!16 openEuler 22.03 LTS版本intel-sgx-ssl软件升级至2.15.1_1.1.1l

Merge pull request !16 from hzero1996/openEuler-22.03-LTS-Next

0001-Solution_to_issue_ssl_library_is_not_supported.patch

@@ -1,43 +1,103 @@
-From 05d61201781597f53cb7dfcd9508ac0141315131 Mon Sep 17 00:00:00 2001
+From 94d10d73ac952fc8b4f5b6581b858d6fe7f7a352 Mon Sep 17 00:00:00 2001
 From: yanlu <yanlu14@huawei.com>
-Date: Tue, 26 Jan 2021 11:24:43 +0800
+Date: Thu, 25 Feb 2021 16:41:56 +0800
-Subject: [PATCH] add ocall file operation and getenv
+Subject: [PATCH] support ssl library
+
+Update Makefile
+
+update copyright year
+
+Reference: https://github.com/intel/intel-sgx-ssl/commit/94d10d73ac952fc8b4f5b6581b858d6fe7f7a352
+Conflict: NA
 
 ---
- .../Linux/build_openssl.sh                    |   2 +-
+ Linux/Makefile                                |   1 +
- .../Linux/package/include/sgx_tsgxssl.edl     |  12 +
+ Linux/build_openssl.sh                        |   9 +-
- .../Linux/package/include/tsgxsslio.h         |   8 +-
+ Linux/package/include/sgx_tsgxssl.edl         |  14 ++
- .../Linux/sgx/libsgx_tsgxssl/tstdio.cpp       | 339 +++++++++++++++---
+ Linux/package/include/tsgxsslio.h             |  13 +-
- .../Linux/sgx/libsgx_tsgxssl/tstdlib.cpp      |  48 +--
+ Linux/sgx/buildenv.mk                         |   2 +
- .../Linux/sgx/libsgx_usgxssl/ustdio.cpp       |  96 +++++
+ Linux/sgx/libsgx_tsgxssl/Makefile             |   2 +-
- .../Linux/sgx/libsgx_usgxssl/ustdlib.cpp      |  61 ++++
+ Linux/sgx/libsgx_tsgxssl/tcommon.h            |   1 +
- .../sgx/test_app/enclave/tests/stdio_func.c   |   4 +-
+ Linux/sgx/libsgx_tsgxssl/tstdio.cpp           | 229 ++++++++++++++++++
- .../openssl_source/bypass_to_sgxssl.h         |  10 +-
+ Linux/sgx/libsgx_tsgxssl/tstdlib.cpp          |  48 ++--
- 9 files changed, 483 insertions(+), 97 deletions(-)
+ Linux/sgx/libsgx_tsgxssl/tunistd.cpp          |  59 ++---
- create mode 100644 intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdio.cpp
+ Linux/sgx/libsgx_usgxssl/Makefile             |   2 +-
- create mode 100644 intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdlib.cpp
+ Linux/sgx/libsgx_usgxssl/ustdio.cpp           |  96 ++++++++
+ Linux/sgx/libsgx_usgxssl/ustdlib.cpp          |  61 +++++
+ Linux/sgx/libsgx_usgxssl/uunistd.cpp          |  46 ++++
+ Linux/sgx/test_app/enclave/tests/stdio_func.c |   4 +-
+ openssl_source/bypass_to_sgxssl.h             |  11 +-
+ 16 files changed, 516 insertions(+), 82 deletions(-)
+ create mode 100644 Linux/sgx/libsgx_usgxssl/ustdio.cpp
+ create mode 100644 Linux/sgx/libsgx_usgxssl/ustdlib.cpp
+ create mode 100644 Linux/sgx/libsgx_usgxssl/uunistd.cpp
 
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh
+diff --git a/Linux/Makefile b/Linux/Makefile
-index 4c5b999..157965d 100755
+index 9524f45..304ce24 100644
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh
+--- a/Linux/Makefile
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh
++++ b/Linux/Makefile
-@@ -133,7 +133,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1
+@@ -55,6 +55,7 @@ sgxssl_no_mitigation:
+ clean:
+ 	$(MAKE) -C sgx/ clean
+ 	rm -rf $(PACKAGE_LIB)/$(OPENSSL_LIB) $(PACKAGE_INC)/openssl/
++	rm -rf $(PACKAGE_LIB)/$(OPENSSL_SSL_LIB)
+ 	rm -rf $(PACKAGE_LIB)/cve_2020_0551_load
+ 	rm -rf $(PACKAGE_LIB)/cve_2020_0551_cf
+ 
+diff --git a/Linux/build_openssl.sh b/Linux/build_openssl.sh
+index 7d77b79..9dc4082 100755
+--- a/Linux/build_openssl.sh
++++ b/Linux/build_openssl.sh
+@@ -59,6 +59,7 @@ tar xvf $OPENSSL_VERSION.tar.gz || exit 1
+ 
+ # Remove AESBS to support only AESNI and VPAES
+ sed -i '/BSAES_ASM/d' $OPENSSL_VERSION/Configure
++sed -i 's/-Wa,--noexecstack/-Wa,--noexecstack -fstack-protector-strong/' $OPENSSL_VERSION/Configure
+ 
+ ##Space optimization flags.
+ SPACE_OPT=
+@@ -69,8 +70,10 @@ sed -i '/OPENSSL_die("assertion failed/d' $OPENSSL_VERSION/include/openssl/crypt
+ fi
+ 
+ OUTPUT_LIB=libsgx_tsgxssl_crypto.a
++OUTPUT_SSLLIB=libsgx_tsgxssl_ssl.a
+ if [[ "$*" == *"debug"* ]] ; then
+ 	OUTPUT_LIB=libsgx_tsgxssl_cryptod.a
++	OUTPUT_SSLLIB=libsgx_tsgxssl_ssld.a
+     ADDITIONAL_CONF="-g "
+ fi
+ 
+@@ -136,8 +139,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1
  cp x86_64-xlate.pl $OPENSSL_VERSION/crypto/perlasm/ || exit 1
  
  cd $SGXSSL_ROOT/../openssl_source/$OPENSSL_VERSION || exit 1
--perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-hw no-dso no-shared no-ssl3 no-md2 no-md4 no-ui no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h --prefix=$OPENSSL_INSTALL_DIR || exit 1
+-perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-hw no-dso no-shared no-ssl3 no-md2 no-md4 no-ui-console no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h --prefix=$OPENSSL_INSTALL_DIR || exit 1
+-
 +perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-hw no-dso no-shared no-ssl3 no-md2 no-md4 no-ui no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h -include$SGXSSL_ROOT/../Linux/package/include/tsgxsslio.h --prefix=$OPENSSL_INSTALL_DIR || exit 1
- 
+ sed -i 's/ENGINE_set_default_RAND/dummy_ENGINE_set_default_RAND/' crypto/engine/tb_rand.c
  make build_all_generated || exit 1
  
