%define         openssl_version 1.1.1g
Name:           intel-sgx-ssl
Version:        2.10
Release:        4
Summary:        Intel® Software Guard Extensions SSL
ExclusiveArch:	x86_64
License:        OpenSSL and BSD 3-clause "New" or "Revised" License
URL:            https://github.com/intel/intel-sgx-ssl
Source0:        https://github.com/intel/intel-sgx-ssl/archive/lin_%{version}_%{openssl_version}.zip
Source1:        https://www.openssl.org/source/old/1.1.1/openssl-%{openssl_version}.tar.gz

Patch0:         adapt-openssl-CVE.patch
Patch1:         backport-CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch
Patch2:         backport-CVE-2022-1292.patch
Patch3:         backport-CVE-2022-2068-Fix-file-operations-in-c_rehash.patch
Patch4:         backport-CVE-2022-0778.patch
Patch5:         backport-CVE-2022-0778_test.patch

BuildRequires:  gcc 
BuildRequires:	libsgx-launch libsgx-urts sgxsdk

Requires:       glibc

%description
The Intel® Software Guard Extensions SSL (Intel® SGX SSL) cryptographic
library is intended to provide cryptographic services for
Intel® Software Guard Extensions (SGX) enclave applications.
The Intel® SGX SSL cryptographic library is based on the underlying
OpenSSL* Open Source project, providing a full-strength general purpose
cryptography library. Supported OpenSSL version is 1.1.1g.


%package devel
Summary:        Development files for intel sgx ssl
Requires:       %{name} = %{version}-%{release}

%description devel
%{summary}.


%package_help
%define debug_package %{nil}

%prep

%setup -q -n intel-sgx-ssl-lin_2.10_1.1.1g
%setup -q -D -T -a 1 -n intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source
%setup -q -D -T -n intel-sgx-ssl-lin_2.10_1.1.1g
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1

%build
cp %{SOURCE1} openssl_source/
cd Linux
make sgxssl_no_mitigation

%install
cd Linux
make install DESTDIR=$RPM_BUILD_ROOT/opt/intel/sgxssl
cp -r package/docs $RPM_BUILD_ROOT/opt/intel/sgxssl/
cp   ../README.md $RPM_BUILD_ROOT/opt/intel/sgxssl/docs/
cp   License.txt $RPM_BUILD_ROOT/opt/intel/sgxssl/docs/

%files
/opt/intel/sgxssl/lib64/*
/opt/intel/sgxssl/docs/*

%files devel
/opt/intel/sgxssl/include/*

%changelog
* Sat Sep 03 2022 wangyu <wangyu283@huawei.com> - 2.10-4
- Fix CVE-2022-2068 CVE-2022-0778 CVE-2022-1292 CVE-2022-2097

* Wed Mar 10 2021 chenmaodong <chenmaodong@huawei.com> - 2.10-3
- change requires from linux-sgx-sdk to sgxsdk
* Mon Jan 18 2021 chenmaodong <chenmaodong@huawei.com> - 2.10-2
- init
* Thu Dec 29 2020 chenmaodong <chenmaodong@huawei.com> - 2.10-1
- init