Data races among the following shared variables and functions.

Is it possible to obtaining a licensed developer certificate for signing security-reviewed, community-developed open source SGX software binary in production mode, and publish it on open source repository like apt or rpm?

Hi,
I've been trying to build intel-sgx-ssl on Ubuntu 18.04. I've tried two configurations.

1. With the flag -mlfence-before-ret=not and -mlfence-after-load=yes for as. In this configuration I used the same as that is shipped with the ubuntu 18.04. Since this is the older version of as it does not support this flag. To modify this i removed the flags from the build. However along the build i got the error:
   g++ enclave/TestEnclave_t.o enclave/TestEnclave.o enclave/tests/ecdhtest.o enclave/tests/sha1test.o enclave/tests/missing_funcs.o enclave/tests/threadstest.o enclave/tests/stdio_func.o enclave/tests/dhtest.o enclave/tests/ecdsatest.o enclave/tests/rsa_test.o enclave/tests/bntest.o enclave/tests/sha256t.o enclave/tests/ectest.o -o TestEnclave.so -m64 -Wall -O2 -D_FORTIFY_SOURCE=2 -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -pie -L/home/arslan/Documents/sgxsdk/sgxsdk/SampleCode/ssl2/intel-sgx-ssl/Linux/sgx/../package/lib64// -Wl,--whole-archive -lsgx_tsgxssl -Wl,--no-whole-archive -lsgx_tsgxssl_crypto -L/home/arslan/Documents/sgxsdk/sgxsdk/lib64 -Wl,--whole-archive -lsgx_trts -Wl,--no-whole-archive -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -lsgx_tcrypto -lsgx_tservice -Wl,--end-group -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined -Wl,-pie,-eenclave_entry -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--version-script=enclave/TestEnclave.lds /home/arslan/Documents/sgxsdk/sgxsdk/SampleCode/ssl2/intel-sgx-ssl/Linux/sgx/../package/lib64///libsgx_tsgxssl.a(tstdlib.o): In function tssl_access_version_dummy1()':
   tstdlib.cpp:(.text.exit._Z26tssl_access_version_dummy1v+0xb): undefined reference to __x86_return_thunk' /home/arslan/Documents/sgxsdk/sgxsdk/SampleCode/ssl2/intel-sgx-ssl/Linux/sgx/../package/lib64///libsgx_tsgxssl.a(tstdlib.o): In function sgxssl_getenv':
   tstdlib.cpp:(.text.sgxssl_getenv+0xb5): undefined reference to __x86_return_thunk' tstdlib.cpp:(.text.sgxssl_getenv+0xc8): undefined reference to __x86_return_thunk'
   /home/arslan/Documents/sgxsdk/sgxsdk/SampleCode/ssl2/intel-sgx-ssl/Linux/sgx/../package/lib64///libsgx_tsgxssl.a(tstdlib.o): In function sgxssl_atexit': tstdlib.cpp:(.text.sgxssl_atexit+0x3): undefined reference to __x86_return_thunk'
   /home/arslan/Documents/sgxsdk/sgxsdk/SampleCode/ssl2/intel-sgx-ssl/Linux/sgx/../package/lib64///libsgx_tsgxssl.a(tmem_mgmt.o): In function std::__1::map<void*, MmapInfo*, std::__1::less<void*>, std::__1::allocator<std::__1::pair<void* const, MmapInfo*> > >::~map()': tmem_mgmt.cpp:(.text._ZNSt3__13mapIPvP8MmapInfoNS_4lessIS1_EENS_9allocatorINS_4pairIKS1_S3_EEEEED2Ev[_ZNSt3__13mapIPvP8MmapInfoNS_4lessIS1_EENS_9allocatorINS_4pairIKS1_S3_EEEEED5Ev]+0xf): undefined reference to __x86_return_thunk'
   /home/arslan/Documents/sgxsdk/sgxsdk/SampleCode/ssl2/intel-sgx-ssl/Linux/sgx/../package/lib64///libsgx_tsgxssl.a(tmem_mgmt.o):tmem_mgmt.cpp:(.text.sgxssl_mprotect+0x6a): more undefined references to __x86_return_thunk' follow
2. The other configuration i tried was with the build flags. I built the latest binutils and it was able to recognize the flag. However, in this case, I also run into a somewhat similar but different error:
   /home/arslan/trunk/bin/ld: /home/arslan/Documents/sgxsdk/sgxsdk/SampleCode/intel-sgx-ssl/Linux/sgx/../package/lib64///libsgx_tsgxssl_crypto.a(hkdf.o): in function pkey_hkdf_ctrl':
   hkdf.c:(.text+0x77): undefined reference to __x86_return_thunk' /home/arslan/trunk/bin/ld: hkdf.c:(.text+0x97): undefined reference to __x86_return_thunk'
   /home/arslan/trunk/bin/ld: hkdf.c:(.text+0xbd): undefined reference to __x86_return_thunk' /home/arslan/trunk/bin/ld: hkdf.c:(.text+0x1ab): undefined reference to __x86_return_thunk'
   /home/arslan/trunk/bin/ld: hkdf.c:(.text+0x1c3): undefined reference to __x86_return_thunk' /home/arslan/trunk/bin/ld: /home/arslan/Documents/sgxsdk/sgxsdk/SampleCode/intel-sgx-ssl/Linux/sgx/../package/lib64///libsgx_tsgxssl_crypto.a(hkdf.o):hkdf.c:(.text+0x3f4): more undefined references to __x86_return_thunk' follow
   collect2: error: ld returned 1 exit status`

What is the purpose of `__x86_return_thunk' symbol and where is it supposed to come from? I am inclined to believe that this is a build configuration related issue. I was using openssl-1.1.1d, which I was able to build without SGX extensions. Please let me know if I am missing something.

There is a security advisory that suggests that structures be aligned so that data inside the enclave memory should avoid putting sensitive data in DWORD0 and DWORD1 of the cache line.

"Organize the code/data within enclave memory to avoid putting sensitive materials in DWORD0 and DWORD1 of cache line. The effectiveness of this mitigation is dependent on the ability for the software to avoid the affected memory region. To assist the enclave application providers to modify their code, Intel is releasing SGX SDK update (Windows version 2.5.101.3, Linux version 2.7.101.3) with new memory allocation APIs to avoid the affected memory region. More details about the APIs can be found here."

Is there a plan to mitigate this vulnerability in SGXSSL?

Hi all:
I read the document it said that sgxssl support Rand_seed and Rand_add, but I cant find these functions in any header files. So how can I use these functions. Thanks !
Regards you

Some functions inside of OpenSSL make calls to cpuid via OPENSSL_ia32_cpuid which are not captured by this library, leading to a SIGILL at runtime:

Program received signal SIGILL, Illegal instruction.
OPENSSL_ia32_cpuid () at crypto/x86_64cpuid.s:43
43	crypto/x86_64cpuid.s: No such file or directory.
(gdb) where
#0  OPENSSL_ia32_cpuid () at crypto/x86_64cpuid.s:43
#1  0x00007ffff30a7397 in OPENSSL_cpuid_setup () at crypto/cryptlib.c:66
#2  0x00007ffff3076f3b in ossl_init_base () at crypto/init.c:81
#3  ossl_init_base_ossl_ () at crypto/init.c:66
#4  0x00007ffff3062201 in sgxssl_pthread_once (
    once_control=0x7ffff3470658 <base>, 
    init_routine=0x7ffff3076f00 <ossl_init_base_ossl_>) at tpthread.cpp:383
#5  0x00007ffff3083df9 in CRYPTO_THREAD_run_once (
    once=once@entry=0x7ffff3470658 <base>, 
    init=init@entry=0x7ffff3076f00 <ossl_init_base_ossl_>)
    at crypto/threads_pthread.c:106
#6  0x00007ffff307737b in OPENSSL_init_crypto (opts=opts@entry=2, 
    settings=settings@entry=0x0) at crypto/init.c:513

The source for OPENSSL_ia32_cpuid is in crypto/x86_64cpuid.s (and crypto/x86cpuid.s when in 32-bit ode). These files are dynamically-generated assembly, created when OpenSSL is being compiled via the perl script in crypto/x86_64cpuid.pl (and crypto/x86cpuid.pl when building in 32-bit mode).

I am getting build error. Can you tell me how I am going to change the required file location in the build file? I mean where to put the openssl source directory and perl, NASM, 7zip install location?