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl
+@@ -159,8 +161,9 @@ then
-index 3ad91d8..74dbdde 100644
+     cp $SGXSSL_ROOT/../openssl_source/Linux/x86_64cpuid.s       ./crypto/x86_64cpuid.s
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl
+ fi
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl
+ 
-@@ -39,6 +39,18 @@ enclave {
+-make libcrypto.a || exit 1
++make libcrypto.a libssl.a || exit 1
+ cp libcrypto.a $SGXSSL_ROOT/package/lib64/$OUTPUT_LIB || exit 1
++cp libssl.a $SGXSSL_ROOT/package/lib64/$OUTPUT_SSLLIB || exit 1
+ objcopy --rename-section .init=Q6A8dc14f40efc4288a03b32cba4e $SGXSSL_ROOT/package/lib64/$OUTPUT_LIB || exit 1
+ cp include/openssl/* $SGXSSL_ROOT/package/include/openssl/ || exit 1
+ cp include/crypto/* $SGXSSL_ROOT/package/include/crypto/ || exit 1
+diff --git a/Linux/package/include/sgx_tsgxssl.edl b/Linux/package/include/sgx_tsgxssl.edl
+index cbc4888..e385250 100644
+--- a/Linux/package/include/sgx_tsgxssl.edl
++++ b/Linux/package/include/sgx_tsgxssl.edl
+@@ -37,6 +37,20 @@ enclave {
+     
+     untrusted {
      	 void u_sgxssl_ftime([out, size=timeb_len] void * timeptr, uint32_t timeb_len);
-          int ocall_cc_read(int fd, [out, size = buf_len] void *buf, size_t buf_len);
++	 int ocall_cc_read(int fd, [out, size = buf_len] void *buf, size_t buf_len);
-          int ocall_cc_write(int fd, [in, size = buf_len] const void *buf, size_t buf_len);
++         int ocall_cc_write(int fd, [in, size = buf_len] const void *buf, size_t buf_len);
 +         int ocall_cc_getenv([in, size = name_len] const char *name, size_t name_len, [out, size = buf_len] void *buf, int buf_len, [out] int *need_len);
 +         uint64_t ocall_cc_fopen([in, size = filename_len] const char *filename, size_t filename_len, [in, size = mode_len] const char *mode, size_t mode_len);
 +         int ocall_cc_fclose(uint64_t fp);
@@ -53,126 +113,91 @@ index 3ad91d8..74dbdde 100644
      };
  
      trusted {
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/tsgxsslio.h b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/tsgxsslio.h
+diff --git a/Linux/package/include/tsgxsslio.h b/Linux/package/include/tsgxsslio.h
-index a200a17..8f9e35b 100644
+index a200a17..fe56f61 100644
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/tsgxsslio.h
+--- a/Linux/package/include/tsgxsslio.h
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/tsgxsslio.h
++++ b/Linux/package/include/tsgxsslio.h
-@@ -32,6 +32,12 @@
+@@ -32,6 +32,18 @@
  #ifndef _TSGXSSL_IO_H_
  #define _TSGXSSL_IO_H_
  
 -typedef void FILE;
 +#include <stdio.h>
++#ifndef __FILE_defined
++#define __FILE_defined 1
++
++struct _IO_FILE;
++/* The opaque type of streams.  This is the definition used elsewhere.  */
++typedef struct _IO_FILE FILE;
++#endif
 +
 +#undef stdout
 +#define stdout ((void*)1)
 +#undef stderr
 +#define stderr ((void*)2)
-+typedef struct _IO_FILE FILE;
  
