In sgx Enclave,can't use function wolfSSL_X509_verify_cert? about wolfssl-examples HOT 3 CLOSED

zhq0918,

I think you are confused on what close is undefined here. That error is in reference to a function not a member of a struct or union.

NOTE this section of code:

        if (bio->close) {
            if (bio->ssl)
                wolfSSL_free(bio->ssl);
            if (bio->fd)
                CloseSocket(bio->fd); // <---- Source of Error
        }

You'll note that in wolfssl/wolfio.h CloseSocket is defined as "close":

342     #ifndef CloseSocket                                                          
343         #define CloseSocket(s) close(s)                                          
344     #endif

So the code expansion there is:

        if (bio->close) {
            if (bio->ssl)
                wolfSSL_free(bio->ssl);
            if (bio->fd)
                close(bio->fd); // <---- Source of Error
        }

I provided a solution for this already on our forums, please see https://www.wolfssl.com/forums/topic1368-in-sgx-enclavecant-use-function-wolfsslx509verifycert.html, my post on 17th May 2019 11:17:22

Regards,

K

from wolfssl-examples.

@kaleb-himes thank you for your answer, I commented out the line and the problem was solved temporarily.
Regards
zhq0918

from wolfssl-examples.

zhq0918,

Allow me to re-iterate the solution here. You need to create this function for the library. close is a system level function. Enclaves are protected execution spaces with no access to the system. Enclaves can only execute whatever functions are inside the enclave. To call out to the system you need to create an untrusted out call to access the system.

Step 1: Checkout https://github.com/wolfSSL/wolfssl-examples/blob/master/SGX_Linux/trusted/Wolfssl_Enclave.c and see how we made functions for printf, recv, send, current_time, .... etc. The enclave can't even call "printf" because it doesn't have access to the system. It doesn't know what the stdout stream is so we have to give the enclave access to those system level functions via untrusted out calls. Write a close function in https://github.com/wolfSSL/wolfssl-examples/blob/master/SGX_Linux/trusted/Wolfssl_Enclave.c and have it call ocall_close passing along the item to be closed.

Step 2: Prototype ocall_close so the enclave can call out to the untrusted execution space. Prototype this ocall in https://github.com/wolfSSL/wolfssl-examples/blob/master/SGX_Linux/trusted/Wolfssl_Enclave.edl in the untrusted { } section.

Step 3: Write the ocall_close in the untrusted application https://github.com/wolfSSL/wolfssl-examples/blob/master/SGX_Linux/untrusted/App.c. Have it call the system function "close" on the socket descriptor.

• K

from wolfssl-examples.