Bit of a weird one here. I'm running Intel SGX (version 2.2) in simulation mode. Whenever I run x509_verify_cert, if it's verifying a certificate that should succeed, it hangs indefinitely. Failures work as expected.

The exact same code works correctly using standard OpenSSL, so I know that it's something to do with running it inside Intel SGX. I haven't noticed issues with any other functions.

I have a workaround for my project, so it's not in any way urgent, but it's probably worth looking into

Info:
SGX version 2.2
OpenSSL - 1.0.2g
SGX SSL - 1.1.1a
Ubuntu 16.04
Intel Core i5-3337U CPU @ 1.80GHz x 4

Hi,
I want to know if we use evp-aes-256-gcm inside enclave with sgx-ssl, does it use AES-NI to encrypt? Thank you!

Hi, I am using the sgx ssl over linux and followed your instructions.

I am getting the following errors during compilation:

/home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tsocket.o): In function sgxssl_gai_strerror': tsocket.cpp:(.text+0x4e1): undefined reference to strerror'
/home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tpthread.o): In function sgxssl_pthread_rwlock_rdlock': sgx_t.mk:128: recipe for target 'TEST.so' failed tpthread.cpp:(.text+0xac): undefined reference to sgx_thread_self'
tpthread.cpp:(.text+0xd5): undefined reference to sgx_thread_mutex_lock' make[1]: Leaving directory '/home/mark/sgx_work/project/SgxEnclaveMigration/HashTable/sgx/enclave_TEST' tpthread.cpp:(.text+0xe7): undefined reference to sgx_thread_cond_wait'
sgx/Makefile:2: recipe for target 'all' failed
tpthread.cpp:(.text+0xf9): undefined reference to sgx_thread_mutex_unlock' /home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tpthread.o): In function sgxssl_pthread_rwlock_wrlock':
tpthread.cpp:(.text+0x1f0): undefined reference to sgx_thread_self' tpthread.cpp:(.text+0x219): undefined reference to sgx_thread_mutex_lock'
tpthread.cpp:(.text+0x237): undefined reference to sgx_thread_cond_wait' tpthread.cpp:(.text+0x257): undefined reference to sgx_thread_cond_wait'
tpthread.cpp:(.text+0x263): undefined reference to sgx_thread_self' tpthread.cpp:(.text+0x26f): undefined reference to sgx_thread_mutex_unlock'
/home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tpthread.o): In function sgxssl_pthread_rwlock_unlock': tpthread.cpp:(.text+0x36b): undefined reference to sgx_thread_mutex_lock'
tpthread.cpp:(.text+0x389): undefined reference to sgx_thread_mutex_unlock' tpthread.cpp:(.text+0x3c5): undefined reference to sgx_thread_self'
tpthread.cpp:(.text+0x3e6): undefined reference to sgx_thread_cond_broadcast' tpthread.cpp:(.text+0x3f0): undefined reference to sgx_thread_mutex_unlock'
/home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tpthread.o): In function sgxssl_pthread_getspecific': tpthread.cpp:(.text+0x57e): undefined reference to sgx_thread_self'
/home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tpthread.o): In function sgxssl_pthread_rwlock_destroy': tpthread.cpp:(.text+0x6c8): undefined reference to sgx_thread_cond_destroy'
tpthread.cpp:(.text+0x6d1): undefined reference to sgx_thread_mutex_destroy' /home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tpthread.o): In function sgxssl_pthread_setspecific':
tpthread.cpp:(.text+0xcca): undefined reference to sgx_thread_self' /home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tpthread.o): In function sgxssl_pthread_self':
tpthread.cpp:(.text+0x5e1): undefined reference to sgx_thread_self' /home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tpthread.o): In function stlpmtx_std::priv::_Rb_tree<void*, stlpmtx_std::less<void*>, stlpmtx_std::pair<void* const, RwlockInfo*>, stlpmtx_std::priv::_Select1st<stlpmtx_std::pair<void* const, RwlockInfo*> >, stlpmtx_std::priv::_MapTraitsT<stlpmtx_std::pair<void* const, RwlockInfo*> >, stlpmtx_std::allocator<stlpmtx_std::pair<void* const, RwlockInfo*> > >::_M_insert(stlpmtx_std::priv::_Rb_tree_node_base*, stlpmtx_std::pair<void* const, RwlockInfo*> const&, stlpmtx_std::priv::_Rb_tree_node_base*, stlpmtx_std::priv::_Rb_tree_node_base*)':
tpthread.cpp:(.text.ZN11stlpmtx_std4priv8_Rb_treeIPvNS_4lessIS2_EENS_4pairIKS2_P10RwlockInfoEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI[ZN11stlpmtx_std4priv8_Rb_treeIPvNS_4lessIS2_EENS_4pairIKS2_P10RwlockInfoEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI]+0x39): undefined reference to operator new(unsigned long, void*)' tpthread.cpp:(.text._ZN11stlpmtx_std4priv8_Rb_treeIPvNS_4lessIS2_EENS_4pairIKS2_P10RwlockInfoEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI_[_ZN11stlpmtx_std4priv8_Rb_treeIPvNS_4lessIS2_EENS_4pairIKS2_P10RwlockInfoEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI_]+0xb8): undefined reference to operator new(unsigned long, void*)'
tpthread.cpp:(.text.ZN11stlpmtx_std4priv8_Rb_treeIPvNS_4lessIS2_EENS_4pairIKS2_P10RwlockInfoEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI[ZN11stlpmtx_std4priv8_Rb_treeIPvNS_4lessIS2_EENS_4pairIKS2_P10RwlockInfoEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI]+0x11f): undefined reference to operator new(unsigned long, void*)' /home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tpthread.o): In function stlpmtx_std::priv::_Rb_tree<unsigned int, stlpmtx_std::less, stlpmtx_std::pair<unsigned int const, void ()(void)>, stlpmtx_std::priv::_Select1st<stlpmtx_std::pair<unsigned int const, void ()(void)> >, stlpmtx_std::priv::_MapTraitsT<stlpmtx_std::pair<unsigned int const, void ()(void)> >, stlpmtx_std::allocator<stlpmtx_std::pair<unsigned int const, void ()(void)> > >::_M_insert(stlpmtx_std::priv::_Rb_tree_node_base*, stlpmtx_std::pair<unsigned int const, void ()(void)> const&, stlpmtx_std::priv::_Rb_tree_node_base*, stlpmtx_std::priv::_Rb_tree_node_base*)':
tpthread.cpp:(.text.ZN11stlpmtx_std4priv8_Rb_treeIjNS_4lessIjEENS_4pairIKjPFvPvEEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI[ZN11stlpmtx_std4priv8_Rb_treeIjNS_4lessIjEENS_4pairIKjPFvPvEEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI]+0x39): undefined reference to operator new(unsigned long, void*)' tpthread.cpp:(.text._ZN11stlpmtx_std4priv8_Rb_treeIjNS_4lessIjEENS_4pairIKjPFvPvEEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI_[_ZN11stlpmtx_std4priv8_Rb_treeIjNS_4lessIjEENS_4pairIKjPFvPvEEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI_]+0xb8): undefined reference to operator new(unsigned long, void*)'
/home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tpthread.o):tpthread.cpp:(.text.ZN11stlpmtx_std4priv8_Rb_treeIjNS_4lessIjEENS_4pairIKjPFvPvEEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI[ZN11stlpmtx_std4priv8_Rb_treeIjNS_4lessIjEENS_4pairIKjPFvPvEEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI]+0x11f): more undefined references to operator new(unsigned long, void*)' follow /home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tstring.o): In function sgxssl___builtin___strcat_chk':
tstring.cpp:(.text+0x83): undefined reference to strncat' /home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tcpu_utils.o): In function sgxssl_cpuid_leaf_info':
tcpu_utils.cpp:(.text+0x101): undefined reference to sgx_cpuid' /home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(tmem_mgmt.o): In function stlpmtx_std::priv::_Rb_tree<void*, stlpmtx_std::less<void*>, stlpmtx_std::pair<void* const, MmapInfo*>, stlpmtx_std::priv::_Select1st<stlpmtx_std::pair<void* const, MmapInfo*> >, stlpmtx_std::priv::_MapTraitsT<stlpmtx_std::pair<void* const, MmapInfo*> >, stlpmtx_std::allocator<stlpmtx_std::pair<void* const, MmapInfo*> > >::_M_insert(stlpmtx_std::priv::_Rb_tree_node_base*, stlpmtx_std::pair<void* const, MmapInfo*> const&, stlpmtx_std::priv::_Rb_tree_node_base*, stlpmtx_std::priv::_Rb_tree_node_base*)':
tmem_mgmt.cpp:(.text.ZN11stlpmtx_std4priv8_Rb_treeIPvNS_4lessIS2_EENS_4pairIKS2_P8MmapInfoEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI[ZN11stlpmtx_std4priv8_Rb_treeIPvNS_4lessIS2_EENS_4pairIKS2_P8MmapInfoEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI]+0x39): undefined reference to operator new(unsigned long, void*)' tmem_mgmt.cpp:(.text._ZN11stlpmtx_std4priv8_Rb_treeIPvNS_4lessIS2_EENS_4pairIKS2_P8MmapInfoEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI_[_ZN11stlpmtx_std4priv8_Rb_treeIPvNS_4lessIS2_EENS_4pairIKS2_P8MmapInfoEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI_]+0xb8): undefined reference to operator new(unsigned long, void*)'
tmem_mgmt.cpp:(.text.ZN11stlpmtx_std4priv8_Rb_treeIPvNS_4lessIS2_EENS_4pairIKS2_P8MmapInfoEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI[ZN11stlpmtx_std4priv8_Rb_treeIPvNS_4lessIS2_EENS_4pairIKS2_P8MmapInfoEENS0_10_Select1stIS9_EENS0_11_MapTraitsTIS9_EENS_9allocatorIS9_EEE9_M_insertEPNS0_18_Rb_tree_node_baseERKS9_SI_SI]+0x11f): undefined reference to operator new(unsigned long, void*)' /home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(texceptions.o): In function init_exception_handler':
texceptions.c:(.text.startup+0x33): undefined reference to sgx_cpuid' texceptions.c:(.text.startup+0xa3): undefined reference to sgx_cpuid'
/home/mark/Downloads/sgxopenssl/intel-sgx-ssl/Linux/package/lib64/release/libsgx_tsgxssl.a(bionic_sscanf.o): In function sgxssl_vsscanf': bionic_sscanf.c:(.text+0x79): undefined reference to isspace'
bionic_sscanf.c:(.text+0xa1): undefined reference to isspace' bionic_sscanf.c:(.text+0x14b): undefined reference to isupper'
bionic_sscanf.c:(.text+0x1a4): undefined reference to isspace' bionic_sscanf.c:(.text+0x629): undefined reference to isspace'
bionic_sscanf.c:(.text+0x75f): undefined reference to strtoumax' bionic_sscanf.c:(.text+0x9e0): undefined reference to isspace'
bionic_sscanf.c:(.text+0xa0c): undefined reference to strtod' bionic_sscanf.c:(.text+0xa88): undefined reference to strtoimax'

