From 6f819a217a7ca55bc02cad3e0855ee0f3d8b91b0 Mon Sep 17 00:00:00 2001 From: zgzxx Date: Sat, 20 Mar 2021 16:01:49 +0800 Subject: [PATCH] modify for sp --- 0003-modify-for-sp.patch | 47 ++++++++++++++++++++++++++++++++++++++++ intel-sgx-ssl.spec | 8 +++++-- 2 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 0003-modify-for-sp.patch diff --git a/0003-modify-for-sp.patch b/0003-modify-for-sp.patch new file mode 100644 index 0000000..21a2f46 --- /dev/null +++ b/0003-modify-for-sp.patch @@ -0,0 +1,47 @@ +From eddebe3a99d42f0f6b904d32574e30b2ba780847 Mon Sep 17 00:00:00 2001 +From: zgzxx +Date: Sat, 20 Mar 2021 15:45:35 +0800 +Subject: [PATCH] modify for sp + + +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/Makefile b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/Makefile +index 2bf97c8..1501201 100644 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/Makefile ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/Makefile +@@ -90,7 +90,7 @@ Sgx_tssl_S_Objects := $(addprefix $(OBJDIR)/, $(Sgx_tssl_S_Files:.S=.o)) + + Sgx_tssl_Include_Paths := -I. -I$(PACKAGE_INC) -I$(SGX_SDK_INC) -I$(SGX_SDK_INC)/tlibc -I$(LIBCXX_INC) + +-Common_C_Cpp_Flags := -DOS_ID=$(OS_ID) $(SGX_COMMON_CFLAGS) -nostdinc -fdata-sections -ffunction-sections -Os -Wl,--gc-sections -fvisibility=hidden -fpie -fpic -fstack-protector -fno-builtin-printf -Wformat -Wformat-security $(Sgx_tssl_Include_Paths) ++Common_C_Cpp_Flags := -DOS_ID=$(OS_ID) $(SGX_COMMON_CFLAGS) -nostdinc -fdata-sections -ffunction-sections -Os -Wl,--gc-sections -fvisibility=hidden -fpie -fpic -fstack-protector-strong -fno-builtin-printf -Wformat -Wformat-security $(Sgx_tssl_Include_Paths) + Sgx_tssl_C_Flags := $(Common_C_Cpp_Flags) -Wno-implicit-function-declaration -std=c11 $(MITIGATION_CFLAGS) + Sgx_tssl_Cpp_Flags := $(Common_C_Cpp_Flags) -std=c++11 -nostdinc++ $(MITIGATION_CFLAGS) + $(shell mkdir -p $(OBJDIR)) +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/Makefile b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/Makefile +index 5d7e756..ee1f29f 100644 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/Makefile ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/Makefile +@@ -72,7 +72,7 @@ SGX_EDL_FILE := $(PACKAGE_INCLUDE)/sgx_tsgxssl.edl + + Sgx_ussl_Include_Paths := -I. -I$(SGX_SDK_INC) + +-Sgx_ussl_C_Flags := $(SGX_COMMON_CFLAGS) -fpie -fpic -fstack-protector -Wformat -Wformat-security -Wno-attributes $(Sgx_ussl_Include_Paths) ++Sgx_ussl_C_Flags := $(SGX_COMMON_CFLAGS) -fpie -fpic -fstack-protector-strong -Wformat -Wformat-security -Wno-attributes $(Sgx_ussl_Include_Paths) + Sgx_ussl_Cpp_Flags := $(Sgx_ussl_C_Flags) -std=c++11 + + Sgx_ussl_Cpp_Files := $(wildcard *.cpp) +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh +index 157965d..472988a 100755 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh +@@ -58,6 +58,7 @@ tar xvf $OPENSSL_VERSION.tar.gz || exit 1 + + # Remove AESBS to support only AESNI and VPAES + sed -i '/BSAES_ASM/d' $OPENSSL_VERSION/Configure ++sed -i 's/-Wa,--noexecstack/-Wa,--noexecstack -fstack-protector-strong/' $OPENSSL_VERSION/Configure + + ##Space optimization flags. + SPACE_OPT= +-- +2.27.0 + diff --git a/intel-sgx-ssl.spec b/intel-sgx-ssl.spec index 09670f6..afe2823 100644 --- a/intel-sgx-ssl.spec +++ b/intel-sgx-ssl.spec @@ -1,7 +1,7 @@ %define openssl_version 1.1.1g Name: intel-sgx-ssl Version: 2.10 -Release: 5 +Release: 6 Summary: IntelĀ® Software Guard Extensions SSL ExclusiveArch: x86_64 License: OpenSSL and BSD-3-Clause @@ -11,9 +11,10 @@ Source1: https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_versi Patch0: 0001-add-ocall-read-write.patch Patch1: 0002-add-ocall-file-operation-and-getenv.patch +Patch2: 0003-modify-for-sp.patch BuildRequires: gcc -BuildRequires: libsgx-launch libsgx-urts linux-sgx-sdk +BuildRequires: libsgx-launch libsgx-urts sgxsdk Requires: glibc @@ -42,6 +43,7 @@ Requires: %{name} = %{version}-%{release} %setup -q -n intel-sgx-ssl-lin_2.10_1.1.1g %patch0 -p2 %patch1 -p2 +%patch2 -p2 %build cp %{SOURCE1} openssl_source/ cd Linux @@ -62,6 +64,8 @@ cp License.txt $RPM_BUILD_ROOT/opt/intel/sgxssl/docs/ /opt/intel/sgxssl/include/* %changelog +* Sat Mar 20 2021 zhangguangzhi - 2.10-6 +- modify for sp * Mon Feb 22 2021 chenmaodong - 2.10-5 - add ocall file operation and getenv * Tue Jan 26 2021 yanlu - 2.10-4