  #endif // _TSGXSSL_IO_H_
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdio.cpp b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdio.cpp
+diff --git a/Linux/sgx/buildenv.mk b/Linux/sgx/buildenv.mk
-index ebb8abb..1e6d8bc 100644
+index cd8818e..7cd794c 100644
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdio.cpp
+--- a/Linux/sgx/buildenv.mk
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdio.cpp
++++ b/Linux/sgx/buildenv.mk
-@@ -1,55 +1,284 @@
+@@ -73,11 +73,13 @@ endif
--/*
+ ifeq ($(DEBUG), 1)
-- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
+ 	OBJDIR := debug
-- *
+ 	OPENSSL_LIB := libsgx_tsgxssl_cryptod.a
-- * Redistribution and use in source and binary forms, with or without
++	OPENSSL_SSL_LIB := libsgx_tsgxssl_ssld.a
-- * modification, are permitted provided that the following conditions
+ 	TRUSTED_LIB := libsgx_tsgxssld.a
-- * are met:
+ 	UNTRUSTED_LIB := libsgx_usgxssld.a
-- *
+ else
-- *   * Redistributions of source code must retain the above copyright
+ 	OBJDIR := release
-- *     notice, this list of conditions and the following disclaimer.
+ 	OPENSSL_LIB := libsgx_tsgxssl_crypto.a
-- *   * Redistributions in binary form must reproduce the above copyright
++	OPENSSL_SSL_LIB := libsgx_tsgxssl_ssl.a
-- *     notice, this list of conditions and the following disclaimer in
+ 	TRUSTED_LIB := libsgx_tsgxssl.a
-- *     the documentation and/or other materials provided with the
+ 	UNTRUSTED_LIB := libsgx_usgxssl.a
-- *     distribution.
+ endif
-- *   * Neither the name of Intel Corporation nor the names of its
+diff --git a/Linux/sgx/libsgx_tsgxssl/Makefile b/Linux/sgx/libsgx_tsgxssl/Makefile
-- *     contributors may be used to endorse or promote products derived
+index 40d8f3b..3eb4a7e 100644
-- *     from this software without specific prior written permission.
+--- a/Linux/sgx/libsgx_tsgxssl/Makefile
-- *
++++ b/Linux/sgx/libsgx_tsgxssl/Makefile
-- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+@@ -90,7 +90,7 @@ Sgx_tssl_S_Objects := $(addprefix $(OBJDIR)/, $(Sgx_tssl_S_Files:.S=.o))
-- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ 
-- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ Sgx_tssl_Include_Paths := -I. -I$(PACKAGE_INC) -I$(SGX_SDK_INC) -I$(SGX_SDK_INC)/tlibc -I$(LIBCXX_INC)
-- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ 
-- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+-Common_C_Cpp_Flags := -DOS_ID=$(OS_ID) $(SGX_COMMON_CFLAGS) -nostdinc -fdata-sections -ffunction-sections -Os -Wl,--gc-sections -fvisibility=hidden -fpie -fpic -fstack-protector -fno-builtin-printf -Wformat -Wformat-security $(Sgx_tssl_Include_Paths)
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
++Common_C_Cpp_Flags := -DOS_ID=$(OS_ID) $(SGX_COMMON_CFLAGS) -nostdinc -fdata-sections -ffunction-sections -Os -Wl,--gc-sections -fvisibility=hidden -fpie -fpic -fstack-protector-strong -fno-builtin-printf -Wformat -Wformat-security $(Sgx_tssl_Include_Paths)
-- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ Sgx_tssl_C_Flags := $(Common_C_Cpp_Flags) -Wno-implicit-function-declaration -std=c11 $(MITIGATION_CFLAGS) $(NO_THREADS_CFLAG)
-- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ Sgx_tssl_Cpp_Flags := $(Common_C_Cpp_Flags) -std=c++11 -nostdinc++ $(MITIGATION_CFLAGS)
-- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ $(shell mkdir -p $(OBJDIR))
-- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+diff --git a/Linux/sgx/libsgx_tsgxssl/tcommon.h b/Linux/sgx/libsgx_tsgxssl/tcommon.h
-- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+index f8d9379..dd1ca8d 100644
-- *
+--- a/Linux/sgx/libsgx_tsgxssl/tcommon.h
-- */
++++ b/Linux/sgx/libsgx_tsgxssl/tcommon.h
--
+@@ -40,6 +40,7 @@
--#include <stdio.h>
+ #include "tdefines.h"
--#include "tcommon.h"
+ #include "tSgxSSL_api.h"
--#include "sgx_tsgxssl_t.h"
+ 
--#include "tSgxSSL_api.h"
++#define CC_SSL_SUCCESS 0
--
+ 
--extern PRINT_TO_STDOUT_STDERR_CB s_print_cb;
+ //#define DO_SGX_LOG
--
+ #define DO_SGX_WARN
--extern "C" {
+diff --git a/Linux/sgx/libsgx_tsgxssl/tstdio.cpp b/Linux/sgx/libsgx_tsgxssl/tstdio.cpp
--
+index 800a9a7..1e6d8bc 100644
--int sgx_print(const char *format, ...)
+--- a/Linux/sgx/libsgx_tsgxssl/tstdio.cpp
--{
++++ b/Linux/sgx/libsgx_tsgxssl/tstdio.cpp
--	if (s_print_cb != NULL) {
+@@ -30,14 +30,243 @@
--		va_list vl;
+  */
--		va_start(vl, format);
+ 
--		int res = s_print_cb(STREAM_STDOUT, format, vl);
+ #include <stdio.h>
--		va_end(vl);
--
--		return res;
--	}
--	
--	return 0;
--}
--
--}
-+/*
-+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ *   * Redistributions of source code must retain the above copyright
-+ *     notice, this list of conditions and the following disclaimer.
-+ *   * Redistributions in binary form must reproduce the above copyright
-+ *     notice, this list of conditions and the following disclaimer in
-+ *     the documentation and/or other materials provided with the
-+ *     distribution.
-+ *   * Neither the name of Intel Corporation nor the names of its
-+ *     contributors may be used to endorse or promote products derived
-+ *     from this software without specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <stdio.h>
 +#include <string.h>
-+#include "tcommon.h"
+ #include "tcommon.h"
-+#include "sgx_tsgxssl_t.h"
+ #include "sgx_tsgxssl_t.h"
-+#include "tSgxSSL_api.h"
+ #include "tSgxSSL_api.h"
 +#include "tsgxsslio.h"
-+
+ 
-+extern PRINT_TO_STDOUT_STDERR_CB s_print_cb;
+ extern PRINT_TO_STDOUT_STDERR_CB s_print_cb;
-+
+ 
-+extern "C" {
+ extern "C" {
-+
+ 
 +int print_with_cb(void* fp, const char* fmt, __va_list vl)
 +{
 +    int res = -1;
@@ -400,25 +425,13 @@ index ebb8abb..1e6d8bc 100644
 +    return ret;
 +}
 +
-+int sgx_print(const char *format, ...)
+ int sgx_print(const char *format, ...)
-+{
+ {
-+	if (s_print_cb != NULL) {
+ 	if (s_print_cb != NULL) {
-+		va_list vl;
+diff --git a/Linux/sgx/libsgx_tsgxssl/tstdlib.cpp b/Linux/sgx/libsgx_tsgxssl/tstdlib.cpp
-+		va_start(vl, format);
+index 81851a7..fb794db 100644
-+		int res = s_print_cb(STREAM_STDOUT, format, vl);
+--- a/Linux/sgx/libsgx_tsgxssl/tstdlib.cpp
-+		va_end(vl);
++++ b/Linux/sgx/libsgx_tsgxssl/tstdlib.cpp
-+
-+		return res;
-+	}
-+	
-+	return 0;
-+}
-+
-+}
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdlib.cpp b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdlib.cpp
-index c6a8066..9a66c72 100644
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdlib.cpp
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdlib.cpp
 @@ -57,39 +57,25 @@ SGX_ACCESS_VERSION(tssl, 1);
  
