Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

OpenSSL with Intel SGX Enclave

Sam5
New Contributor I
1,986 Views

Hi,

I am currently developing a Intel SGX Application. And I need to use OpenSSL library in the enclave. However, when I build the enclave, tons of errors appear. They looks like this:

Error   17  error C2061: syntax error : identifier 'FILE'   C:\OpenSSL-Win32\include\openssl\asn1.h 994 1   Enclave

Any help is appreciated.

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
1,986 Views

Hi Sam,

Are you using the Intel trusted OpenSSL library? There is a sample code "X509 project" that shows how to use the trusted OpenSSL (topenssl) inside enclaves. If you want to use another version of OpenSSL you should build it with Intel trusted standard C/C++ libraries and create an "enclave library" then link it to the enclave. You can not link the enclave with some random libraries you only can link it with trusted static libraries.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

0 Kudos
11 Replies
Surenthar_S_Intel
1,986 Views

Hi Sam,

You should probably either, Configure OpenSSL with no-stdio if you are not using it; or include <stdio.h> on Windows for FILE (or <unistd.h> on Linux)

Thanks and Reagrds,
Surenthar Selvaraj

0 Kudos
Sam5
New Contributor I
1,986 Views

Hi,

I am not sure if I configure the enclave correctly.

VC++ Directories   -->   Include Directories "C://OpenSSL-Win32/include" 
                                      Library Directories "C://OpenSSL-Win32/lib"
C/C++                    -->   Additional Include Directories "(some SGX default); C://OpenSSL-Win32/include"
Linker                     -->  General  -->  Additional Library Directories "C://OpenSSL-Win32/lib"
                                      Input --> Additional Dependencies: "libeay32.lib; ssleay32.lib"

Any help is appreciated.

-Thanks

0 Kudos
Surenthar_S_Intel
1,987 Views

Hi Sam,

Are you using the Intel trusted OpenSSL library? There is a sample code "X509 project" that shows how to use the trusted OpenSSL (topenssl) inside enclaves. If you want to use another version of OpenSSL you should build it with Intel trusted standard C/C++ libraries and create an "enclave library" then link it to the enclave. You can not link the enclave with some random libraries you only can link it with trusted static libraries.

Thanks and Reagrds,
Surenthar Selvaraj

0 Kudos
kalsheraut
Beginner
1,986 Views

wolfSSL is currently developing the wolfCrypt operations (SHA-256, AES-GCM and RSA Encrypt/Decrypt)
to work with SGX Enclave on an internal test bed. It is expected to be ready for the public in the near future!

The reason wolfSSL thought it relevant to reply to your question is:

wolfSSL footprints typically average between 80K and 120K. Footprints vary depending on 
functionality and speed optimizations. wolfSSL expects to see similar footprints here. This is
preferential to OpenSSL footprint sizes.

0 Kudos
Sam5
New Contributor I
1,986 Views

Yes, i am using the Intel trusted OpenSSL Lib.

0 Kudos
shen_y_
Beginner
1,986 Views

I did not find the "X509 Project " in the SDK for Linux. Where is the topenssl library in SDK for Linux?

0 Kudos
Juan_d_Intel
Employee
1,986 Views

Have a look at IntelSGXSDK\src\X509Verifier

0 Kudos
Svart_K_
Beginner
1,986 Views

Hi,

 I know this thread is older, but is there a OpenSSL version for the Linux SDK already?

I just saw the release for WIndows here: https://software.intel.com/en-us/sgx-sdk/download

0 Kudos
Juan_d_Intel
Employee
1,986 Views

No, there is no OpenSSL for the Linux SDK.

0 Kudos
Marcos_Vinicius_Mont
1,986 Views

Juan D. (Intel) wrote:

No, there is no OpenSSL for the Linux SDK.

 What is the similar solution to openssl for sdk linux? 

0 Kudos
Surenthar_S_Intel
1,986 Views

Thanks for your Query. We will update you soon.

-Surenthar

0 Kudos
Reply