I have just installed the Intel SGX software (driver, SDK and PSW) on Ubuntu 18.04 and I have run most of the programs in SampleCode (not RemoteAttestation or SampleCommonLoader).

I have just tried to build the SGX SSL libraries. This fails with lots of errors related to pthreads like:

In file included from enclave/tests/threadstest.c:53:0:
enclave/tests/threads.h:57:22: error: conflicting types for ‘pthread_key_t’
typedef unsigned int pthread_key_t;
^~~~~~~~~~~~~
In file included from /opt/linux-sgx/intel-sgx-ssl/Linux/sgx/../package/include/openssl/crypto.h:415:0,
from enclave/tests/threadstest.c:52:
/opt/linux-sgx/linux-sgx/linux/installer/bin/sgxsdk/include/tlibc/pthread.h:60:16: note: previous declaration of ‘pthread_key_t’ was here
typedef int pthread_key_t;

I can get the compilation to complete if I remove the compiiation of the test app from the makefile in the sgx directory. However, this seems to be storing up problems for the future.

Is there a fix for this problem, or have I done something wrong?

 ./config no-dtls no-ssl2 no-idea no-mdc2 no-rc5 no-rc4 no-bf no-ec2m no-camellia no-cast no-srp no-hw no-dso no-shared no-ui no-ssl3 no-md2 no-md4 no-stdio -D_NO_CRT_STDIO_INLINE -DOPENSSL_NO_SOCK -DOPENSSL_NO_DGRAM -DOPENSSL_NO_ASYNC
Operating system: x86_64-whatevcer-linux2
***** Deprecated options: no-ssl2, no-ui
Configuring OpenSSL version 1.1.1a (0x1010101fL) for linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Creating Makefile

**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL file first)         ***
***                                                                ***
**********************************************************************

The openssl' https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/INSTALL had Deprecated options: ‘no-ssl2, no-ui’
And ‘no-idea no-mdc2’ options don't find, pls check.
I want to find out ‘-D_NO_CRT_STDIO_INLINE’ what is meaning ?

Hi all:
Is there any plan to support openssl1.1.1? If not, Can I make it work some way. I can successfully compile and get the static lib files. But when I use that in my project, there are some link errors:
[ 76%] Linking CXX shared library libEnclave.so
CMakeFiles/Enclave.dir/Enclave.cpp.o：在函数‘ecall_say_hello’中：
/home/ywl/Documents/sgx-template/Enclave/Enclave.cpp:163：对‘SGXSSLGetSgxSSLVersion’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(init.o)：在函数‘OPENSSL_fork_child’中：
init.c:(.text+0xa81)：对‘rand_fork’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(mem_sec.o)：在函数‘CRYPTO_secure_malloc_init’中：
mem_sec.c:(.text+0xd71)：对‘syscall’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(drbg_lib.o)：在函数‘RAND_DRBG_instantiate’中：
drbg_lib.c:(.text+0x29f)：对‘rand_pool_free’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(drbg_lib.o)：在函数‘rand_drbg_restart’中：
drbg_lib.c:(.text+0x853)：对‘rand_pool_free’未定义的引用
drbg_lib.c:(.text+0x8d6)：对‘rand_pool_free’未定义的引用
drbg_lib.c:(.text+0x915)：对‘rand_pool_new’未定义的引用
drbg_lib.c:(.text+0x931)：对‘rand_pool_add’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(drbg_lib.o)：在函数‘RAND_DRBG_generate’中：
drbg_lib.c:(.text+0xac4)：对‘rand_fork_count’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(drbg_lib.o)：在函数‘RAND_DRBG_bytes’中：
drbg_lib.c:(.text+0xd78)：对‘rand_drbg_get_additional_data’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(drbg_lib.o)：在函数‘RAND_DRBG_secure_new’中：
drbg_lib.c:(.text+0xf82)：对‘rand_fork_count’未定义的引用
drbg_lib.c:(.text+0xf8e)：对‘rand_drbg_get_entropy’未定义的引用
drbg_lib.c:(.text+0xf9c)：对‘rand_drbg_cleanup_entropy’未定义的引用
drbg_lib.c:(.text+0x107b)：对‘rand_drbg_get_nonce’未定义的引用
drbg_lib.c:(.text+0x1092)：对‘rand_drbg_cleanup_nonce’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(drbg_lib.o)：在函数‘RAND_DRBG_new’中：
drbg_lib.c:(.text+0x114f)：对‘rand_fork_count’未定义的引用
drbg_lib.c:(.text+0x1162)：对‘rand_drbg_get_entropy’未定义的引用
drbg_lib.c:(.text+0x1170)：对‘rand_drbg_cleanup_entropy’未定义的引用
drbg_lib.c:(.text+0x1253)：对‘rand_drbg_get_nonce’未定义的引用
drbg_lib.c:(.text+0x126a)：对‘rand_drbg_cleanup_nonce’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(threads_pthread.o)：在函数‘fork_once_func’中：
threads_pthread.c:(.text+0x16)：对‘pthread_atfork’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(bn_rand.o)：在函数‘bnrand.part.0’中：
bn_rand.c:(.text+0xe9)：对‘RAND_priv_bytes’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(bn_rand.o)：在函数‘BN_priv_rand’中：
bn_rand.c:(.text+0x750)：对‘RAND_priv_bytes’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(bn_rand.o)：在函数‘BN_generate_dsa_nonce’中：
bn_rand.c:(.text+0xa99)：对‘RAND_priv_bytes’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(ecx_meth.o)：在函数‘pkey_ecx_keygen’中：
ecx_meth.c:(.text+0x1648)：对‘RAND_priv_bytes’未定义的引用
ecx_meth.c:(.text+0x16d4)：对‘RAND_priv_bytes’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(ecx_meth.o):ecx_meth.c:(.text+0x17d0): 跟着更多未定义的参考到 RAND_priv_bytes
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(loader_file.o)：在函数‘file_open’中：
loader_file.c:(.text+0xdd0)：对‘stat’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(uid.o)：在函数‘OPENSSL_issetugid’中：
uid.c:(.text+0xa)：对‘getauxval’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(o_dir.o)：在函数‘OPENSSL_DIR_read’中：
o_dir.c:(.text+0x42)：对‘readdir’未定义的引用
o_dir.c:(.text+0x9e)：对‘opendir’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(o_dir.o)：在函数‘OPENSSL_DIR_end’中：
o_dir.c:(.text+0x11a)：对‘closedir’未定义的引用
/opt/intel/sgxssl/lib64/debug/libsgx_tsgxssl_crypto.a(conf_def.o)：在函数‘def_load_bio’中：
conf_def.c:(.text+0xf83)：对‘stat’未定义的引用
collect2: error: ld returned 1 exit status
Enclave/CMakeFiles/Enclave.dir/build.make:105: recipe for target 'Enclave/libEnclave.so' failed
make[2]: *** [Enclave/libEnclave.so] Error 1
CMakeFiles/Makefile2:262: recipe for target 'Enclave/CMakeFiles/Enclave.dir/all' failed
make[1]: *** [Enclave/CMakeFiles/Enclave.dir/all] Error 2

Hi,

I tried to install the SGX SSL implementation by running the build_sgxssl.sh script, but the installation failed with the following error message:

ar: creating libcrypto.a
ranlib libcrypto.a || echo Never mind.
cp: cannot create regular file ‘/home/spyros/Desktop/intel-sgx-ssl/package/lib64/release/libsgx_tsgxssl_crypto.a’: No such file or directory

When I modify the script to create the missing directories, it terminates successfully, however the SGX SSL libraries are not in the package/lib64/{debug|release} directories. Both directories are actually empty.

I ran the script as root, so there should not be any issues with the OS permissions.

My operating system is Ubuntu 14.04.1

Do you have any idea what goes wrong?

I am using sgx_linux_x64_sdk_2.1.101.42529.bin and latest from this project.

The logic in build_sgxssl.sh around setting SGXSDK_VERSION is causing a later error attempting to build openssl.

if [[ $# -gt 0 ]] && [[ $1 == "linux-sgx" || $2 == "linux-sgx" ]] ; then
LINUX_BUILD_FLAG=LINUX_SGX_BUILD=1
SGXSDK_VERSION=/bin/grep -m 1 "STRFILEVER" ../../common/inc/internal/se_version.h | /bin/grep -o -E "[1-9]\.[0-9]"
SGX_SDK_LIBS_PATH=../../build/linux
else
LINUX_BUILD_FLAG=LINUX_SGX_BUILD=0
SGX_SDK=/opt/intel/sgxsdk
SGXSDK_VERSION=/bin/grep -m 1 "Version:" $SGX_SDK/pkgconfig/libsgx_urts.pc | /bin/grep -o -E "[1-9]\.[0-9]"
if [ -f $SGX_SDK/environment ]; then
source $SGX_SDK/environment || clean_and_ret 1
else
echo "In order to run this script, Intel® Software Guard Extensions SDK 1.7 must be installed on this machine, and SGX_SDK (in this script) must be set to the installation location"
clean_and_ret 1
fi
fi

==============================================================
Test:

/bin/grep -m 1 "Version:" $SGX_SDK/pkgconfig/libsgx_urts.pc | /bin/grep -o -E "[1-9].[0-9]"
2.1
1.4

make SGX_MODE=SIM sgxssl_no_mitigation gives

gcc -I. -Icrypto/include -Iinclude -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -include/d/sgxwallet/intel-sgx-ssl/Linux/../openssl_source/bypass_to_sgxssl.h -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR=""/d/sgxwallet/intel-sgx-ssl/Linux/../openssl_source/OpenSSL_install_dir_tmp/ssl"" -DENGINESDIR=""/d/sgxwallet/intel-sgx-ssl/Linux/../openssl_source/OpenSSL_install_dir_tmp/lib/engines-1.1"" -DNDEBUG -D_FORTIFY_SOURCE=2 -DGETPID_IS_MEANINGLESS -MMD -MF crypto/rand/rand_lib.d.tmp -MT crypto/rand/rand_lib.o -c -o crypto/rand/rand_lib.o crypto/rand/rand_lib.c
crypto/rand/rand_lib.c:14:10: fatal error: crypto/rand.h: No such file or directory
#include "crypto/rand.h"
^~~~~~~~~~~~~~~

I am getting build error.
I have already installed perl, NASM, 7zip and add it to environment path.And put the openssl-1.1.1.tar.gz in openssl_source.
Please tell me why the error like below occurs.

get-content :Cannot find path 'C: \ Users \ UuLabo04 \ Downloads \ intel-sgx-ssl-master \ intel-sgx-ssl-master \ openssl_source \ openssl-1.1.1 'Configure' because it does not exist.
At line: 1 char: 2

• (get-content openssl-1.1.1 \ Configure) -replace ('BSAES_ASM', '') | out ...

  • CategoryInfo : ObjectNotFound: (C: \ Users \ UuLabo ... 1.1.1 \ Configure: String) [Get-content], ItemNotFoundException
  • FullyQualifiedErrorId: PathNotFound, Microsoft.PowerShell.Commands.GetContentCommand

out-file:Could not find a part of the path 'C: \ Users \ UuLabo04 \ Downloads \ intel-sgx-ssl-master \ intel-sgx-ssl-master \ openssl_source \ openssl-1.1.1 \ Configure'.
At line: 1 char: 67

• ... nfigure) -replace ('BSAES_ASM', '') | out-file openssl-1.1.1 \ Configure

  • CategoryInfo: OpenError: (:) [Out-File], DirectoryNotFoundException
  • FullyQualifiedErrorId: FileOpenFailure, Microsoft.PowerShell.Commands.OutFileCommand

In the Linux/sgx/test_app/enclave/TestEnclave.cpp line 194 : i2d_PublicKey call followed by malloc then another i2d_PublicKey. The openssl document says Using a temporary variable is mandatory, ie no need for a malloc otherwise it might contain garbage.

Hi,

I am trying to upgrade the SGXSDK from 2.7.1 to 2.9.1 and the SGXSSL from lin_2.5_1.1.1d to lin_2.9.1_1.1.1d. I installed the new SGXSSL library successfully.

However, when I compiled my program with the upgraded versions. I got the following errors.

g++ -DHAVE_CONFIG_H -I. -I..  -I/opt/intel/sgxsdk/include -I/opt/intel/sgxsdk/include/tlibc -I.. -I/opt/intel/sgxssl/include  -nostdinc++ -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector -g -O2 -MT enclave_util.o -MD -MP -MF .deps/enclave_util.Tpo -c -o enclave_util.o enclave_util.cpp
mv -f .deps/enclave_util.Tpo .deps/enclave_util.Po
g++ -nostdinc++ -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector -g -O2 -nostdlib -nodefaultlibs -nostartfiles -L/opt/intel/sgxsdk/lib64 -Wl,--whole-archive -lsgx_tsgxssl -Wl,--no-whole-archive  -o Enclave.so Enclave_t.o Enclave.o enclave_util.o   -Wl,--no-undefined -Wl,--whole-archive -lsgx_trts -Wl,--no-whole-archive -Wl,--start-group -lsgx_tkey_exchange -lsgx_tcxx -lsgx_tsgxssl_crypto -lsgx_tcrypto -lsgx_tstdc -lsgx_tcrypto -lsgx_tservice -Wl,--end-group -Wl,-Bstatic -Wl,-Bsymbolic -Wl,-pie,-eenclave_entry -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 
/usr/local/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/7/../../../../lib/libsgx_tsgxssl.a(tpthread.o): in function `sgxssl_pthread_rwlock_init':
tpthread.cpp:(.text.sgxssl_pthread_rwlock_init+0xf9): undefined reference to `operator new(unsigned long, void*)'
/usr/local/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/7/../../../../lib/libsgx_tsgxssl.a(tpthread.o): in function `sgxssl_pthread_setspecific':
tpthread.cpp:(.text.sgxssl_pthread_setspecific+0x118): undefined reference to `operator new(unsigned long, void*)'
/usr/local/bin/ld: tpthread.cpp:(.text.sgxssl_pthread_setspecific+0x1eb): undefined reference to `operator new(unsigned long, void*)'
/usr/local/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/7/../../../../lib/libsgx_tsgxssl.a(tpthread.o): in function `sgxssl_pthread_key_create':
tpthread.cpp:(.text.sgxssl_pthread_key_create+0xc5): undefined reference to `operator new(unsigned long, void*)'
/usr/local/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/7/../../../../lib/libsgx_tsgxssl.a(tmem_mgmt.o): in function `sgxssl_mmap':
tmem_mgmt.cpp:(.text.sgxssl_mmap+0x13a): undefined reference to `operator new(unsigned long, void*)'
collect2: error: ld returned 1 exit status
Makefile:422: recipe for target 'Enclave.so' failed
make[2]: *** [Enclave.so] Error 1

Do I need extra steps to upgrade the sgxssl library? Any suggestions would be highly appreciated.

Thanks and best regards,
Yuncheng

Building on RHEL 8 with openssl-1.1.1c.tar.gz fails, due to prototype mismatch for rand_pool_new() provided in the recently updated openssl_source/rand_lib.c vs. OpenSSL's original crypto/include/internal/rand_int.h.
With openssl-1.1.1d.tar.gz the build succeeds. (It appears the function gained a 4th argument in 1.1.1d.)

Is there an implicit requirement to always use the latest OpenSSL release? If yes, I suggest to add some information about this in the README, e.g. the minimum supported version.
If it is still supported to build with 1.1.1a, b or c then instructions on how to do so would be helpful.

Hello all,

I am working on AES GCM 256bit encryption and decryption in intel SGX with SGXSSL support.

In that im able to encrypt and decrypt the message successfully but though message decrypted correctly , tag verification returns (EVP_CipherFinal_ex) 0.

i even tried the same with openssl in that for same key,iv,add im getting 1 for tag verification.

SGX enclave code:

`#include "sgx_tcrypto.h"
#include "sgx_tae_service.h"
#include "tSgxSSL_api.h"
#include "enclave_t.h"

void testGCM() {

unsigned char key[32] = {
0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
};

unsigned char iv[12] = {
0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66
};

unsigned char aad[12] = {
0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66
};

unsigned char plain_text[32] = { 0x4e, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f};

unsigned char encrypted_text[48];
unsigned char decrypted_text[48];
unsigned char tag[16];
int tag_v;

OcallPrintArray("key",key,32);

OcallPrintArray("pText",plain_text,32);
OcallPrintArray("aad",aad,12);

AesGcm256bEncrypt( key,
// (size_t)32,
iv,
// (size_t)12,
plain_text,
(size_t)32,
encrypted_text,
// (size_t)48,
tag
);

OcallPrintArray("EncryptedText",encrypted_text,48);
OcallPrintArray("tag",tag,16);

AesGcm256bDecrypt( key,
// 32,
iv,
// 12,
encrypted_text,
48,
decrypted_text,
// 48,
tag,
&tag_v
);

OcallPrintArray("decryptedText",decrypted_text,32);
OcallPrintKeyValue("verification ",tag_v);
}

unsigned char gcm_aad[12] = {
0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66
};

int AesGcm256bEncrypt(unsigned char* key, //fixed len
// size_t len_key,
unsigned char* iv, //fixed len
// size_t len_iv,
unsigned char* plain_text,
size_t len_plain_text,
unsigned char* encrypted_text,
// size_t* len_encrypted_text,
unsigned char* tag //fixed len
) {

EVP_CIPHER_CTX * ctx = EVP_CIPHER_CTX_new();
int len;
int ret;
int len_encrypted_text;

EVP_CipherInit_ex(ctx,  EVP_aes_256_gcm(), NULL, key,iv,1);
EVP_CipherUpdate(ctx, NULL, &len, gcm_aad, sizeof(gcm_aad));
EVP_CipherUpdate(ctx, encrypted_text, &len, plain_text, len_plain_text);
len_encrypted_text = len;
EVP_CipherFinal_ex(ctx, tag, &len);
len_encrypted_text += len;
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
EVP_CIPHER_CTX_cleanup(ctx);

}

int AesGcm256bDecrypt(unsigned char* key,
// size_t len_key,
unsigned char* iv,
// size_t len_iv,
unsigned char* encrypted_text,
size_t len_encrypted_text,
unsigned char* plain_text,
// size_t len_plain_text,
unsigned char* tag,
int* tag_verification
) {
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
int len, ret;
EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, key,iv,0);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);
EVP_CipherInit_ex(ctx, NULL, NULL, key,iv,0);
EVP_CipherUpdate(ctx, NULL, &len, gcm_aad, sizeof(gcm_aad));
EVP_CipherUpdate(ctx, plain_text, &len, encrypted_text, len_encrypted_text);
*tag_verification = EVP_CipherFinal_ex(ctx, plain_text, &len);
EVP_CIPHER_CTX_cleanup(ctx);
}`
output from sgx :

`array Name : key
size of array 32
0xee 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66 0x5f 0x8a 0xe6 0xd1 0x65 0x8b 0xb2 0x6d 0xe6 0xf8 0xa0 0x69 0xa3 0x52 0x2 0x93 0xa5 0x72 0x7 0x8f

array Name : pText
size of array 32
0x4e 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66 0x5f 0x8a 0xe6 0xd1 0x65 0x8b 0xb2 0x6d 0xe6 0xf8 0xa0 0x69 0xa3 0x52 0x2 0x93 0xa5 0x72 0x7 0x8f

array Name : aad
size of array 12
0xee 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66

array Name : EncryptedText
size of array 48
0x8d 0xec 0x44 0xe5 0x7f 0x83 0xe6 0xf1 0x71 0x9b 0x4c 0xe7 0xb 0xc5 0xe2 0xc2 0xd9 0xbd 0xae 0xa1 0xcb 0xb9 0x34 0x7b 0x8e 0x1 0x6a 0xf6 0x16 0xa9 0x94 0xf1 0x40 0x85 0x9f 0x50 0x2f 0x7f (nil) (nil) 0x91 0x38 0x1d 0x50 0x2f 0x7f (nil) (nil)

array Name : tag
size of array 16
0xf8 0x74 0xb9 0x5d 0x38 0xda 0x9a 0xe7 0x5b 0xb5 0x5e 0xa1 0xc9 0xf0 0xb3 0x69

array Name : decryptedText
size of array 32
0x4e 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66 0x5f 0x8a 0xe6 0xd1 0x65 0x8b 0xb2 0x6d 0xe6 0xf8 0xa0 0x69 0xa3 0x52 0x2 0x93 0xa5 0x72 0x7 0x8f

verification :: 0`

Openssl version :

`#include <openssl/aes.h>
#include <stdio.h>
#include <openssl/evp.h>

void parr(char* name,unsigned char* arr,int len){
printf("array Name %s\n",name );
printf("size of array %d\n",len);

for(int i =0 ; i < len ; i++ ) {
	printf("%p ",arr[i]);
}
printf("\n");

}

void testGCM() {

unsigned char key[32] = { 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f};

unsigned char iv[12] = {
0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66
};

unsigned char gcm_aad[12] = {
0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66
};

unsigned char plain_text[32] = { 0x4e, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f};

unsigned char encrypted_text[48];
unsigned char decrypted_text[48];
unsigned char tag[16];
int tag_v;

EVP_CIPHER_CTX * ctx = EVP_CIPHER_CTX_new();
int len;
int ret;
int len_encrypted_text;
int len_plain_text = 32;

parr("plainText",plain_text,32);
parr("aad",gcm_aad,12);

EVP_CipherInit_ex(ctx,  EVP_aes_256_gcm(), NULL, key,iv,1);
EVP_CipherUpdate(ctx, NULL, &len, gcm_aad, sizeof(gcm_aad));
EVP_CipherUpdate(ctx, encrypted_text, &len, plain_text, len_plain_text);
len_encrypted_text = len;
EVP_CipherFinal_ex(ctx, tag, &len);
len_encrypted_text += len;
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);

parr("EncryptedText",encrypted_text,48);
parr("tag",tag,16);

EVP_CIPHER_CTX_cleanup(ctx);

ctx = EVP_CIPHER_CTX_new();
EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, key,iv,0);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);
EVP_CipherInit_ex(ctx, NULL, NULL, key,iv,0);
EVP_CipherUpdate(ctx, NULL, &len, gcm_aad, sizeof(gcm_aad));
EVP_CipherUpdate(ctx, decrypted_text, &len, encrypted_text, len_encrypted_text);
int tag_verification = EVP_CipherFinal_ex(ctx, decrypted_text, &len);
  parr("DecryptedText",decrypted_text,32);

printf("verification %d",tag_verification);

