From c7dbf551fbbb8d3fd396299ae03efeced54e5bd7 Mon Sep 17 00:00:00 2001 From: yanlu Date: Mon, 18 Jan 2021 16:16:18 +0800 Subject: [PATCH 1/3] add ocall read and write remove commented code --- 0001-add-ocall-read-write.patch | 435 ++++++++++++++++++++++++++++++++ intel-sgx-ssl.spec | 9 +- 2 files changed, 442 insertions(+), 2 deletions(-) create mode 100644 0001-add-ocall-read-write.patch diff --git a/0001-add-ocall-read-write.patch b/0001-add-ocall-read-write.patch new file mode 100644 index 0000000..deb0c40 --- /dev/null +++ b/0001-add-ocall-read-write.patch @@ -0,0 +1,435 @@ +From 7b20f1fee1c7a437274870c0015435d7f5adcb03 Mon Sep 17 00:00:00 2001 +From: yanlu +Date: Mon, 18 Jan 2021 19:24:32 +0800 +Subject: [PATCH] add ocall read write + +--- + intel-sgx-ssl-lin_2.10_1.1.1g/Linux/Makefile | 1 + + .../Linux/build_openssl.sh | 5 +- + .../Linux/package/include/sgx_tsgxssl.edl | 2 + + .../Linux/sgx/buildenv.mk | 2 + + .../Linux/sgx/libsgx_tsgxssl/tcommon.h | 1 + + .../Linux/sgx/libsgx_tsgxssl/tunistd.cpp | 271 +++++++++--------- + .../Linux/sgx/libsgx_usgxssl/uunistd.cpp | 46 +++ + 7 files changed, 185 insertions(+), 143 deletions(-) + create mode 100644 intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/uunistd.cpp + +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/Makefile b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/Makefile +index b79649e..6b91d1c 100644 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/Makefile ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/Makefile +@@ -51,6 +51,7 @@ sgxssl_no_mitigation: + clean: + $(MAKE) -C sgx/ clean + rm -rf $(PACKAGE_LIB)/$(OPENSSL_LIB) $(PACKAGE_INC)/openssl/ ++ rm -rf $(PACKAGE_LIB)/$(OPENSSL_SSL_LIB) + rm -rf $(PACKAGE_LIB)/cve_2020_0551_load + rm -rf $(PACKAGE_LIB)/cve_2020_0551_cf + +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh +index a70ddf1..4c5b999 100755 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh +@@ -68,8 +68,10 @@ sed -i '/OPENSSL_die("assertion failed/d' $OPENSSL_VERSION/include/openssl/crypt + fi + + OUTPUT_LIB=libsgx_tsgxssl_crypto.a ++OUTPUT_SSLLIB=libsgx_tsgxssl_ssl.a + if [[ $# -gt 0 ]] && [[ $1 == "debug" || $2 == "debug" || $3 == "debug" || $4 == "debug" ]] ; then + OUTPUT_LIB=libsgx_tsgxssl_cryptod.a ++ OUTPUT_SSLLIB=libsgx_tsgxssl_ssld.a + ADDITIONAL_CONF="-g " + fi + +@@ -153,8 +155,9 @@ then + cp $SGXSSL_ROOT/../openssl_source/Linux/x86_64cpuid.s ./crypto/x86_64cpuid.s + fi + +-make libcrypto.a || exit 1 ++make libcrypto.a libssl.a || exit 1 + cp libcrypto.a $SGXSSL_ROOT/package/lib64/$OUTPUT_LIB || exit 1 ++cp libssl.a $SGXSSL_ROOT/package/lib64/$OUTPUT_SSLLIB || exit 1 + objcopy --rename-section .init=Q6A8dc14f40efc4288a03b32cba4e $SGXSSL_ROOT/package/lib64/$OUTPUT_LIB || exit 1 + cp include/openssl/* $SGXSSL_ROOT/package/include/openssl/ || exit 1 + exit 0 +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl +index cbc4888..3ad91d8 100644 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl +@@ -37,6 +37,8 @@ enclave { + + untrusted { + void u_sgxssl_ftime([out, size=timeb_len] void * timeptr, uint32_t timeb_len); ++ int ocall_cc_read(int fd, [out, size = buf_len] void *buf, size_t buf_len); ++ int ocall_cc_write(int fd, [in, size = buf_len] const void *buf, size_t buf_len); + }; + + trusted { +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/buildenv.mk b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/buildenv.mk +index cd8818e..7cd794c 100644 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/buildenv.mk ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/buildenv.mk +@@ -73,11 +73,13 @@ endif + ifeq ($(DEBUG), 1) + OBJDIR := debug + OPENSSL_LIB := libsgx_tsgxssl_cryptod.a ++ OPENSSL_SSL_LIB := libsgx_tsgxssl_ssld.a + TRUSTED_LIB := libsgx_tsgxssld.a + UNTRUSTED_LIB := libsgx_usgxssld.a + else + OBJDIR := release + OPENSSL_LIB := libsgx_tsgxssl_crypto.a ++ OPENSSL_SSL_LIB := libsgx_tsgxssl_ssl.a + TRUSTED_LIB := libsgx_tsgxssl.a + UNTRUSTED_LIB := libsgx_usgxssl.a + endif +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tcommon.h b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tcommon.h +index 4d64d23..7dbbfd1 100644 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tcommon.h ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tcommon.h +@@ -40,6 +40,7 @@ + #include "tdefines.h" + #include "tSgxSSL_api.h" + ++#define CC_SSL_SUCCESS 0 + + //#define DO_SGX_LOG + #define DO_SGX_WARN +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tunistd.cpp b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tunistd.cpp +index b6cdd39..d7aba27 100644 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tunistd.cpp ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tunistd.cpp +@@ -1,143 +1,130 @@ +-/* +- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * * Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * * Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * * Neither the name of Intel Corporation nor the names of its +- * contributors may be used to endorse or promote products derived +- * from this software without specific prior written permission. +- * +- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- * +- */ +- +-#include "sgx_tsgxssl_t.h" +-#include "tcommon.h" +- +-#define FAKE_PIPE_READ_FD 0xFAFAFAFALL +-#define FAKE_PIPE_WRITE_FD 0xFBFBFBFBLL +- +-#define ENCLAVE_PAGE_SIZE 0x1000 // 4096 B +- +-extern "C" { +- +-int sgxssl_pipe (int pipefd[2]) +-{ +- FSTART; +- +- // The function is used only by the engines/e_dasync.c (dummy async engine). +- // Adding fake implementation only to be able to distinguish pipe read/write from socket read/write +- pipefd[0] = FAKE_PIPE_READ_FD; +- pipefd[1] = FAKE_PIPE_WRITE_FD; +- +- FEND; +- +- // On error, -1 is returned, and errno is set appropriately +- return 0; +-} +- +-size_t sgxssl_write (int fd, const void *buf, size_t n) +-{ +- FSTART; +- +- if (fd == FAKE_PIPE_WRITE_FD) { +- // With pipes the function is used only by the engines/e_dasync.c (dummy async engine). +- SGX_UNSUPPORTED_FUNCTION(SET_ERRNO); +- +- FEND; +- // On error, -1 is returned, and errno is set appropriately +- return -1; +- } +- +- // In addition, the function is used by bss_sock.c as writesocket function. +- // It is unreachable under the assumption that TLS support is not required. +- // Otherwise should be implemented as OCALL. +- SGX_UNREACHABLE_CODE(SET_ERRNO); +- FEND; +- +- return -1; +- +-} +- +-size_t sgxssl_read(int fd, void *buf, size_t count) +-{ +- FSTART; +- +- if (fd == FAKE_PIPE_READ_FD) { +- // With pipes the function is used only by the engines/e_dasync.c (dummy async engine). +- SGX_UNSUPPORTED_FUNCTION(SET_ERRNO); +- +- FEND; +- // On error, -1 is returned, and errno is set appropriately +- return -1; +- } +- +- // In addition, the function is used by bss_sock.c as readsocket function. +- // It is unreachable under the assumption that TLS support is not required. +- // Otherwise should be implemented as OCALL. +- SGX_UNREACHABLE_CODE(SET_ERRNO); +- FEND; +- +- return -1; +-} +- +-// TODO +-int sgxssl_close(int fd) +-{ +- FSTART; +- +- if (fd == FAKE_PIPE_READ_FD || +- fd == FAKE_PIPE_WRITE_FD) { +- // With pipes the function is used only by the engines/e_dasync.c (dummy async engine). +- SGX_UNSUPPORTED_FUNCTION(SET_ERRNO); +- +- FEND; +- // On error, -1 is returned, and errno is set appropriately +- return -1; +- } +- +- // In addition, the function is used by b_sock2.c as closesocket function. +- // It is unreachable under the assumption that TLS support is not required. +- // Otherwise should be implemented as OCALL. +- SGX_UNREACHABLE_CODE(SET_ERRNO); +- FEND; +- +- return -1; +-} +- +-long sgxssl_sysconf(int name) +-{ +- FSTART; +- +- // Used by mem_sec.c +- if (name == _SC_PAGESIZE) { +- return ENCLAVE_PAGE_SIZE; +- } +- +- SGX_UNREACHABLE_CODE(SET_ERRNO); +- FEND; +- +- return -1; +-} +- ++/* ++ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * * Neither the name of Intel Corporation nor the names of its ++ * contributors may be used to endorse or promote products derived ++ * from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include "sgx_tsgxssl_t.h" ++#include "tcommon.h" ++ ++#define FAKE_PIPE_READ_FD 0xFAFAFAFALL ++#define FAKE_PIPE_WRITE_FD 0xFBFBFBFBLL ++ ++#define ENCLAVE_PAGE_SIZE 0x1000 // 4096 B ++ ++extern "C" { ++ ++int sgxssl_pipe (int pipefd[2]) ++{ ++ FSTART; ++ ++ // The function is used only by the engines/e_dasync.c (dummy async engine). ++ // Adding fake implementation only to be able to distinguish pipe read/write from socket read/write ++ pipefd[0] = FAKE_PIPE_READ_FD; ++ pipefd[1] = FAKE_PIPE_WRITE_FD; ++ ++ FEND; ++ ++ // On error, -1 is returned, and errno is set appropriately ++ return 0; ++} ++ ++size_t sgxssl_write (int fd, const void *buf, size_t n) ++{ ++ int ret = 0; ++ int res; ++ ++ if (fd == FAKE_PIPE_WRITE_FD) { ++ return -1; ++ } ++ ++ res = ocall_cc_write(&ret, fd, buf, n); ++ if (res != CC_SSL_SUCCESS) { ++ return -1; ++ } ++ return ret; ++} ++ ++size_t sgxssl_read(int fd, void *buf, size_t count) ++{ ++ int ret = 0; ++ int res; ++ ++ if (fd == FAKE_PIPE_READ_FD) { ++ return -1; ++ } ++ ++ res = ocall_cc_read(&ret, fd, buf, count); ++ if (res != CC_SSL_SUCCESS) { ++ return -1; ++ } ++ return ret; ++} ++ ++// TODO ++int sgxssl_close(int fd) ++{ ++ FSTART; ++ ++ if (fd == FAKE_PIPE_READ_FD || ++ fd == FAKE_PIPE_WRITE_FD) { ++ // With pipes the function is used only by the engines/e_dasync.c (dummy async engine). ++ SGX_UNSUPPORTED_FUNCTION(SET_ERRNO); ++ ++ FEND; ++ // On error, -1 is returned, and errno is set appropriately ++ return -1; ++ } ++ ++ // In addition, the function is used by b_sock2.c as closesocket function. ++ // It is unreachable under the assumption that TLS support is not required. ++ // Otherwise should be implemented as OCALL. ++ SGX_UNREACHABLE_CODE(SET_ERRNO); ++ FEND; ++ ++ return -1; ++} ++ ++long sgxssl_sysconf(int name) ++{ ++ FSTART; ++ ++ // Used by mem_sec.c ++ if (name == _SC_PAGESIZE) { ++ return ENCLAVE_PAGE_SIZE; ++ } ++ ++ SGX_UNREACHABLE_CODE(SET_ERRNO); ++ FEND; ++ ++ return -1; ++} ++ + //Process ID is used as RNG entropy, SGXSSL use sgx_get_rand() hence this function is redundant. + // + int sgxssl_getpid() { +@@ -198,5 +185,5 @@ void *sgxssl_opendir(const char *name) + return NULL; + } + +- +-} // extern "C" ++ ++} // extern "C" +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/uunistd.cpp b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/uunistd.cpp +new file mode 100644 +index 0000000..c2456ba +--- /dev/null ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/uunistd.cpp +@@ -0,0 +1,46 @@ ++/* ++ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * * Neither the name of Intel Corporation nor the names of its ++ * contributors may be used to endorse or promote products derived ++ * from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++ ++extern "C" { ++ ++int ocall_cc_read(int fd, void *buf, size_t buf_len) ++{ ++ return read(fd, buf, buf_len); ++} ++ ++int ocall_cc_write(int fd, const void *buf, size_t buf_len) ++{ ++ return write(fd, buf, buf_len); ++} ++ ++} +-- +2.27.0 + diff --git a/intel-sgx-ssl.spec b/intel-sgx-ssl.spec index 675ea56..cf59e27 100644 --- a/intel-sgx-ssl.spec +++ b/intel-sgx-ssl.spec @@ -1,7 +1,7 @@ %define openssl_version 1.1.1g Name: intel-sgx-ssl Version: 2.10 -Release: 2 +Release: 3 Summary: Intel® Software Guard Extensions SSL ExclusiveArch: x86_64 License: OpenSSL and BSD 3-clause "New" or "Revised" License @@ -9,6 +9,8 @@ URL: https://github.com/intel/intel-sgx-ssl Source0: https://github.com/intel/intel-sgx-ssl/archive/lin_%{version}_%{openssl_version}.zip Source1: https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_version}.tar.gz +Patch0: 