=1 DEBUG=1
+popd

+ 5 - 3
sdk/tlibcrypto/Makefile

@@ -49,14 +49,16 @@ else
     $(error SGXSSL doesn't support 32bit)
 endif #($(ARCH), x86_64)
 
+OPENSSL_LIBRARY_PATH := $(OPENSSL_PACKAGE)/lib64/
 ifdef DEBUG
     SGX_COMMON_CFLAGS += -O0
-    OPENSSL_LIBRARY_PATH := $(OPENSSL_PACKAGE)/lib64/debug
+    OpenSSL_Crypto_Library_Name := sgx_tsgxssl_cryptod
+    SGXSSL_Library_Name := sgx_tsgxssld
 else
-    OPENSSL_LIBRARY_PATH := $(OPENSSL_PACKAGE)/lib64/release
+    OpenSSL_Crypto_Library_Name := sgx_tsgxssl_crypto
+    SGXSSL_Library_Name := sgx_tsgxssl
 endif
 
-OpenSSL_Crypto_Library_Name := sgx_tsgxssl_crypto
 SGXSSL_Library_Name := sgx_tsgxssl
 PREPARE_SGXSSL := $(LINUX_EXTERNAL_DIR)/sgxssl/prepare_sgxssl.sh
 PREPRARE_SGX_SSL: