Fixed SGX SSL preparation scripts

bgotowal · bgotowal · commit 808e4c7df279 · 2025-06-12T16:00:49.000+02:00
Update OpenSSL and SGXSSL versions, switch to official OpenSSL sources, and fix build scripts

Signed-off-by: Gotowalski, Bartosz &lt;bartosz.gotowalski@intel.com&gt;
diff --git a/QuoteVerification/prepare_sgxssl.cmd b/QuoteVerification/prepare_sgxssl.cmd
@@ -38,18 +38,17 @@ set top_dir=%~dp0
 set sgxssl_dir=%top_dir%\sgxssl
 
 set openssl_out_dir=%sgxssl_dir%\openssl_source
-set openssl_ver_name=openssl-3.1.6
+set openssl_ver_name=openssl-3.0.14
 set sgxssl_github_archive=https://github.com/intel/intel-sgx-ssl/archive
-set sgxssl_ver_name=3.1.6_Rev1
+set sgxssl_ver_name=3.0_Rev4
 set sgxssl_ver=%sgxssl_ver_name%
 set build_script=%sgxssl_dir%\Windows\build_package.cmd
 
-@Rem set server_url_path=https://www.openssl.org/source/
-set server_url_path=https://af01p-igk.devtools.intel.com/artifactory/sgxdcapprerequisites-igk-local/prebuilt/ssl
+set server_url_path=https://www.openssl.org/source/
 
 set full_openssl_url=%server_url_path%/%openssl_ver_name%.tar.gz
-set sgxssl_chksum=8fbacac2612f6117c11d04cd7989f1a035f978683a4626055133b2fbf332d016
-set openssl_chksum=5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7
+set sgxssl_chksum=3ae56df48a56f58fce8d0472ea82cc4380e30442b49b931c027fda9e637cb3fa
+set openssl_chksum=eeca035d4dd4e84fc25846d952da6297484afa0650a6f84c682e39df3a4123ca
 
 if not exist %sgxssl_dir% (
 	mkdir %sgxssl_dir%
@@ -71,8 +70,7 @@ if not exist %build_script% (
 )
 
 if not exist %openssl_out_dir%\%openssl_ver_name%.tar.gz (
-@Rem	call powershell -Command "Invoke-WebRequest -URI %full_openssl_url% -OutFile %openssl_out_dir%\%openssl_ver_name%.tar.gz"
-	call powershell -Command " [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; (New-Object Net.WebClient).DownloadFile('%full_openssl_url%', '%openssl_out_dir%\%openssl_ver_name%.tar.gz'); exit" > nul
+	call powershell -Command "Invoke-WebRequest -URI %full_openssl_url% -OutFile %openssl_out_dir%\%openssl_ver_name%.tar.gz"
 )
 call powershell -Command " $opensslfilehash = Get-FileHash %openssl_out_dir%\%openssl_ver_name%.tar.gz; Write-Output $opensslfilehash.Hash | out-file -filepath %sgxssl_dir%\check_sum_openssl.txt -encoding ascii"
 findstr /i %openssl_chksum% %sgxssl_dir%\check_sum_openssl.txt>nul
@@ -84,7 +82,11 @@ if !errorlevel! NEQ 0  (
 
 if not exist %sgxssl_dir%\Windows\package\lib\%PFM%\%CFG%\libsgx_tsgxssl.lib (
 	cd %sgxssl_dir%\Windows\
-	start /WAIT cmd /C call %build_script% %PFM%_%CFG% %openssl_ver_name% no-clean SIM || exit /b 1
+	cmd /C (echo | call %build_script% %PFM%_%CFG% %openssl_ver_name% no-clean SIM)
+	if !errorlevel! NEQ 0  (
+		echo "Error calling %build_script% %PFM%_%CFG% %openssl_ver_name% no-clean SIM"
+		exit /b 1
+	)
     xcopy /E /H /y %sgxssl_dir%\Windows\package %top_dir%\package\
 
 	cd ..\
diff --git a/QuoteVerification/prepare_sgxssl.sh b/QuoteVerification/prepare_sgxssl.sh
@@ -39,7 +39,6 @@ sgxssl_github_archive=https://github.com/intel/intel-sgx-ssl/archive
 sgxssl_file_name=3.1.6_Rev1
 build_script=$sgxssl_dir/Linux/build_openssl.sh
 server_url_path=https://www.openssl.org/source/
-#server_url_path=https://af01p-igk.devtools.intel.com/artifactory/sgxdcapprerequisites-igk-local/prebuilt/ssl
 full_openssl_url=$server_url_path/$openssl_ver_name.tar.gz
 full_openssl_url_old=$server_url_path/old/3.0/$openssl_ver_name.tar.gz
 
@@ -76,8 +75,7 @@ if [[ "$*" == *SERVTD_ATTEST* ]];then
 fi
 
 if [ ! -f $openssl_out_dir/$openssl_ver_name.tar.gz ]; then
-#  wget $full_openssl_url_old -P $openssl_out_dir || wget $full_openssl_url -P $openssl_out_dir || exit 1
-  wget $full_openssl_url -P $openssl_out_dir --no-check-certificate || exit 1
+  wget $full_openssl_url -P $openssl_out_dir || exit 1
   sha256sum $openssl_out_dir/$openssl_ver_name.tar.gz > $sgxssl_dir/check_sum_openssl.txt
   grep $openssl_chksum $sgxssl_dir/check_sum_openssl.txt
   if [ $? -ne 0 ]; then