  extern "C" {
@@ -462,11 +475,11 @@ index c6a8066..9a66c72 100644
 +    int ret = 0;
 +    int res;
 +    int buf_len = 0;
-+    
++
 +    if (t_env_buf == NULL || MAX_ENV_BUF_LEN <= 0) {
 +        return NULL;
 +    }
-+   
++
 +    memset(t_env_buf, 0, MAX_ENV_BUF_LEN);
 +    res = ocall_cc_getenv(&ret, name, strlen(name), t_env_buf, MAX_ENV_BUF_LEN, &buf_len);
 +    if (res != CC_SSL_SUCCESS || ret <= 0 || ret != buf_len) {
@@ -475,12 +488,100 @@ index c6a8066..9a66c72 100644
 +    return t_env_buf;
  }
  
- int sgxssl_atexit(void (*function)(void))
+ }
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdio.cpp b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdio.cpp
+diff --git a/Linux/sgx/libsgx_tsgxssl/tunistd.cpp b/Linux/sgx/libsgx_tsgxssl/tunistd.cpp
+index 7bdfa07..d7aba27 100644
+--- a/Linux/sgx/libsgx_tsgxssl/tunistd.cpp
++++ b/Linux/sgx/libsgx_tsgxssl/tunistd.cpp
+@@ -56,47 +56,34 @@ int sgxssl_pipe (int pipefd[2])
+ 
+ size_t sgxssl_write (int fd, const void *buf, size_t n)
+ {
+-	FSTART;
+-
+-	if (fd == FAKE_PIPE_WRITE_FD) {
+-		// With pipes the function is used only by the engines/e_dasync.c (dummy async engine).
+-		SGX_UNSUPPORTED_FUNCTION(SET_ERRNO);
+-
+-		FEND;
+-		// On error, -1 is returned, and errno is set appropriately
+-		return -1;
+-	}
+-
+-	// In addition, the function is used by bss_sock.c as writesocket function.
+-	// It is unreachable under the assumption that TLS support is not required.
+-	// Otherwise should be implemented as OCALL.
+-	SGX_UNREACHABLE_CODE(SET_ERRNO);
+-	FEND;
+-
+-	return -1;
++    int ret = 0;
++    int res;
+ 
++    if (fd == FAKE_PIPE_WRITE_FD) {
++        return -1;
++    }
++    
++    res = ocall_cc_write(&ret, fd, buf, n);
++    if (res != CC_SSL_SUCCESS) {
++        return -1;
++    }
++    return ret;
+ }
+ 
+ size_t sgxssl_read(int fd, void *buf, size_t count)
+ {
+-	FSTART;
+-
+-	if (fd == FAKE_PIPE_READ_FD) {
+-		// With pipes the function is used only by the engines/e_dasync.c (dummy async engine).
+-		SGX_UNSUPPORTED_FUNCTION(SET_ERRNO);
+-
+-		FEND;
+-		// On error, -1 is returned, and errno is set appropriately
+-		return -1;
+-	}
+-
+-	// In addition, the function is used by bss_sock.c as readsocket function.
+-	// It is unreachable under the assumption that TLS support is not required.
+-	// Otherwise should be implemented as OCALL.
+-	SGX_UNREACHABLE_CODE(SET_ERRNO);
+-	FEND;
+-
+-	return -1;
++    int ret = 0;
++    int res;
++    
++    if (fd == FAKE_PIPE_READ_FD) {
++        return -1;
++    }
++
++    res = ocall_cc_read(&ret, fd, buf, count);
++    if (res != CC_SSL_SUCCESS) {
++        return -1;
++    }
++    return ret;
+ }
+ 
+ // TODO
+diff --git a/Linux/sgx/libsgx_usgxssl/Makefile b/Linux/sgx/libsgx_usgxssl/Makefile
+index 5d7e756..ee1f29f 100644
+--- a/Linux/sgx/libsgx_usgxssl/Makefile
++++ b/Linux/sgx/libsgx_usgxssl/Makefile
+@@ -72,7 +72,7 @@ SGX_EDL_FILE := $(PACKAGE_INCLUDE)/sgx_tsgxssl.edl
+ 
+ Sgx_ussl_Include_Paths := -I. -I$(SGX_SDK_INC)
+ 
+-Sgx_ussl_C_Flags := $(SGX_COMMON_CFLAGS) -fpie -fpic -fstack-protector -Wformat -Wformat-security -Wno-attributes $(Sgx_ussl_Include_Paths)
++Sgx_ussl_C_Flags := $(SGX_COMMON_CFLAGS) -fpie -fpic -fstack-protector-strong -Wformat -Wformat-security -Wno-attributes $(Sgx_ussl_Include_Paths)
+ Sgx_ussl_Cpp_Flags := $(Sgx_ussl_C_Flags) -std=c++11
+ 
+ Sgx_ussl_Cpp_Files := $(wildcard *.cpp)
+diff --git a/Linux/sgx/libsgx_usgxssl/ustdio.cpp b/Linux/sgx/libsgx_usgxssl/ustdio.cpp
 new file mode 100644
 index 0000000..c4b15f7
 --- /dev/null
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdio.cpp
++++ b/Linux/sgx/libsgx_usgxssl/ustdio.cpp
 @@ -0,0 +1,96 @@
 +/*
 + * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
@@ -578,11 +679,11 @@ index 0000000..c4b15f7
 +    return fputs(str, (FILE *)fp);
 +}
 +}
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdlib.cpp b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdlib.cpp
+diff --git a/Linux/sgx/libsgx_usgxssl/ustdlib.cpp b/Linux/sgx/libsgx_usgxssl/ustdlib.cpp
 new file mode 100644
 index 0000000..7467e1d
 --- /dev/null
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdlib.cpp
++++ b/Linux/sgx/libsgx_usgxssl/ustdlib.cpp
 @@ -0,0 +1,61 @@
 +/*
 + * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
@@ -645,10 +746,62 @@ index 0000000..7467e1d
 +}
 +
 +}
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/test_app/enclave/tests/stdio_func.c b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/test_app/enclave/tests/stdio_func.c
+diff --git a/Linux/sgx/libsgx_usgxssl/uunistd.cpp b/Linux/sgx/libsgx_usgxssl/uunistd.cpp
+new file mode 100644
+index 0000000..c2456ba
+--- /dev/null
++++ b/Linux/sgx/libsgx_usgxssl/uunistd.cpp
+@@ -0,0 +1,46 @@
++/*
++ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ *   * Redistributions of source code must retain the above copyright
++ *     notice, this list of conditions and the following disclaimer.
++ *   * Redistributions in binary form must reproduce the above copyright
++ *     notice, this list of conditions and the following disclaimer in
++ *     the documentation and/or other materials provided with the
++ *     distribution.
++ *   * Neither the name of Intel Corporation nor the names of its
++ *     contributors may be used to endorse or promote products derived
++ *     from this software without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
++ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <unistd.h>
++
++extern "C" {
++
++int ocall_cc_read(int fd, void *buf, size_t buf_len)
++{
++    return read(fd, buf, buf_len);
++}
++
++int ocall_cc_write(int fd, const void *buf, size_t buf_len)
++{
++    return write(fd, buf, buf_len);
++}
++
++}
+diff --git a/Linux/sgx/test_app/enclave/tests/stdio_func.c b/Linux/sgx/test_app/enclave/tests/stdio_func.c
 index 286340e..13de4dd 100644
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/test_app/enclave/tests/stdio_func.c
+--- a/Linux/sgx/test_app/enclave/tests/stdio_func.c
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/test_app/enclave/tests/stdio_func.c
++++ b/Linux/sgx/test_app/enclave/tests/stdio_func.c
 @@ -42,7 +42,7 @@ static int print_fp(const char *str, size_t len, void *fp)
      printf("%s", str);
      return 1;
@@ -664,16 +817,17 @@ index 286340e..13de4dd 100644
  }
 -
 +*/
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/bypass_to_sgxssl.h b/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/bypass_to_sgxssl.h
+diff --git a/openssl_source/bypass_to_sgxssl.h b/openssl_source/bypass_to_sgxssl.h
-index 1c4d025..e938ff1 100644
+index 6ff3fc2..9676726 100644
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/bypass_to_sgxssl.h
+--- a/openssl_source/bypass_to_sgxssl.h
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/bypass_to_sgxssl.h
++++ b/openssl_source/bypass_to_sgxssl.h
-@@ -181,23 +181,19 @@
+@@ -181,23 +181,20 @@
  #define mlock sgxssl_mlock
  #define madvise sgxssl_madvise
  
 -/*
 -#define fopen64 sgxssl_fopen64
++
  #define fopen sgxssl_fopen
 -#define wfopen sgxssl_wfopen
  #define fclose sgxssl_fclose

0001-add-ocall-read-write.patch

@@ -1,435 +0,0 @@
-From 7b20f1fee1c7a437274870c0015435d7f5adcb03 Mon Sep 17 00:00:00 2001
-From: yanlu <yanlu14@huawei.com>
-Date: Mon, 18 Jan 2021 19:24:32 +0800
-Subject: [PATCH] add ocall read write
-
----
- intel-sgx-ssl-lin_2.10_1.1.1g/Linux/Makefile  |   1 +
- .../Linux/build_openssl.sh                    |   5 +-
- .../Linux/package/include/sgx_tsgxssl.edl     |   2 +
- .../Linux/sgx/buildenv.mk                     |   2 +
- .../Linux/sgx/libsgx_tsgxssl/tcommon.h        |   1 +
- .../Linux/sgx/libsgx_tsgxssl/tunistd.cpp      | 271 +++++++++---------
- .../Linux/sgx/libsgx_usgxssl/uunistd.cpp      |  46 +++
- 7 files changed, 185 insertions(+), 143 deletions(-)
- create mode 100644 intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/uunistd.cpp
-
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/Makefile b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/Makefile
-index b79649e..6b91d1c 100644
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/Makefile
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/Makefile
-@@ -51,6 +51,7 @@ sgxssl_no_mitigation:
- clean:
- 	$(MAKE) -C sgx/ clean
- 	rm -rf $(PACKAGE_LIB)/$(OPENSSL_LIB) $(PACKAGE_INC)/openssl/
-+	rm -rf $(PACKAGE_LIB)/$(OPENSSL_SSL_LIB)
- 	rm -rf $(PACKAGE_LIB)/cve_2020_0551_load
- 	rm -rf $(PACKAGE_LIB)/cve_2020_0551_cf
- 
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh
-index a70ddf1..4c5b999 100755
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh
-@@ -68,8 +68,10 @@ sed -i '/OPENSSL_die("assertion failed/d' $OPENSSL_VERSION/include/openssl/crypt
- fi
- 
- OUTPUT_LIB=libsgx_tsgxssl_crypto.a
-+OUTPUT_SSLLIB=libsgx_tsgxssl_ssl.a
- if [[ $# -gt 0 ]] && [[ $1 == "debug" || $2 == "debug" || $3 == "debug" || $4 == "debug" ]] ; then
- 	OUTPUT_LIB=libsgx_tsgxssl_cryptod.a
-+        OUTPUT_SSLLIB=libsgx_tsgxssl_ssld.a
-     ADDITIONAL_CONF="-g "
- fi
- 
-@@ -153,8 +155,9 @@ then
-     cp $SGXSSL_ROOT/../openssl_source/Linux/x86_64cpuid.s       ./crypto/x86_64cpuid.s
- fi
- 
--make libcrypto.a || exit 1
-+make libcrypto.a libssl.a || exit 1
- cp libcrypto.a $SGXSSL_ROOT/package/lib64/$OUTPUT_LIB || exit 1
-+cp libssl.a $SGXSSL_ROOT/package/lib64/$OUTPUT_SSLLIB || exit 1
- objcopy --rename-section .init=Q6A8dc14f40efc4288a03b32cba4e $SGXSSL_ROOT/package/lib64/$OUTPUT_LIB || exit 1
- cp include/openssl/* $SGXSSL_ROOT/package/include/openssl/ || exit 1
- exit 0
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl
-index cbc4888..3ad91d8 100644
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl
-@@ -37,6 +37,8 @@ enclave {
-     
-     untrusted {
-     	 void u_sgxssl_ftime([out, size=timeb_len] void * timeptr, uint32_t timeb_len);
-+         int ocall_cc_read(int fd, [out, size = buf_len] void *buf, size_t buf_len);
-+         int ocall_cc_write(int fd, [in, size = buf_len] const void *buf, size_t buf_len);
-     };
- 
-     trusted {
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/buildenv.mk b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/buildenv.mk
-index cd8818e..7cd794c 100644
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/buildenv.mk
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/buildenv.mk
-@@ -73,11 +73,13 @@ endif
- ifeq ($(DEBUG), 1)
- 	OBJDIR := debug
- 	OPENSSL_LIB := libsgx_tsgxssl_cryptod.a
-+	OPENSSL_SSL_LIB := libsgx_tsgxssl_ssld.a
- 	TRUSTED_LIB := libsgx_tsgxssld.a
- 	UNTRUSTED_LIB := libsgx_usgxssld.a
- else
- 	OBJDIR := release
- 	OPENSSL_LIB := libsgx_tsgxssl_crypto.a
-+	OPENSSL_SSL_LIB := libsgx_tsgxssl_ssl.a
- 	TRUSTED_LIB := libsgx_tsgxssl.a
- 	UNTRUSTED_LIB := libsgx_usgxssl.a
- endif
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tcommon.h b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tcommon.h
-index 4d64d23..7dbbfd1 100644
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tcommon.h
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tcommon.h
-@@ -40,6 +40,7 @@
- #include "tdefines.h"
- #include "tSgxSSL_api.h"
- 
-+#define CC_SSL_SUCCESS 0
- 
- //#define DO_SGX_LOG
- #define DO_SGX_WARN
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tunistd.cpp b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tunistd.cpp
-index b6cdd39..d7aba27 100644
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tunistd.cpp
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tunistd.cpp
-@@ -1,143 +1,130 @@
--/*
-- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- *   * Redistributions of source code must retain the above copyright
-- *     notice, this list of conditions and the following disclaimer.
-- *   * Redistributions in binary form must reproduce the above copyright
-- *     notice, this list of conditions and the following disclaimer in
-- *     the documentation and/or other materials provided with the
-- *     distribution.
-- *   * Neither the name of Intel Corporation nor the names of its
-- *     contributors may be used to endorse or promote products derived
-- *     from this software without specific prior written permission.
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-- *
-- */
--
--#include "sgx_tsgxssl_t.h"
--#include "tcommon.h"
--
--#define FAKE_PIPE_READ_FD	0xFAFAFAFALL
--#define FAKE_PIPE_WRITE_FD	0xFBFBFBFBLL
--
--#define ENCLAVE_PAGE_SIZE	0x1000	// 4096 B
--
--extern "C" {
--
--int sgxssl_pipe (int pipefd[2])
--{
--	FSTART;
--
--	// The function is used only by the engines/e_dasync.c (dummy async engine).
--	// Adding fake implementation only to be able to distinguish pipe read/write from socket read/write
--	pipefd[0] = FAKE_PIPE_READ_FD;
--	pipefd[1] = FAKE_PIPE_WRITE_FD;
--
--	FEND;
--
--	// On error, -1 is returned, and errno is set appropriately
--	return 0;
--}
--
--size_t sgxssl_write (int fd, const void *buf, size_t n)
--{
--	FSTART;
--
--	if (fd == FAKE_PIPE_WRITE_FD) {
--		// With pipes the function is used only by the engines/e_dasync.c (dummy async engine).
--		SGX_UNSUPPORTED_FUNCTION(SET_ERRNO);
--
--		FEND;
--		// On error, -1 is returned, and errno is set appropriately
--		return -1;
--	}
--
--	// In addition, the function is used by bss_sock.c as writesocket function.
--	// It is unreachable under the assumption that TLS support is not required.
--	// Otherwise should be implemented as OCALL.
--	SGX_UNREACHABLE_CODE(SET_ERRNO);
--	FEND;
--
--	return -1;
--
--}
--
--size_t sgxssl_read(int fd, void *buf, size_t count)
--{
--	FSTART;
--
--	if (fd == FAKE_PIPE_READ_FD) {
--		// With pipes the function is used only by the engines/e_dasync.c (dummy async engine).
--		SGX_UNSUPPORTED_FUNCTION(SET_ERRNO);
--
--		FEND;
--		// On error, -1 is returned, and errno is set appropriately
--		return -1;
--	}
--
--	// In addition, the function is used by bss_sock.c as readsocket function.
--	// It is unreachable under the assumption that TLS support is not required.
--	// Otherwise should be implemented as OCALL.
--	SGX_UNREACHABLE_CODE(SET_ERRNO);
--	FEND;
--
--	return -1;
--}
--
--// TODO
--int sgxssl_close(int fd)
--{
--	FSTART;
--
--	if (fd == FAKE_PIPE_READ_FD ||
--		fd == FAKE_PIPE_WRITE_FD) {
--		// With pipes the function is used only by the engines/e_dasync.c (dummy async engine).
--		SGX_UNSUPPORTED_FUNCTION(SET_ERRNO);
--
--		FEND;
--		// On error, -1 is returned, and errno is set appropriately
--		return -1;
--	}
--
--	// In addition, the function is used by b_sock2.c as closesocket function.
--	// It is unreachable under the assumption that TLS support is not required.
--	// Otherwise should be implemented as OCALL.
--	SGX_UNREACHABLE_CODE(SET_ERRNO);
--	FEND;
--
--	return -1;
--}
--
--long sgxssl_sysconf(int name)
--{
--	FSTART;
--
--	// Used by mem_sec.c
--	if (name == _SC_PAGESIZE) {
--		return ENCLAVE_PAGE_SIZE;
--	}
--
--	SGX_UNREACHABLE_CODE(SET_ERRNO);
--	FEND;
--
--	return -1;
--}
--
-+/*
-+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ *   * Redistributions of source code must retain the above copyright
-+ *     notice, this list of conditions and the following disclaimer.
-+ *   * Redistributions in binary form must reproduce the above copyright
-+ *     notice, this list of conditions and the following disclaimer in
-+ *     the documentation and/or other materials provided with the
-+ *     distribution.
-+ *   * Neither the name of Intel Corporation nor the names of its
-+ *     contributors may be used to endorse or promote products derived
-+ *     from this software without specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include "sgx_tsgxssl_t.h"
-+#include "tcommon.h"
-+
-+#define FAKE_PIPE_READ_FD	0xFAFAFAFALL
-+#define FAKE_PIPE_WRITE_FD	0xFBFBFBFBLL
-+
-+#define ENCLAVE_PAGE_SIZE	0x1000	// 4096 B
-+
-+extern "C" {
-+
-+int sgxssl_pipe (int pipefd[2])
-+{
-+	FSTART;
-+
-+	// The function is used only by the engines/e_dasync.c (dummy async engine).
-+	// Adding fake implementation only to be able to distinguish pipe read/write from socket read/write
-+	pipefd[0] = FAKE_PIPE_READ_FD;
-+	pipefd[1] = FAKE_PIPE_WRITE_FD;
-+
-+	FEND;
-+
-+	// On error, -1 is returned, and errno is set appropriately
-+	return 0;
-+}
-+
-+size_t sgxssl_write (int fd, const void *buf, size_t n)
-+{
-+    int ret = 0;
-+    int res;
-+
-+    if (fd == FAKE_PIPE_WRITE_FD) {
-+        return -1;
-+    }
-+    
-+    res = ocall_cc_write(&ret, fd, buf, n);
-+    if (res != CC_SSL_SUCCESS) {
-+        return -1;
-+    }
-+    return ret;
-+}
-+
-+size_t sgxssl_read(int fd, void *buf, size_t count)
-+{
-+    int ret = 0;
-+    int res;
-+    
-+    if (fd == FAKE_PIPE_READ_FD) {
-+        return -1;
-+    }
-+
-+    res = ocall_cc_read(&ret, fd, buf, count);
-+    if (res != CC_SSL_SUCCESS) {
-+        return -1;
-+    }
-+    return ret;
-+}
-+
-+// TODO
-+int sgxssl_close(int fd)
-+{
-+	FSTART;
-+
-+	if (fd == FAKE_PIPE_READ_FD ||
-+		fd == FAKE_PIPE_WRITE_FD) {
-+		// With pipes the function is used only by the engines/e_dasync.c (dummy async engine).
-+		SGX_UNSUPPORTED_FUNCTION(SET_ERRNO);
-+
-+		FEND;
-+		// On error, -1 is returned, and errno is set appropriately
-+		return -1;
-+	}
-+
-+	// In addition, the function is used by b_sock2.c as closesocket function.
-+	// It is unreachable under the assumption that TLS support is not required.
-+	// Otherwise should be implemented as OCALL.
-+	SGX_UNREACHABLE_CODE(SET_ERRNO);
-+	FEND;
-+
-+	return -1;
-+}
-+
-+long sgxssl_sysconf(int name)
-+{
-+	FSTART;
-+
-+	// Used by mem_sec.c
-+	if (name == _SC_PAGESIZE) {
-+		return ENCLAVE_PAGE_SIZE;
-+	}
-+
-+	SGX_UNREACHABLE_CODE(SET_ERRNO);
-+	FEND;
-+
-+	return -1;
-+}
-+
- //Process ID is used as RNG entropy, SGXSSL use sgx_get_rand() hence this function is redundant.
- //
- int sgxssl_getpid() {
-@@ -198,5 +185,5 @@ void *sgxssl_opendir(const char *name)
-     return NULL;
- }
- 
--
--} // extern "C"
-+
-+} // extern "C"
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/uunistd.cpp b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/uunistd.cpp
-new file mode 100644
-index 0000000..c2456ba
---- /dev/null
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/uunistd.cpp
-@@ -0,0 +1,46 @@
-+/*
-+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ *   * Redistributions of source code must retain the above copyright
-+ *     notice, this list of conditions and the following disclaimer.
-+ *   * Redistributions in binary form must reproduce the above copyright
-+ *     notice, this list of conditions and the following disclaimer in
-+ *     the documentation and/or other materials provided with the
-+ *     distribution.
-+ *   * Neither the name of Intel Corporation nor the names of its
-+ *     contributors may be used to endorse or promote products derived
-+ *     from this software without specific prior written permission.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <unistd.h>
-+
-+extern "C" {
-+
-+int ocall_cc_read(int fd, void *buf, size_t buf_len)
-+{
-+    return read(fd, buf, buf_len);
-+}
-+
-+int ocall_cc_write(int fd, const void *buf, size_t buf_len)
-+{
-+    return write(fd, buf, buf_len);
-+}
-+
-+}
--- 
-2.27.0
-