}

int main() {
testGCM();
}`

output ::

`array Name plainText
size of array 32
0x4e 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66 0x5f 0x8a 0xe6 0xd1 0x65 0x8b 0xb2 0x6d 0xe6 0xf8 0xa0 0x69 0xa3 0x52 0x2 0x93 0xa5 0x72 0x7 0x8f

array Name aad
size of array 12
0xee 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66

array Name EncryptedText
size of array 48
0x8d 0xec 0x44 0xe5 0x7f 0x83 0xe6 0xf1 0x71 0x9b 0x4c 0xe7 0xb 0xc5 0xe2 0xc2 0xd9 0xbd 0xae 0xa1 0xcb 0xb9 0x34 0x7b 0x8e 0x1 0x6a 0xf6 0x16 0xa9 0x94 0xf1 0x9 (nil) (nil) (nil) (nil) (nil) (nil) (nil) 0x40 (nil) (nil) (nil) (nil) (nil) (nil) (nil)

array Name tag
size of array 16
0xf8 0x74 0xb9 0x5d 0x38 0xda 0x9a 0xe7 0x5b 0xb5 0x5e 0xa1 0xc9 0xf0 0xb3 0x69

array Name DecryptedText
size of array 32
0x4e 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66 0x5f 0x8a 0xe6 0xd1 0x65 0x8b 0xb2 0x6d 0xe6 0xf8 0xa0 0x69 0xa3 0x52 0x2 0x93 0xa5 0x72 0x7 0x8f
verification 1`

In that you can note that encrypted text least significant 16 bytes different in both version.

Can anyone explain why iam getting different encrypted text ? and verifcation failure in SGXSSL version.

Please help me with this. thank you!

Hi,

When I compile my SGX app, I get a lot of undefined reference errors:

undefined reference to TLS_method' undefined reference to SSL_CTX_new'
undefined reference to SSL_CTX_callback_ctrl' undefined reference to SSL_CTX_set_default_passwd_cb'
undefined reference to SSL_CTX_set_default_passwd_cb_userdata' undefined reference to SSL_CTX_use_certificate_file'
undefined reference to SSL_CTX_use_PrivateKey_file' undefined reference to SSL_CTX_check_private_key'
undefined reference to SSL_CTX_load_verify_locations' undefined reference to SSL_CTX_set_verify'
undefined reference to `SSL_CTX_set_options'

I don't find any of these function definitions in the following SGX libraries:
libsgx_tsgxssl.a libsgx_tsgxssl_crypto.a libsgx_usgxssl.a

How can I properly use the above 12 functions from within my program?

Hi there I have encountered a problem where RSA decryption will fail if there is one byte in my cipher text that contains "0x00". I have been testing this for all night and it works fine with another program that utilises native openssl library but not the one that runs inside Enclave using intel-sgx-ssl. The version of openssl I compiled my sgx-ssl library is 1.1.1c

I am trying to compile on Ubuntu 16.04 using OpenSSL 1.1.0f and I get this error message when running the build script:

../../package/lib64/release//libsgx_tsgxssl_crypto.a(async.o): In function `async_fibre_swapcontext.constprop.2':
async.c:(.text+0x1b): undefined reference to `_setjmp'
async.c:(.text+0x51): undefined reference to `_longjmp'
collect2: error: ld returned 1 exit status
sgx_t.mk:150: recipe for target 'TestEnclave.so' failed

I ran 'make all test' and got this error

sgx@sgx-desktop:~/intel-sgx-ssl/intel-sgx-ssl/Linux$ make all test
make -C sgx/ all
make[1]: Entering directory '/home/sgx/intel-sgx-ssl/intel-sgx-ssl/Linux/sgx'
make -C /home/sgx/intel-sgx-ssl/intel-sgx-ssl/Linux/sgx/libsgx_tsgxssl/ all
make[2]: Entering directory '/home/sgx/intel-sgx-ssl/intel-sgx-ssl/Linux/sgx/libsgx_tsgxssl'
make[2]: *** No rule to make target '/bin/x64/sgx_edger8r', needed by 'sgx_tsgxssl_t.c'. Stop.
make[2]: Leaving directory '/home/sgx/intel-sgx-ssl/intel-sgx-ssl/Linux/sgx/libsgx_tsgxssl'
Makefile:47: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]: Leaving directory '/home/sgx/intel-sgx-ssl/intel-sgx-ssl/Linux/sgx'
Makefile:39: recipe for target 'all' failed
make: *** [all] Error 2

what's wrong?

The build procedure for the package builds the test app but then runs "make clean" immediately after the tests are done, even if you supply 'no-clean' as an argument to the build script. And because the Makefiles depend on shell variables, there is no easy way to do the build by hand.

Hi!

I tried to build the master branch with openssl 1.1.1a and a old version of SGX SDK.

For some reason it would need a long time for me to install the new SDK (I can not easily reboot the machine once the new SDK is installed) So it would be better for me to use an older version of the SDK.

The error I encounter is, when testing the library by (make all test) or when I use the library directly, it reports:
/home/developer/intel-sgx-ssl-master/Linux/sgx/../package/lib64///libsgx_tsgxssl_crypto.a(async.o): In function async_fibre_swapcontext.constprop.1': async.c:(.text+0x1b): undefined reference to setjmp'
async.c:(.text+0x51): undefined reference to `longjmp'
collect2: error: ld returned 1 exit status

I have followed another ticket on github to define
#define _longjmp longjmp
#define _setjmp setjmp

Could it because of the SDK I use is too obsolete? I don't know how to check the version number of my current SDK. I couldn't find my SGXSDK_INT_VERSION variable, so I just manually added those two lines of define.

So far as I know, my version of SDK does not have PCL support. But it does have pretty much the rest of the functionalities such as PSW. Given this SDK is also installed by someone else, I couldn't really figure out what is the exact version of this SDK.

Would you suggest me to get a new version of the SDK? Or maybe this error can be solved by other methods?

Thank you so much!

I'm benchmarking EC key generation and multiplikation on this setup:

• SDK & libsgx-enclave-common 2.3.101.46683
• Driver 4d69b9c
• openssl-1.1.0j
• intel-sgx-ssl@6ff522f

Im using https://github.com/eliadt/sgx_benchmarks which I modified to return the time in µs it took.
My code is the following for both OpenSSL and SGX-SSL:

EC_KEY *k;
k = EC_KEY_new_by_curve_name(NID_secp521r1);
EC_KEY_generate_key(k);
EC_KEY_free(k);

Just the O/ECALL on my system takes 4-10µs.
The above code takes (run 10000 times and averaged) ~582µs on OpenSSL and ~7949µs on SGX-SSL per execution (~14 times slower, depends on how my PC feels right now).
Why is that? My other banchmarks of SHA and AES show the difference to be exactly 4-10µs for the O/ECALL.

Hi,

The documentation only states AES GCM 128 and 256 modes, however the package/evp.h doesn't have any restrictions in the symmetric encryption modes, CBC, ECB, etc. Can symmetric tests be added in the TestApp code?

Also, I have seen a lot of API's supported in the test code, but, it was not added in the documentation, e.g. EC_GROUP_xxxx, EC_POINT_xxxx. So I guess the issue is the completeness of the documentation and the lack of symmetric encryption test.

Kind Regards,
Rodel

Hi all, I try to call openssl EVP_* functions within enclave. It turns out a lot of "undefined reference to '.....'". Has any body make this out? Or does intel-sgx-ssl support such a scheme?

Hi
I have used intel-sgx-ssl in my app. It works correctly when I run it. But when I want to debug my enclave and put breakpoint in a function, it gives me a segmentation fault. I tried to figure out the reason and I noticed that when I separate sgx-ssl lib from my code, debugging works again.
I have used DEBUG=1 option in the compilation and it does not fix the issue. Could you please help me?

Hi,

Does it support the SSL related function？Such as SSL_new, SSL_read, SSL_write, etc.