0001-add-ocall-read-write.patch + BuildRequires: gcc BuildRequires: libsgx-launch libsgx-urts linux-sgx-sdk @@ -37,6 +39,7 @@ Requires: %{name} = %{version}-%{release} %prep %setup -q -n intel-sgx-ssl-lin_2.10_1.1.1g +%patch0 -p2 %build cp %{SOURCE1} openssl_source/ cd Linux @@ -57,7 +60,9 @@ cp License.txt $RPM_BUILD_ROOT/opt/intel/sgxssl/docs/ /opt/intel/sgxssl/include/* %changelog +* Mon Jan 18 2021 yanlu - 2.10-3 +- add ocall read and write * Mon Jan 18 2021 chenmaodong - 2.10-2 - init -* Thu Dec 29 2020 chenmaodong - 2.10-1 +* Tue Dec 29 2020 chenmaodong - 2.10-1 - init -- Gitee From 5b47607f145ba6077bce63d3f9e411961f646691 Mon Sep 17 00:00:00 2001 From: yanlu Date: Tue, 26 Jan 2021 11:28:24 +0800 Subject: [PATCH 2/3] add ocall file operation and getenv --- ...-add-ocall-file-operation-and-getenv.patch | 700 ++++++++++++++++++ intel-sgx-ssl.spec | 8 +- 2 files changed, 706 insertions(+), 2 deletions(-) create mode 100644 0002-add-ocall-file-operation-and-getenv.patch diff --git a/0002-add-ocall-file-operation-and-getenv.patch b/0002-add-ocall-file-operation-and-getenv.patch new file mode 100644 index 0000000..931d779 --- /dev/null +++ b/0002-add-ocall-file-operation-and-getenv.patch @@ -0,0 +1,700 @@ +From 05d61201781597f53cb7dfcd9508ac0141315131 Mon Sep 17 00:00:00 2001 +From: yanlu +Date: Tue, 26 Jan 2021 11:24:43 +0800 +Subject: [PATCH] add ocall file operation and getenv + +--- + .../Linux/build_openssl.sh | 2 +- + .../Linux/package/include/sgx_tsgxssl.edl | 12 + + .../Linux/package/include/tsgxsslio.h | 8 +- + .../Linux/sgx/libsgx_tsgxssl/tstdio.cpp | 339 +++++++++++++++--- + .../Linux/sgx/libsgx_tsgxssl/tstdlib.cpp | 48 +-- + .../Linux/sgx/libsgx_usgxssl/ustdio.cpp | 96 +++++ + .../Linux/sgx/libsgx_usgxssl/ustdlib.cpp | 61 ++++ + .../sgx/test_app/enclave/tests/stdio_func.c | 4 +- + .../openssl_source/bypass_to_sgxssl.h | 10 +- + 9 files changed, 483 insertions(+), 97 deletions(-) + create mode 100644 intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdio.cpp + create mode 100644 intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdlib.cpp + +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh +index 4c5b999..157965d 100755 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh +@@ -133,7 +133,7 @@ cp sgx_config.conf $OPENSSL_VERSION/ || exit 1 + cp x86_64-xlate.pl $OPENSSL_VERSION/crypto/perlasm/ || exit 1 + + cd $SGXSSL_ROOT/../openssl_source/$OPENSSL_VERSION || exit 1 +-perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-hw no-dso no-shared no-ssl3 no-md2 no-md4 no-ui no-stdio no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h --prefix=$OPENSSL_INSTALL_DIR || exit 1 ++perl Configure --config=sgx_config.conf sgx-linux-x86_64 --with-rand-seed=none $ADDITIONAL_CONF $SPACE_OPT $MITIGATION_FLAGS no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-hw no-dso no-shared no-ssl3 no-md2 no-md4 no-ui no-afalgeng -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -include$SGXSSL_ROOT/../openssl_source/bypass_to_sgxssl.h -include$SGXSSL_ROOT/../Linux/package/include/tsgxsslio.h --prefix=$OPENSSL_INSTALL_DIR || exit 1 + + make build_all_generated || exit 1 + +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl +index 3ad91d8..74dbdde 100644 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/sgx_tsgxssl.edl +@@ -39,6 +39,18 @@ enclave { + void u_sgxssl_ftime([out, size=timeb_len] void * timeptr, uint32_t timeb_len); + int ocall_cc_read(int fd, [out, size = buf_len] void *buf, size_t buf_len); + int ocall_cc_write(int fd, [in, size = buf_len] const void *buf, size_t buf_len); ++ int ocall_cc_getenv([in, size = name_len] const char *name, size_t name_len, [out, size = buf_len] void *buf, int buf_len, [out] int *need_len); ++ uint64_t ocall_cc_fopen([in, size = filename_len] const char *filename, size_t filename_len, [in, size = mode_len] const char *mode, size_t mode_len); ++ int ocall_cc_fclose(uint64_t fp); ++ int