0003-modify-for-sp.patch

@@ -1,47 +0,0 @@
-From eddebe3a99d42f0f6b904d32574e30b2ba780847 Mon Sep 17 00:00:00 2001
-From: zgzxx <zhangguangzhi3@huawei.com>
-Date: Sat, 20 Mar 2021 15:45:35 +0800
-Subject: [PATCH] modify for sp
-
-
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/Makefile b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/Makefile
-index 2bf97c8..1501201 100644
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/Makefile
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/Makefile
-@@ -90,7 +90,7 @@ Sgx_tssl_S_Objects := $(addprefix $(OBJDIR)/, $(Sgx_tssl_S_Files:.S=.o))
- 
- Sgx_tssl_Include_Paths := -I. -I$(PACKAGE_INC) -I$(SGX_SDK_INC) -I$(SGX_SDK_INC)/tlibc -I$(LIBCXX_INC)
- 
--Common_C_Cpp_Flags := -DOS_ID=$(OS_ID) $(SGX_COMMON_CFLAGS) -nostdinc -fdata-sections -ffunction-sections -Os -Wl,--gc-sections -fvisibility=hidden -fpie -fpic -fstack-protector -fno-builtin-printf -Wformat -Wformat-security $(Sgx_tssl_Include_Paths)
-+Common_C_Cpp_Flags := -DOS_ID=$(OS_ID) $(SGX_COMMON_CFLAGS) -nostdinc -fdata-sections -ffunction-sections -Os -Wl,--gc-sections -fvisibility=hidden -fpie -fpic -fstack-protector-strong -fno-builtin-printf -Wformat -Wformat-security $(Sgx_tssl_Include_Paths)
- Sgx_tssl_C_Flags := $(Common_C_Cpp_Flags) -Wno-implicit-function-declaration -std=c11 $(MITIGATION_CFLAGS)
- Sgx_tssl_Cpp_Flags := $(Common_C_Cpp_Flags) -std=c++11 -nostdinc++ $(MITIGATION_CFLAGS)
- $(shell mkdir -p $(OBJDIR))
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/Makefile b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/Makefile
-index 5d7e756..ee1f29f 100644
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/Makefile
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/Makefile
-@@ -72,7 +72,7 @@ SGX_EDL_FILE := $(PACKAGE_INCLUDE)/sgx_tsgxssl.edl
- 
- Sgx_ussl_Include_Paths := -I. -I$(SGX_SDK_INC)
- 
--Sgx_ussl_C_Flags := $(SGX_COMMON_CFLAGS) -fpie -fpic -fstack-protector -Wformat -Wformat-security -Wno-attributes $(Sgx_ussl_Include_Paths)
-+Sgx_ussl_C_Flags := $(SGX_COMMON_CFLAGS) -fpie -fpic -fstack-protector-strong -Wformat -Wformat-security -Wno-attributes $(Sgx_ussl_Include_Paths)
- Sgx_ussl_Cpp_Flags := $(Sgx_ussl_C_Flags) -std=c++11
- 
- Sgx_ussl_Cpp_Files := $(wildcard *.cpp)
-diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh
-index 157965d..472988a 100755
---- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh
-+++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh
-@@ -58,6 +58,7 @@ tar xvf $OPENSSL_VERSION.tar.gz || exit 1
-
- # Remove AESBS to support only AESNI and VPAES
- sed -i '/BSAES_ASM/d' $OPENSSL_VERSION/Configure
-+sed -i 's/-Wa,--noexecstack/-Wa,--noexecstack -fstack-protector-strong/' $OPENSSL_VERSION/Configure
-
- ##Space optimization flags.
- SPACE_OPT=
--- 
-2.27.0
-

intel-sgx-ssl.spec

@@ -1,22 +1,20 @@
-%define         openssl_version 1.1.1g
+%define         openssl_version 1.1.1l
 Name:           intel-sgx-ssl
-Version:        2.10
+Version:        2.15.1
-Release:        6
+Release:        1
 Summary:        Intel® Software Guard Extensions SSL
 ExclusiveArch:	x86_64
 License:        OpenSSL and BSD-3-Clause
 URL:            https://github.com/intel/intel-sgx-ssl
-Source0:        https://github.com/intel/intel-sgx-ssl/archive/lin_%{version}_%{openssl_version}.zip
+Source0:        https://github.com/intel/intel-sgx-ssl/archive/intel-sgx-ssl-lin_%{version}_%{openssl_version}.zip
 Source1:        https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_version}.tar.gz
 
-Patch0:         0001-add-ocall-read-write.patch
+Patch0:         0001-Solution_to_issue_ssl_library_is_not_supported.patch
-Patch1:         0002-add-ocall-file-operation-and-getenv.patch 
-Patch2:         0003-modify-for-sp.patch
 
-BuildRequires:  gcc 
+BuildRequires:  gcc gcc-c++
-BuildRequires:	libsgx-launch libsgx-urts sgxsdk
+BuildRequires:	libsgx-launch libsgx-urts sgxsdk perl
 
-Requires:       glibc
+Requires:       glibc sgxsdk >= %{version}-%{release}
 
 %description
 The Intel® Software Guard Extensions SSL (Intel® SGX SSL) cryptographic
@@ -24,7 +22,7 @@ library is intended to provide cryptographic services for
 Intel® Software Guard Extensions (SGX) enclave applications.
 The Intel® SGX SSL cryptographic library is based on the underlying
 OpenSSL* Open Source project, providing a full-strength general purpose
-cryptography library. Supported OpenSSL version is 1.1.1g.
+cryptography library. Supported OpenSSL version is 1.1.1l.
 
 
 %package devel
@@ -40,10 +38,9 @@ Requires:       %{name} = %{version}-%{release}
 
 %prep
 
-%setup -q -n intel-sgx-ssl-lin_2.10_1.1.1g
+%setup -q -n intel-sgx-ssl-lin_%{version}_%{openssl_version}
-%patch0 -p2
+%patch0 -p1
-%patch1 -p2
+
-%patch2 -p2
 %build
 cp %{SOURCE1} openssl_source/
 cd Linux
@@ -64,15 +61,5 @@ cp   License.txt $RPM_BUILD_ROOT/opt/intel/sgxssl/docs/
 /opt/intel/sgxssl/include/*
 
 %changelog
-* Sat Mar 20 2021 zhangguangzhi <zhangguangzhi3@huawei.com> - 2.10-6
+* Thu Dec 9 2021 wangcheng<wangcheng156@huawei.com> - 2.15.1-1
-- modify for sp
-* Mon Feb 22 2021 chenmaodong <chenmaodong@huawei.com> - 2.10-5
-- add ocall file operation and getenv
-* Tue Jan 26 2021 yanlu <yanlu14@huawei.com> - 2.10-4
-- add ocall file operation and getenv
-* Mon Jan 18 2021 yanlu <yanlu14@huawei.com> - 2.10-3
-- add ocall read and write
-* Mon Jan 18 2021 chenmaodong <chenmaodong@huawei.com> - 2.10-2
-- init
-* Tue Dec 29 2020 chenmaodong <chenmaodong@huawei.com> - 2.10-1
 - init