When I use these functions, it tells me Undefined reference .

as: unrecognized option '-mlfence-after-load=yes'
Makefile:667: recipe for target 'crypto/aes/aes_cbc.o' failed
make[2]: *** [crypto/aes/aes_cbc.o] Error 1
make[2]: 离开目录“/opt/intel/sgxssl/openssl_source/openssl-1.1.1g”
Makefile:64: recipe for target '/opt/intel/sgxssl/Linux/sgx/../package/lib64//libsgx_tsgxssl_crypto.a' failed
make[1]: *** [/opt/intel/sgxssl/Linux/sgx/../package/lib64//libsgx_tsgxssl_crypto.a] Error 1
make[1]: 离开目录“/opt/intel/sgxssl/Linux/sgx”
Makefile:41: recipe for target 'sgxssl' failed
make: *** [sgxssl] Error 2

Does intel-sgx-ssl support terminating a TLS connection inside an enclave directly/indirectly? If so, does any sample code exist that demonstrates how to do this?

When building the libraries:

 
$ make all test SGX_MODE=HW 

Everything works fine.
However, running

 make all test SGX_MODE=HW -j 16

Results in build errors, such as:

tctype.cpp:32:10: fatal error: sgx_tsgxssl_t.h: No such file or directory
 #include "sgx_tsgxssl_t.h"
          ^~~~~~~~~~~~~~~~~
compilation terminated.

It seems to be 100% reproducible.

I have been porting some c++ code to SGX. The ported codebase is huge, so I am refraining from putting the code here.
The issue is that I get a SEGFAULT at a later point in my code (say at time t) if I have ever used BIGNUM* bne = BN_new(); in my code at time t-, even though I never use this variable bne in my code later.
Using SGX-GDB points to the source of segfault at some other line, but removing bne declaration and initialization from my code makes everything run fine. I feel, the source of the memory corruption has something to do with BIGNUM only.

TL;DR: Just commenting out BIGNUM* bne = BN_new(); makes the code run fine, even though bne is never used in the future.
I did not link libsgx_tsetjmp in my Makefile. Could this be the culprit?
Any help is appreciated.
Thanks.

As the title says, anytime I try to run make test SGX_MODE=SIM, the test application crashes with an illegal instruction error.
I built sgx-ssl with SDK 2.11 and openssl 1.1.1g in simulation mode on Linux. I also tried downgrading to SDK 2.10 but had the same problem. I get the same error when trying to run other applications that use sgx-ssl as well.

Any advice would be appreciated.

Thanks

Hey! Using the OpenSSL LTS 1.0.2l release doesn't work, the problem being with the make build_generated libcrypto.a command (target not found). However, the 1.0.2f seems to be working fine.

Hi, is there a comprehensive evaluation about sgxssl's performance?
Or, a comparsion between original openssl and sgxssl?
Recently, I used the sgxssl to implement RSA-related compuation, but excuting RSA-related tasks inside enclave performances negative (-20%),
What is the root cause own to this?
is there any optimate method?

Thanks.

Hi
I encountered "illegal instruction" error when I use sgx switchless mode with intel-sgx-ssl
My link flags are
Enclave_Link_Flags := -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) -L${SECP256K1_LIB_PATH} -L${SGX_SSL}/lib64 \ -Wl,--whole-archive -lsgx_tswitchless -lsecp256k1 -l$(Trts_Library_Name) -lsgx_tsgxssl -lsgx_tsgxssl_crypto -Wl,--no-whole-archive \ -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -lsgx_tcrypto -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \ -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \ -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \ -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections \ -Wl,--version-script=enclave/enclave.lds
and there are two illegal instruction signals before the program exit in sgx-gdb as shown below
`
Program received signal SIGILL, Illegal instruction.
abort () at trts_pic.S:562
562 ud2
Missing separate debuginfos, use: debuginfo-install glibc-2.17-157.el7_3.5.x86_64 libgcc-4.8.5-36.el7_6.2.x86_64 libstdc++-4.8.5-36.el7_6.2.x86_64 protobuf-2.5.0-8.el7.x86_64 zlib-1.2.7-18.el7.x86_64
(gdb) bt
#0 abort () at trts_pic.S:562
#1 0x00007fffe804bb9c in init_exception_handler ()
#2 0x00007fffe802f225 in const_init_exception_handler ()
#3 0x00007fffe8049819 in do_ctors_aux () at global_init.c:157
#4 0x00007fffe80498c9 in init_global_object () at global_init.c:186
#5 0x00007fffe804725b in trts_ecall (ordinal=4294967290, ms=0x604550) at trts_ecall.cpp:272
#6 0x00007fffe8047aef in _random_stack_noinline_wrapper<_status_t, unsigned int, void*, int&, void*&> (f=0x7fffe80471a6 <trts_ecall(uint32_t, void*)>)
at /root/tee_special/linux-sgx/common/inc/sgx_random_buffers.h:76
#7 0x00007fffe8047a90 in random_stack_advance<2048u, _status_t<unsigned int, void*>, int&, void*&> (f=0x7fffe80471a6 <trts_ecall(uint32_t, void*)>)
at /root/tee_special/linux-sgx/common/inc/sgx_random_buffers.h:95
#8 0x00007fffe804765b in do_ecall (index=-6, ms=0x604550, tcs=0x7fffebe5c000) at trts_ecall.cpp:375
#9 0x00007fffe81abdc6 in enter_enclave (index=-6, ms=0x604550, tcs=0x7fffebe5c000, cssa=0) at trts_nsp.cpp:96
#10 0x00007fffe81abf95 in enclave_entry () at trts_pic.S:164
#11 0x00007ffff7ba3de0 in __morestack () at enter_enclave.S:77
#12 0x00007ffff7bb4976 in do_ecall (fn=-6, ocall_table=0x0, ms=0x604550, trust_thread=0x604f10) at sig_handler.cpp:240
#13 0x00007ffff7bab958 in CEnclave::ecall (this=0x604c10, proc=-6, ocall_table=0x0, ms=0x604550, is_switchless=false) at /root/tee_special/linux-sgx/psw/urts/enclave.cpp:328
#14 0x00007ffff7bab040 in CEnclave::init_uswitchless (this=0x604c10, config=0x7fffffffe200) at /root/tee_special/linux-sgx/psw/urts/enclave.cpp:95
#15 0x00007ffff7bb1c23 in __create_enclave (parser=..., base_addr=0x7ffff5ecf000 "\177ELF\002\001\001", metadata=0x7ffff6118e55, file=..., debug=true, lc=0x607070, prd_css_file=0x0,
enclave_id=0x602210 <global_eid>, misc_attr=0x0, ex_features=2, ex_features_p=0x7fffffffe240) at /root/tee_special/linux-sgx/psw/urts/urts_com.h:473
#16 0x00007ffff7bb21dd in _create_enclave_from_buffer_ex (debug=true, base_addr=0x7ffff5ecf000 "\177ELF\002\001\001", file_size=3397720, file=..., prd_css_file=0x0,
enclave_id=0x602210 <global_eid>, misc_attr=0x0, ex_features=2, ex_features_p=0x7fffffffe240) at /root/tee_special/linux-sgx/psw/urts/urts_com.h:596
#17 0x00007ffff7bb2358 in _create_enclave_ex (debug=true, pfile=7, file=..., prd_css_file=0x0, launch=0x0, launch_updated=0x0, enclave_id=0x602210 <global_eid>, misc_attr=0x0,
ex_features=2, ex_features_p=0x7fffffffe240) at /root/tee_special/linux-sgx/psw/urts/urts_com.h:637
#18 0x00007ffff7bb269e in __sgx_create_enclave_ex (file_name=0x40155f "enclave.signed.so", debug=1, launch_token=0x0, launch_token_updated=0x0, enclave_id=0x602210 <global_eid>,
misc_attr=0x0, ex_features=2, ex_features_p=0x7fffffffe240) at urts.cpp:99
#19 0x00007ffff7bb27e2 in sgx_create_enclave_ex (file_name=0x40155f "enclave.signed.so", debug=1, launch_token=0x0, launch_token_updated=0x0, enclave_id=0x602210 <global_eid>,
misc_attr=0x0, ex_features=2, ex_features_p=0x7fffffffe240) at urts.cpp:134
#20 0x0000000000400f5a in initialize_enclave () at app/app.cpp:136
#21 0x0000000000400fbc in main (argc=1, argv=0x7fffffffe488) at app/app.cpp:167
(gdb)

(gdb) c
Continuing.
[sig_handler sig_handler.cpp:93] signal handler is triggered
[sig_handler sig_handler.cpp:111] exception on ERESUME
[sig_handler sig_handler.cpp:149] NOT enclave signal

