Revert "Generate an OpenSSL configuration file at build time."

This reverts commit 7d10ac4.
intel · Dec 19, 2024 · c0b43e4 · c0b43e4
1 parent 7d10ac4
commit c0b43e4
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 75 deletions.
diff --git a/Linux/sgx/fips_test/openssl.cnf.tmpl b/Linux/sgx/fips_test/openssl.cnf.tmpl
diff --git a/Linux/sgx/fips_test/sgx_t.mk b/Linux/sgx/fips_test/sgx_t.mk
@@ -63,7 +63,7 @@ ifeq ($(DEBUG), 1)
     endif
 endif
 
-# Added to build with the SGX-SSL library
+# Added to build with SgxSSL library
 OPENSSL_LIBRARY_PATH := $(PACKAGE_LIB)/
 TSETJMP_LIB := -lsgx_tsetjmp
 
@@ -88,8 +88,7 @@ else
     Trts_Library_Name := sgx_trts
     Service_Library_Name := sgx_tservice
 endif
-
-# tRTS library that provides the symbol sgx_get_fips_sym_addr()
+# tRTS library that provides the symbol get_fips_sym_addr()
 SGXSSL_FIPS_TLIB = sgx_ossl_fips
 
 ifeq ($(SGX_MODE), HW)
@@ -131,12 +130,7 @@ Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefau
 
 Enclave_Test_Key := $(ENCLAVE_DIR)/enclave_private.pem
 
-# OpenSSL configuration file
-OPENSSLCONF:=openssl.cnf
-FIPSMODULECONF:=fipsmodule.cnf
-LIBDIR := lib64
-
-.PHONY: all clean install_conf
+.PHONY: all clean
 
 all: enclave.signed.so
 
@@ -167,20 +161,15 @@ enclave.so: $(ENCLAVE_DIR)/enclave_t.o $(Enclave_Cpp_Objects) $(Enclave_C_Object
 	$(VCXX) $^ -o $@ $(Enclave_Link_Flags)
 	@echo "LINK =>  $@"
 
-enclave.signed.so: enclave.so install_conf
+enclave.signed.so: enclave.so
 ifeq ($(wildcard $(Enclave_Test_Key)),)
 	@echo "There is no enclave test key <enclave_private.pem>."
 	@echo "The project will generate a key <enclave_private.pem> for testing."
 	@openssl genrsa -out $(Enclave_Test_Key) -3 3072
 endif
 	@echo "SIGN =>  $@"
 	$(SGX_ENCLAVE_SIGNER) sign -key $(Enclave_Test_Key) -enclave enclave.so -out $@ -config $(ENCLAVE_DIR)/enclave.config.xml
-
-install_conf:
-	@echo "*** Installing OpenSSL configuration"
-	@echo "install $(OPENSSLCONF) -> $(SGX_SDK)/$(LIBDIR)/$(OPENSSLCONF)"
-	@cp -f $(OPENSSLCONF).tmpl $(OPENSSLCONF)
-	echo ".include $(SGX_SDK)/$(LIBDIR)/$(FIPSMODULECONF)" >> $(OPENSSLCONF)
+	@cp $(SGX_LIBRARY_PATH)/openssl.cnf .
 
 clean:
 	@rm -f enclave.* $(ENCLAVE_DIR)/enclave_t.* $(Enclave_Cpp_Objects) $(Enclave_C_Objects) $(Enclave_Test_Key)

diff --git a/Linux/sgx/test_app/openssl.cnf.tmpl b/Linux/sgx/test_app/openssl.cnf.tmpl
diff --git a/Linux/sgx/test_app/sgx_t.mk b/Linux/sgx/test_app/sgx_t.mk
@@ -74,7 +74,7 @@ $(error Cannot set DEBUG and SGX_PRERELEASE at the same time!!)
 endif
 endif
 
-# Added to build with the SGX-SSL library
+# Added to build with SgxSSL libraries
 TSETJMP_LIB := -lsgx_tsetjmp
 OPENSSL_LIBRARY_PATH := $(PACKAGE_LIB)/
 
@@ -130,7 +130,6 @@ SgxSSL_Link_Libraries := -L$(OPENSSL_LIBRARY_PATH) -Wl,--whole-archive -l$(SGXSS
 Security_Link_Flags := -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -pie
 
 ifeq ($(FIPS), 1)
-# tRTS library that provides the symbol sgx_get_fips_sym_addr()
 SGXSSL_FIPS_TLIB = -lsgx_ossl_fips
 endif
 
@@ -146,11 +145,6 @@ TestEnclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nod
 
 Enclave_Test_Key := $(ENCLAVE_DIR)/TestEnclave_private_test.pem
 
-# OpenSSL configuration file
-OPENSSLCONF:=openssl.cnf
-FIPSMODULECONF:=fipsmodule.cnf
-LIBDIR := lib64
-
 .PHONY: all test
 
 all: TestEnclave.signed.so
@@ -199,8 +193,8 @@ endif
 	@echo "SIGN =>  $@"
 ifeq ($(FIPS), 1)
 	@$(SGX_ENCLAVE_SIGNER) sign -key $(Enclave_Test_Key) -enclave TestEnclave.so -out $@ -config $(ENCLAVE_DIR)/TestEnclave.fips.config.xml
-	@cp -f $(OPENSSLCONF).tmpl $(OPENSSLCONF)
-	echo ".include $(SGX_SDK)/$(LIBDIR)/$(FIPSMODULECONF)" >> $(OPENSSLCONF)
+	cp $(SGX_LIBRARY_PATH)/openssl.cnf .
+	cp $(SGX_LIBRARY_PATH)/fips.so .
 else
 	@$(SGX_ENCLAVE_SIGNER) sign -key $(Enclave_Test_Key) -enclave TestEnclave.so -out $@ -config $(ENCLAVE_DIR)/TestEnclave.config.xml
 endif