Linux 2.7.1 Open Source Gold Release

Updated OpenSSL to 1.1.1d.
Fixed bugs.

Signed-off-by: Li, Xun <[email protected]>

Author: llly

Makefile

@@ -29,7 +29,7 @@
 #
 #
 
-DCAP_VER?= 1.3
+DCAP_VER?= 1.3.1
 DCAP_DOWNLOAD_BASE ?= https://github.com/intel/SGXDataCenterAttestationPrimitives/archive
 
 CHECK_OPT :=

buildenv.mk

@@ -180,10 +180,7 @@ COMMON_LDFLAGS := -Wl,-z,relro,-z,now,-z,noexecstack
 # When `pie' is enabled, the linker (both BFD and Gold) under Ubuntu 14.04
 # will hide all symbols from dynamic symbol table even if they are marked
 # as `global' in the LD version script.
-ENCLAVE_CFLAGS   = -ffreestanding -nostdinc -fvisibility=hidden -fpie
-ifeq ($(CC_GREAT_EQUAL_8), 1)
-    ENCLAVE_CFLAGS += -fcf-protection
-endif
+ENCLAVE_CFLAGS   = -ffreestanding -nostdinc -fvisibility=hidden -fpie -fno-strict-overflow -fno-delete-null-pointer-checks
 ENCLAVE_CXXFLAGS = $(ENCLAVE_CFLAGS) -nostdinc++
 ENCLAVE_LDFLAGS  = $(COMMON_LDFLAGS) -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
                    -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \

common/inc/internal/se_version.h

@@ -28,13 +28,13 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
-#define STRFILEVER    "2.7.100.4"
+#define STRFILEVER    "2.7.101.3"
 #define COPYRIGHT      "Copyright (C) 2019 Intel Corporation"
 
-#define UAE_SERVICE_VERSION       "1.2.101.4"
-#define URTS_VERSION              "1.1.102.4"
-#define ENCLAVE_COMMON_VERSION    "1.0.105.4"
-#define LAUNCH_VERSION            "1.0.100.4"
-#define PLATFORM_VERSION          "1.0.100.4"
-#define EPID_VERSION              "1.0.100.4"
-#define QUOTE_EX_VERSION          "1.0.100.4"
+#define UAE_SERVICE_VERSION       "1.2.102.3"
+#define URTS_VERSION              "1.1.103.3"
+#define ENCLAVE_COMMON_VERSION    "1.0.106.3"
+#define LAUNCH_VERSION            "1.0.101.3"
+#define PLATFORM_VERSION          "1.0.101.3"
+#define EPID_VERSION              "1.0.101.3"
+#define QUOTE_EX_VERSION          "1.0.101.3"

common/inc/sgx_secure_align.h

@@ -0,0 +1,154 @@
+/*
+ * Copyright (C) 2011-2019 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#ifndef _SGX_SECURE_ALIGN_H_
+#define _SGX_SECURE_ALIGN_H_
+
+#include <cstdint>
+#include <utility>
+
+namespace sgx {
+
+    template <class T>
+    constexpr T __rol(T v, std::size_t c, std::size_t _m)
+    {
+        return (v << (c & _m)) | (v >> ((0 - c) & _m));
+    }
+
+    template <class T>
+    constexpr T rol(T v, std::size_t c)
+    {
+        return __rol(typename std::make_unsigned<T>::type(v), c, sizeof(v) * 8 - 1);
+    }
+
+    template <class T>
+    constexpr T ror(T v, std::size_t c)
+    {
+        return rol(v, 0 - c);
+    }
+
+    namespace __custom_alignment_internal {
+
+        template <std::int64_t B, std::size_t... OLs>
+        struct secret_bmp;
+
+        template <std::int64_t B, std::size_t O, std::size_t L, std::size_t... OLs>
+        struct secret_bmp<B, O, L, OLs...> :
+            secret_bmp<B | rol((1ll << L) - 1, O), OLs...>
+        {};
+
+        template <std::int64_t B>
+        struct secret_bmp<B>
+        {
+            enum : std::int64_t
+            {
+                value = B
+            };
+        };
+
+        constexpr std::int64_t __gen_alignmask(
+            std::size_t al,
+            std::size_t a = sizeof(std::uint64_t) * 8,
+            std::uint64_t m = 1ull << (sizeof(std::uint64_t) * 8 - 1))
+        {
+            return a > al ? __gen_alignmask(al, a >> 1, m | (m >> (a >> 1))) : m;
+        }
+
+        /* count leading zero bits */
+        template <class T>
+        constexpr int count_lzb(T bmp)
+        {
+            return bmp == 0 ? -1 :
+                typename std::make_signed<T>::type(bmp) < 0 ? 0 : count_lzb(bmp << 1) + 1;
+        }
+
+        /* calculate leading spaces needed
+         * returns negative value if no viable solution could be found
+	*/
+        constexpr int calc_lspc(std::size_t al, std::int64_t bmp)
+        {
+            return (al & (al - 1)) != 0 ? -2 : count_lzb(
+                ~(ror(bmp | ror(bmp, 1) | ror(bmp, 2) | ror(bmp, 3), 5) | ror(bmp, 1)) & __gen_alignmask(al));
+        }
+
+        constexpr std::size_t __calc_algn(std::size_t size, std::size_t a = sizeof(std::uint64_t) * 8)
+        {
+            return a > 8 && size <= a / 2 ? __calc_algn(size, a / 2) : a;
+        }
+
+        /* calculate alignment for a structure */
+        constexpr std::size_t calc_algn(std::size_t al, std::size_t size)
+        {
+            return al > 64 ? al : __calc_algn(size);
+        }
+
+
+        /*
+         * without this pragma, we need a destructor, which
+         * would want to pull in C++ lib, which we want to avoid
+        */
+
+        template <class T, std::size_t A, int LZ>
+        struct alignas(calc_algn(A, sizeof(T) + LZ)) custom_alignment
+        {
+            static_assert(LZ > 0, "No viable offset");
+
+            char __no_secret_allowed_in_here[LZ];
+            T v;
+
+            template <class... Us>
+            custom_alignment(Us&&... args) : v(std::forward<Us>(args)...) {}
+        };
+
+        template <class T, std::size_t A>
+        struct alignas(calc_algn(A, sizeof(T))) custom_alignment<T, A, 0>
+        {
+            T v;
+
+            template <class... Us>
+            custom_alignment(Us&&... args) : v(std::forward<Us>(args)...) {}
+        };
+
+
+
+    } /* namespace __custom_alignment_internal */
+
+    template <class T, std::size_t A, std::size_t... OLs>
+    using custom_alignment_aligned = __custom_alignment_internal::custom_alignment<T, A,
+        __custom_alignment_internal::calc_lspc(A, __custom_alignment_internal::secret_bmp<0, OLs...>::value)>;
+
+    template <class T, std::size_t... OLs>
+    using custom_alignment = custom_alignment_aligned<T, alignof(T), OLs...>;
+
+} /* namespace sgx */
+
+#endif