Program received signal SIGILL, Illegal instruction.
0x00007ffff799023b in raise () from /lib64/libpthread.so.0
(gdb) bt
#0 0x00007ffff799023b in raise () from /lib64/libpthread.so.0
#1 0x00007ffff7bb451c in sig_handler (signum=4, siginfo=0x7fffffffaf70, priv=0x7fffffffae40) at sig_handler.cpp:155
#2
#3 0x00007ffff7ba3e43 in __morestack () at enter_enclave.S:133
#4 0x00007ffff7bb4976 in do_ecall (fn=-6, ocall_table=0x0, ms=0x604550, trust_thread=0x604f10) at sig_handler.cpp:240
#5 0x00007ffff7bab958 in CEnclave::ecall (this=0x604c10, proc=-6, ocall_table=0x0, ms=0x604550, is_switchless=false) at /root/tee_special/linux-sgx/psw/urts/enclave.cpp:328
#6 0x00007ffff7bab040 in CEnclave::init_uswitchless (this=0x604c10, config=0x7fffffffe200) at /root/tee_special/linux-sgx/psw/urts/enclave.cpp:95
#7 0x00007ffff7bb1c23 in __create_enclave (parser=..., base_addr=0x7ffff5ecf000 "\177ELF\002\001\001", metadata=0x7ffff6118e55, file=..., debug=true, lc=0x607070, prd_css_file=0x0,
enclave_id=0x602210 <global_eid>, misc_attr=0x0, ex_features=2, ex_features_p=0x7fffffffe240) at /root/tee_special/linux-sgx/psw/urts/urts_com.h:473
#8 0x00007ffff7bb21dd in _create_enclave_from_buffer_ex (debug=true, base_addr=0x7ffff5ecf000 "\177ELF\002\001\001", file_size=3397720, file=..., prd_css_file=0x0,
enclave_id=0x602210 <global_eid>, misc_attr=0x0, ex_features=2, ex_features_p=0x7fffffffe240) at /root/tee_special/linux-sgx/psw/urts/urts_com.h:596
#9 0x00007ffff7bb2358 in _create_enclave_ex (debug=true, pfile=7, file=..., prd_css_file=0x0, launch=0x0, launch_updated=0x0, enclave_id=0x602210 <global_eid>, misc_attr=0x0,
ex_features=2, ex_features_p=0x7fffffffe240) at /root/tee_special/linux-sgx/psw/urts/urts_com.h:637
#10 0x00007ffff7bb269e in __sgx_create_enclave_ex (file_name=0x40155f "enclave.signed.so", debug=1, launch_token=0x0, launch_token_updated=0x0, enclave_id=0x602210 <global_eid>,
misc_attr=0x0, ex_features=2, ex_features_p=0x7fffffffe240) at urts.cpp:99
#11 0x00007ffff7bb27e2 in sgx_create_enclave_ex (file_name=0x40155f "enclave.signed.so", debug=1, launch_token=0x0, launch_token_updated=0x0, enclave_id=0x602210 <global_eid>,
misc_attr=0x0, ex_features=2, ex_features_p=0x7fffffffe240) at urts.cpp:134
#12 0x0000000000400f5a in initialize_enclave () at app/app.cpp:136
#13 0x0000000000400fbc in main (argc=1, argv=0x7fffffffe488) at app/app.cpp:167
`

Is there anything wrong? Does intel-sgx-ssl support sgx swichless mode?

Thanks

Hello,
I'm trying to use the library from within an enclave in the SampleCode/SampleEnclave directory of the sgxsdk after installing sgxssl..
so I tried simply including <openssl/bn.h> but it doesn't find the file; as a result, I added sgxssl include and library paths in the Makefile of the application enclave, but then I get the error reported below, I still have no clue how to use intel-sgx-ssl suit. Please help me with some hints if any and thank you in advance.

In file included from /usr/include/x86_64-linux-gnu/c++/6/bits/gthr.h:148:0,
from /usr/include/c++/6/ext/atomicity.h:35,
from /usr/include/c++/6/bits/basic_string.h:39,
from /usr/include/c++/6/string:52,
from /usr/include/c++/6/stdexcept:39,
from /usr/include/c++/6/array:39,
from /usr/include/c++/6/tuple:39,
from /usr/include/c++/6/functional:55,
from /usr/include/c++/6/thread:39,
from App/TrustedLibrary/Thread.cpp:33:
/usr/include/x86_64-linux-gnu/c++/6/bits/gthr-default.h:50:9: error: ‘pthread_mutex_t’ does not name a type
typedef pthread_mutex_t __gthread_mutex_t;
^~~~~~~~~~~~~~~
/usr/include/x86_64-linux-gnu/c++/6/bits/gthr-default.h:51:9: error: ‘pthread_mutex_t’ does not name a type
typedef pthread_mutex_t __gthread_recursive_mutex_t;
^~~~~~~~~~~~~~~
/usr/include/x86_64-linux-gnu/c++/6/bits/gthr-default.h:52:9: error: ‘pthread_cond_t’ does not name a type
typedef pthread_cond_t __gthread_cond_t;
^~~~~~~~~~~~~~
/usr/include/x86_64-linux-gnu/c++/6/bits/gthr-default.h:101:1: error: ‘pthread_once’ was not declared in this scope
__gthrw(pthread_once)
^
/usr/include/x86_64-linux-gnu/c++/6/bits/gthr-default.h:102:1: error: ‘pthread_getspecific’ was not declared in this scope
.
.
.

There should be a SGX_MODE passthrough from the build script to each of the makefiles which build TestApp - that way, it will be possible to build and run tests on a simulator on a CI/CD machine.

Dear,

I'm trying to use openSSL library in Intel sgx enclave, however, there is a problem for cpuid related function and sgx-ssl's custom exception handler.
Currently using Intel SGX SDK and driver ver 1.8, openssl 1.1.0g, and sgx-ssl master branch on a KVM-SGX and QEMU-SGX based virtual machine. The test app works perfectly in simulation mode, but stuck in hardware mode.

Without sgx-gdb, the app runs forever with cpu usage 100% (one core).
With sgx-gdb I got SIGTRAP, not SIGILL as illustrated in the issue #5 .

Program received signal SIGTRAP, Trace/breakpoint trap.
0x00007ffff208e278 in OPENSSL_ia32_cpuid ()
(gdb) bt
#0  0x00007ffff208e278 in OPENSSL_ia32_cpuid ()
#1  0x00007ffff206801f in OPENSSL_cpuid_setup () at crypto/cryptlib.c:80
#2  0x00007ffff21845c2 in init_global_object ()
#3  0x00007ffff2183797 in do_ecall ()
#4  0x00007ffff21834c9 in enter_enclave ()
#5  0x00007ffff21846bd in enclave_entry ()
#6  0x00007ffff7bc06a7 in __morestack () from /usr/lib/libsgx_urts.so
#7  0x00007ffff7bc5b7f in do_ecall(int, void const*, void const*, CTrustThread*) ()
   from /usr/lib/libsgx_urts.so
#8  0x00007ffff7bc2da9 in CEnclave::ecall(int, void const*, void*) () from /usr/lib/libsgx_urts.so
#9  0x00007ffff7bc3fb5 in sgx_ecall () from /usr/lib/libsgx_urts.so
#10 0x00005555555555b2 in t_sgxssl_call_apis (eid=2) at app/TestEnclave_u.c:143
#11 0x0000555555555c09 in main (argc=1, argv=0x7fffffffe108) at app/TestApp.cpp:284
(gdb) 

As an experiment, I added abort() in exception handler but not reached.
Could you help me what would be a problem?
Thanks in advance!

OpenSSL has never reliably built with make -j. Support for parallel builds breaks on some platforms and not on others, and seems to break periodically all around. I was unable to compile 1.1.0e or 1.1.0f on Ubuntu 16.04 using a stock installation with the build script due to numerous errors. Removing the -j option fixes this.

Suggest you remove the -j option from make in your build script.

error like the following picture:

I am writing an application that needs to use APIs from OpenSSL like SSL_write/SSL_read.
However, this doesn't work with the default build (compiler returns error: undefined reference to SSl_write/SSL_read). Is openssl/ssl binary not included in the building process?

Hi,
Is there any documentation or tips for migrating OpenSSL?Because I'm trying to migrate GmSSL(a branch of OpenSSL) to SGX,I think it would helps.

Thanks,
Yu