ocall_cc_ferror(uint64_t fp); ++ int ocall_cc_feof(uint64_t fp); ++ int ocall_cc_fflush(uint64_t fp); ++ long ocall_cc_ftell(uint64_t fp); ++ int ocall_cc_fseek(uint64_t fp, long offset, int origin); ++ size_t ocall_cc_fread([out, size = total_size] void *buf, size_t total_size, size_t element_size, size_t cnt, uint64_t fp); ++ size_t ocall_cc_fwrite([in, size = total_size] const void *buf, size_t total_size, size_t element_size, size_t cnt, uint64_t fp); ++ int ocall_cc_fgets([out, size = max_cnt] char *str, int max_cnt, uint64_t fp); ++ int ocall_cc_fputs([in, size = total_size] const char *str, size_t total_size, uint64_t fp); + }; + + trusted { +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/tsgxsslio.h b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/tsgxsslio.h +index a200a17..8f9e35b 100644 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/tsgxsslio.h ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/package/include/tsgxsslio.h +@@ -32,6 +32,12 @@ + #ifndef _TSGXSSL_IO_H_ + #define _TSGXSSL_IO_H_ + +-typedef void FILE; ++#include ++ ++#undef stdout ++#define stdout ((void*)1) ++#undef stderr ++#define stderr ((void*)2) ++typedef struct _IO_FILE FILE; + + #endif // _TSGXSSL_IO_H_ +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdio.cpp b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdio.cpp +index ebb8abb..1e6d8bc 100644 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdio.cpp ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdio.cpp +@@ -1,55 +1,284 @@ +-/* +- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * * Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * * Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * * Neither the name of Intel Corporation nor the names of its +- * contributors may be used to endorse or promote products derived +- * from this software without specific prior written permission. +- * +- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- * +- */ +- +-#include +-#include "tcommon.h" +-#include "sgx_tsgxssl_t.h" +-#include "tSgxSSL_api.h" +- +-extern PRINT_TO_STDOUT_STDERR_CB s_print_cb; +- +-extern "C" { +- +-int sgx_print(const char *format, ...) +-{ +- if (s_print_cb != NULL) { +- va_list vl; +- va_start(vl, format); +- int res = s_print_cb(STREAM_STDOUT, format, vl); +- va_end(vl); +- +- return res; +- } +- +- return 0; +-} +- +-} ++/* ++ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * * Neither the name of Intel Corporation nor the names of its ++ * contributors may be used to endorse or promote products derived ++ * from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#include "tcommon.h" ++#include "sgx_tsgxssl_t.h" ++#include "tSgxSSL_api.h" ++#include "tsgxsslio.h" ++ ++extern PRINT_TO_STDOUT_STDERR_CB s_print_cb; ++ ++extern "C" { ++ ++int print_with_cb(void* fp, const char* fmt, __va_list vl) ++{ ++ int res = -1; ++ ++ if (fp == NULL || s_print_cb == NULL) { ++ return -1; ++ } ++ int stream = -1; ++ if (fp == stdout) { ++ stream = STREAM_STDOUT; ++ } else if (fp == stderr) { ++ stream = STREAM_STDERR; ++ } else { ++ // This function is called only when fp is one of the internally implemented stdout/stderr. ++ return res; ++ } ++ res = s_print_cb((Stream_t)stream, fmt, vl); ++ return res; ++} ++ ++void *sgxssl_fopen(const char *filename, const char *mode) ++{ ++ uint64_t ret = 0; ++ int res; ++ ++ if (filename == NULL || mode == NULL) { ++ return NULL; ++ } ++ ++ res = ocall_cc_fopen(&ret, filename, strlen(filename) + 1, mode, strlen(mode) + 1); ++ if (res != CC_SSL_SUCCESS) { ++ return NULL; ++ } ++ return (void *)ret; ++} ++ ++int sgxssl_fclose(void *fp) ++{ ++ int ret = -1; ++ int res; ++ ++ if (fp == NULL) { ++ return -1; ++ } ++ ++ res = ocall_cc_fclose(&ret, (uint64_t)fp); ++ if (res != CC_SSL_SUCCESS) { ++ return -1; ++ } ++ return ret; ++} ++ ++int sgxssl_ferror(void *fp) ++{ ++ int ret = -1; ++ int res; ++ ++ if (fp == NULL) { ++ return -1; ++ } ++ ++ res = ocall_cc_ferror(&ret, (uint64_t)fp); ++ if (res != CC_SSL_SUCCESS) { ++ return -1; ++ } ++ return ret; ++} ++ ++int sgxssl_feof(void *fp) ++{ ++ int ret = 0; ++ int res; ++ ++ if (fp == NULL) { ++ return 0; ++ } ++ ++ res = ocall_cc_feof(&ret, (uint64_t)fp); ++ if (res != CC_SSL_SUCCESS) { ++ return 0; ++ } ++ return ret; ++} ++ ++int sgxssl_fflush(void *fp) ++{ ++ int ret = -1; ++ int res; ++ ++ if (fp == NULL) { ++ return -1; ++ } ++ ++ res = ocall_cc_fflush(&ret, (uint64_t)fp); ++ if (res != CC_SSL_SUCCESS) { ++ return -1; ++ } ++ return ret; ++} ++ ++long sgxssl_ftell(void *fp) ++{ ++ long ret = -1; ++ int res; ++ ++ if (fp == NULL) { ++ return -1; ++ } ++ ++ res = ocall_cc_ftell(&ret, (uint64_t)fp); ++ if (res != CC_SSL_SUCCESS) { ++ return -1; ++ } ++ return ret; ++} ++ ++int sgxssl_fseek(void *fp, long offset, int origin) ++{ ++ int ret = -1; ++ int res; ++ ++ if (fp == NULL) { ++ return -1; ++ } ++ ++ res = ocall_cc_fseek(&ret, (uint64_t)fp, offset, origin); ++ if (res != CC_SSL_SUCCESS) { ++ return -1; ++ } ++ return ret; ++} ++ ++ ++int sgxssl_fprintf(void *fp, const char *format, ...) ++{ ++ if (s_print_cb != NULL) { ++ va_list vl; ++ va_start(vl, format); ++ int res = print_with_cb(fp, format, vl); ++ va_end(vl); ++ ++ return res; ++ } ++ ++ return -1; ++} ++ ++int sgxssl_vfprintf(void *fp, const char *format, va_list vl) ++{ ++ if (s_print_cb != NULL) { ++ int res = print_with_cb(fp, format, vl); ++ return res; ++ } ++ ++ return -1; ++} ++ ++size_t sgxssl_fread(void *dest, size_t element_size, size_t cnt, void *fp) ++{ ++ size_t ret = 0; ++ int res; ++ ++ if (fp == NULL || dest == NULL || element_size == 0 || cnt == 0) { ++ return 0; ++ } ++ if (element_size > (SIZE_MAX - 1) / cnt + 1) { ++ return 0; ++ } ++ ++ res = ocall_cc_fread(&ret, dest, element_size * cnt, element_size, cnt, (uint64_t)fp); ++ if (res != CC_SSL_SUCCESS) { ++ return 0; ++ } ++ return ret; ++} ++ ++size_t sgxssl_fwrite(const void *src, size_t element_size, size_t cnt, void *fp) ++{ ++ size_t ret = 0; ++ int res; ++ ++ if (fp == NULL || src == NULL || element_size == 0 || cnt == 0) { ++ return 0; ++ } ++ if (element_size > (SIZE_MAX - 1) / cnt + 1) { ++ return 0; ++ } ++ ++ res = ocall_cc_fwrite(&ret, src, element_size * cnt, element_size, cnt, (uint64_t)fp); ++ if (res != CC_SSL_SUCCESS) { ++ return 0; ++ } ++ return ret; ++} ++ ++char *sgxssl_fgets(char *dest, int max_cnt, void *fp) ++{ ++ int ret = -1; ++ int res; ++ ++ if (fp == NULL || dest == NULL || max_cnt <= 0) { ++ return NULL; ++ } ++ ++ res = ocall_cc_fgets(&ret, dest, max_cnt, (uint64_t)fp); ++ if (res != CC_SSL_SUCCESS || ret < 0) { ++ return NULL; ++ } ++ return dest; ++} ++ ++int sgxssl_fputs(const char *src, void *fp) ++{ ++ int ret = -1; ++ int res; ++ ++ if (fp == NULL || src == NULL) { ++ return -1; ++ } ++ ++ res = ocall_cc_fputs(&ret, src, strlen(src) + 1, (uint64_t)fp); ++ if (res != CC_SSL_SUCCESS || ret < 0) { ++ return -1; ++ } ++ return ret; ++} ++ ++int sgx_print(const char *format, ...) ++{ ++ if (s_print_cb != NULL) { ++ va_list vl; ++ va_start(vl, format); ++ int res = s_print_cb(STREAM_STDOUT, format, vl); ++ va_end(vl); ++ ++ return res; ++ } ++ ++ return 0; ++} ++ ++} +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdlib.cpp b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdlib.cpp +index c6a8066..9a66c72 100644 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdlib.cpp ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_tsgxssl/tstdlib.cpp +@@ -57,39 +57,25 @@ SGX_ACCESS_VERSION(tssl, 1); + + extern "C" { + ++#define MAX_ENV_BUF_LEN 4096 ++static __thread char t_env_buf[MAX_ENV_BUF_LEN]; ++ + char *sgxssl_getenv(const char *name) + { +- FSTART; +- +- if (name == NULL ) { +- FEND; +- return NULL; +- } +- +- if (!strcmp(name, "OPENSSL_CONF" )) { +- FEND; +- return NULL; +- } +- +- if (!strcmp(name, "OPENSSL_ENGINES" )) { +- FEND; +- return (char *) PATH_DEV_NULL; +- } +- +- if (!strcmp(name, "OPENSSL_ALLOW_PROXY_CERTS" )) { +- FEND; +- return NULL; +- } +- +- if (!strcmp(name, "OPENSSL_ia32cap" )) { +- FEND; +- return NULL; +- } +- +- SGX_UNREACHABLE_CODE(SET_ERRNO); +- +- FEND; +- return NULL; ++ int ret = 0; ++ int res; ++ int buf_len = 0; ++ ++ if (t_env_buf == NULL || MAX_ENV_BUF_LEN <= 0) { ++ return NULL; ++ } ++ ++ memset(t_env_buf, 0, MAX_ENV_BUF_LEN); ++ res = ocall_cc_getenv(&ret, name, strlen(name), t_env_buf, MAX_ENV_BUF_LEN, &buf_len); ++ if (res != CC_SSL_SUCCESS || ret <= 0 || ret != buf_len) { ++ return NULL; ++ } ++ return t_env_buf; + } + + int sgxssl_atexit(void (*function)(void)) +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdio.cpp b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdio.cpp +new file mode 100644 +index 0000000..c4b15f7 +--- /dev/null ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdio.cpp +@@ -0,0 +1,96 @@ ++/* ++ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * * Neither the name of Intel Corporation nor the names of its ++ * contributors may be used to endorse or promote products derived ++ * from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#include ++extern "C" { ++ ++uint64_t ocall_cc_fopen(const char *filename, size_t filename_len, const char *mode, size_t mode_len) ++{ ++ FILE *file_host = fopen(filename, mode); ++ return (uint64_t)file_host; ++} ++ ++int ocall_cc_fclose(uint64_t fp) ++{ ++ return fclose((FILE *)fp); ++} ++ ++int ocall_cc_ferror(uint64_t fp) ++{ ++ return ferror((FILE *)fp); ++} ++ ++int ocall_cc_feof(uint64_t fp) ++{ ++ return feof((FILE *)fp); ++} ++ ++int ocall_cc_fflush(uint64_t fp) ++{ ++ return fflush((FILE *)fp); ++} ++ ++int ocall_cc_ftell(uint64_t fp) ++{ ++ return ftell((FILE *)fp); ++} ++ ++int ocall_cc_fseek(uint64_t fp, long offset, int origin) ++{ ++ return fseek((FILE *)fp, offset, origin); ++} ++ ++size_t ocall_cc_fread(void *buf, size_t total_size, size_t element_size, size_t cnt, uint64_t fp) ++{ ++ return fread(buf, element_size, cnt, (FILE *)fp); ++} ++ ++size_t ocall_cc_fwrite(const void *buf, size_t total_size, size_t element_size, size_t cnt, uint64_t fp) ++{ ++ return fwrite(buf, element_size, cnt, (FILE *)fp); ++} ++ ++int ocall_cc_fgets(char *str, int max_cnt, uint64_t fp) ++{ ++ if (fgets(str, max_cnt, (FILE *)fp) != NULL) { ++ return 0; ++ } else { ++ return -1; ++ } ++} ++ ++int ocall_cc_fputs(const char *str, size_t total_size, uint64_t fp) ++{ ++ return fputs(str, (FILE *)fp); ++} ++} +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdlib.cpp b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdlib.cpp +new file mode 100644 +index 0000000..7467e1d +--- /dev/null ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/libsgx_usgxssl/ustdlib.cpp +@@ -0,0 +1,61 @@ ++/* ++ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * * Neither the name of Intel Corporation nor the names of its ++ * contributors may be used to endorse or promote products derived ++ * from this software without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++ ++extern "C" { ++ ++int ocall_cc_getenv(const char *name, int name_len, void *buf, int buf_len, int *need_len) ++{ ++ char *get_buf = NULL; ++ ++ if (name == NULL || need_len == NULL || buf_len <= 0) { ++ return -1; ++ } ++ ++ get_buf = getenv(name); ++ if (get_buf == NULL) { ++ *need_len = 0; ++ return 0; ++ } ++ *need_len = strlen(get_buf) + 1; ++ if (*need_len > buf_len) { ++ return 0; ++ } ++ if (buf == NULL) { ++ return -1; ++ } ++ memcpy(buf, get_buf, *need_len); ++ return (*need_len); ++} ++ ++} +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/test_app/enclave/tests/stdio_func.c b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/test_app/enclave/tests/stdio_func.c +index 286340e..13de4dd 100644 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/test_app/enclave/tests/stdio_func.c ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/sgx/test_app/enclave/tests/stdio_func.c +@@ -42,7 +42,7 @@ static int print_fp(const char *str, size_t len, void *fp) + printf("%s", str); + return 1; + } +- ++/* + void ERR_print_errors_fp(FILE *fp) + { + ERR_print_errors_cb(print_fp, fp); +@@ -57,4 +57,4 @@ int BN_print_fp(FILE *fp, const BIGNUM *a) + OPENSSL_free(str); + return 1; + } +- ++*/ +diff --git a/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/bypass_to_sgxssl.h b/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/bypass_to_sgxssl.h +index 1c4d025..e938ff1 100644 +--- a/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/bypass_to_sgxssl.h ++++ b/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/bypass_to_sgxssl.h +@@ -181,23 +181,19 @@ + #define mlock sgxssl_mlock + #define madvise sgxssl_madvise + +-/* +-#define fopen64 sgxssl_fopen64 + #define fopen sgxssl_fopen +-#define wfopen sgxssl_wfopen + #define fclose sgxssl_fclose + #define ferror sgxssl_ferror + #define feof sgxssl_feof + #define fflush sgxssl_fflush + #define ftell sgxssl_ftell + #define fseek sgxssl_fseek +-#define fread sgxssl_fread + #define fwrite sgxssl_fwrite +-#define fgets sgxssl_fgets + #define fputs sgxssl_fputs +-#define fileno sgxssl_fileno + #define __fprintf_chk sgxssl_fprintf +-*/ ++#define __vfprintf_chk sgxssl_vfprintf ++#define __fread_alias sgxssl_fread ++#define __fgets_alias sgxssl_fgets + + #if defined(SGXSDK_INT_VERSION) && (SGXSDK_INT_VERSION > 18) + #define _longjmp longjmp +-- +2.27.0 + diff --git a/intel-sgx-ssl.spec b/intel-sgx-ssl.spec index cf59e27..adaa1dc 100644 --- a/intel-sgx-ssl.spec +++ b/intel-sgx-ssl.spec @@ -1,7 +1,7 @@ %define openssl_version 1.1.1g Name: intel-sgx-ssl Version: 2.10 -Release: 3 +Release: 4 Summary: Intel® Software Guard Extensions SSL ExclusiveArch: x86_64 License: OpenSSL and BSD 3-clause "New" or "Revised" License @@ -10,6 +10,7 @@ Source0: https://github.com/intel/intel-sgx-ssl/archive/lin_%{version}_%{ Source1: https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_version}.tar.gz Patch0: 0001-add-ocall-read-write.patch +Patch1: 0002-add-ocall-file-operation-and-getenv.patch BuildRequires: gcc BuildRequires: libsgx-launch libsgx-urts linux-sgx-sdk @@ -40,6 +41,7 @@ Requires: %{name} = %{version}-%{release} %setup -q -n intel-sgx-ssl-lin_2.10_1.1.1g %patch0 -p2 +%patch1 -p2 %build cp %{SOURCE1} openssl_source/ cd Linux @@ -60,7 +62,9 @@ cp License.txt $RPM_BUILD_ROOT/opt/intel/sgxssl/docs/ /opt/intel/sgxssl/include/* %changelog -* Mon Jan 18 2021 yanlu - 2.10-3 +* Tue Jan 26 2021 yanlu - 2.10-4 +- add ocall file operation and getenv +* Mon Jan 18 2021 yanlu - 2.10-3 - add ocall read and write * Mon Jan 18 2021 chenmaodong - 2.10-2 - init -- Gitee From e6238fa5e27eb4f2ada1af0d7213e6809504b846 Mon Sep 17 00:00:00 2001 From: chenmaodong Date: Mon, 22 Feb 2021 11:18:51 +0800 Subject: [PATCH 3/3] fix wrong format in License --- intel-sgx-ssl.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/intel-sgx-ssl.spec b/intel-sgx-ssl.spec index adaa1dc..09670f6 100644 --- a/intel-sgx-ssl.spec +++ b/intel-sgx-ssl.spec @@ -1,10 +1,10 @@ %define openssl_version 1.1.1g Name: intel-sgx-ssl Version: 2.10 -Release: 4 +Release: 5 Summary: Intel® Software Guard Extensions SSL ExclusiveArch: x86_64 -License: OpenSSL and BSD 3-clause "New" or "Revised" License +License: OpenSSL and BSD-3-Clause URL: https://github.com/intel/intel-sgx-ssl Source0: https://github.com/intel/intel-sgx-ssl/archive/lin_%{version}_%{openssl_version}.zip Source1: https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_version}.tar.gz @@ -62,6 +62,8 @@ cp License.txt $RPM_BUILD_ROOT/opt/intel/sgxssl/docs/ /opt/intel/sgxssl/include/* %changelog +* Mon Feb 22 2021 chenmaodong - 2.10-5 +- add ocall file operation and getenv * Tue Jan 26 2021 yanlu - 2.10-4 - add ocall file operation and getenv * Mon Jan 18 2021 yanlu - 2.10-3 -- Gitee