common/inc/sgx_secure_align_api.h

@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2011-2019 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef _SGX_SECURE_ALIGN_API_H_
+#define _SGX_SECURE_ALIGN_API_H_
+
+#include <stdint.h>
+
+typedef struct
+{
+    size_t offset;
+    size_t len;
+} align_req_t;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+    /**
+     * sgx_aligned_malloc
+     *
+     *     Allocates memory for a structure on a specified alignment boundary
+     *
+     * Parameters:
+     *     size - the size of the requested memory allocation in bytes.
+     *     alignment - the alignment value, which must be an integer power of 2.
+     *     data - (offset, length) pairs to define the fields in the structure for secrets 
+     *             If data is NULL and count is 0, the whole structure will be aligned.
+     *     count - number of align_req_t structure in data
+     *             If data is NULL and count is 0, the whole structure will be aligned.
+     *
+     * Return Value:
+     *     A pointer to the memory block that was allocated or NULL if the operation failed.
+    */
+    void *sgx_aligned_malloc(size_t size, size_t alignment, align_req_t *data, size_t count);
+    /**
+     * sgx_aligned_free
+     *
+     *     Frees a block of memory that was allocated with sgx_aligned_malloc
+     *
+     * Parameters:
+     *     ptr - a pointer to the memory block that was returned to the sgx_aligned_malloc
+     *
+    */
+    void sgx_aligned_free(void *ptr);
+
+    /*
+     * sgx_get_aligned_ptr
+     *
+     *     Return a pointer from the pre-allocated memory on a specified alignment boundary
+     *
+     * Parameters:
+     *     raw - the memory allocated by user
+     *     raw_size - the size of raw memory in bytes
+     *     allocate_size - the size of the requested memory allocation in bytes.
+     *     alignment - the alignment value, which must be an integer power of 2.
+     *     data - (offset, length) pairs to define the fields in the structure for secrets
+     *             If data is NULL and count is 0, the whole structure will be aligned.
+     *     count - number of align_req_t structure in data
+     *             If data is NULL and count is 0, the whole structure will be aligned.
+     * Return Value:
+     *     A pointer to the memory block or NULL if the operation failed.
+     * Note:
+     *     The raw memory should be allocated by user, and it should be big enough to get aligned pointer:
+     *          (size + 72)(bytes), if alignment <= 8
+     *          (size + 64 + alignment)(bytes), if alignment > 8
+     *
+     */
+    void *sgx_get_aligned_ptr(void *raw, size_t raw_size, size_t allocate_size, size_t alignment, align_req_t *data, size_t count);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif

download_prebuilt.sh

@@ -33,10 +33,10 @@
 
 top_dir=`dirname $0`
 out_dir=$top_dir
-optlib_name=optimized_libs_2.7.tar.gz
-ae_file_name=prebuilt_ae_2.7.tar.gz
-checksum_file=SHA256SUM_prebuilt_2.7.txt
-server_url_path=https://download.01.org/intel-sgx/sgx-linux/2.7
+optlib_name=optimized_libs_2.7.1.tar.gz
+ae_file_name=prebuilt_ae_2.7.1.tar.gz
+checksum_file=SHA256SUM_prebuilt_2.7.1.txt
+server_url_path=https://download.01.org/intel-sgx/sgx-linux/2.7.1
 server_optlib_url=$server_url_path/$optlib_name
 server_ae_url=$server_url_path/$ae_file_name
 server_checksum_url=$server_url_path/$checksum_file