%define         openssl_version 1.1.1l
Name:           intel-sgx-ssl
Version:        2.15.1
Release:        3
Summary:        Intel® Software Guard Extensions SSL
ExclusiveArch:	x86_64
License:        OpenSSL and BSD-3-Clause
URL:            https://github.com/intel/intel-sgx-ssl
Source0:        https://github.com/intel/intel-sgx-ssl/archive/refs/tags/lin_%{version}_%{openssl_version}.zip
Source1:        https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_version}.tar.gz

Patch0:         0001-Solution_to_issue_ssl_library_is_not_supported.patch
Patch1:         adapt-openssl-CVE.patch
Patch2:         backport-CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch
Patch3:         backport-CVE-2022-1292.patch
Patch4:         backport-CVE-2022-2068-Fix-file-operations-in-c_rehash.patch
Patch5:         backport-CVE-2022-0778.patch
Patch6:         backport-CVE-2022-0778_test.patch

BuildRequires:  gcc gcc-c++
BuildRequires:	libsgx-launch libsgx-urts sgxsdk perl

Requires:       glibc sgxsdk >= %{version}-%{release}

%description
The Intel® Software Guard Extensions SSL (Intel® SGX SSL) cryptographic
library is intended to provide cryptographic services for
Intel® Software Guard Extensions (SGX) enclave applications.
The Intel® SGX SSL cryptographic library is based on the underlying
OpenSSL* Open Source project, providing a full-strength general purpose
cryptography library. Supported OpenSSL version is 1.1.1l.


%package devel
Summary:        Development files for intel sgx ssl
Requires:       %{name} = %{version}-%{release}

%description devel
%{summary}.


%package_help
%define debug_package %{nil}

%prep

%setup -q -n intel-sgx-ssl-lin_%{version}_%{openssl_version}
%setup -q -D -T -a 1 -n intel-sgx-ssl-lin_%{version}_%{openssl_version}/openssl_source
%setup -q -D -T -n intel-sgx-ssl-lin_%{version}_%{openssl_version}
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1

%build
cp %{SOURCE1} openssl_source/
cd Linux
make sgxssl_no_mitigation

%install
cd Linux
make install DESTDIR=$RPM_BUILD_ROOT/opt/intel/sgxssl
cp -r package/docs $RPM_BUILD_ROOT/opt/intel/sgxssl/
cp   ../README.md $RPM_BUILD_ROOT/opt/intel/sgxssl/docs/
cp   License.txt $RPM_BUILD_ROOT/opt/intel/sgxssl/docs/

%files
/opt/intel/sgxssl/lib64/*
/opt/intel/sgxssl/docs/*

%files devel
/opt/intel/sgxssl/include/*

%changelog
* Thu Nov 24 2022 wangyu <wangyu283@huawei.com> - 2.15.1-3
- Update the source0 link address.

* Mon Sep 05 2022 wangyu <wangyu283@huawei.com> - 2.15.1-2
- Fix CVE-2022-2068 CVE-2022-0778 CVE-2022-1292 CVE-2022-2097

* Thu Dec 9 2021 wangcheng<wangcheng156@huawei.com> - 2.15.1-1
- init