Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
New Contributor I
130 Views

OpenSSL with Intel SGX Enclave

Jump to solution

Hi,

I am currently developing a Intel SGX Application. And I need to use OpenSSL library in the enclave. However, when I build the enclave, tons of errors appear. They looks like this:

Error   17  error C2061: syntax error : identifier 'FILE'   C:\OpenSSL-Win32\include\openssl\asn1.h 994 1   Enclave

Any help is appreciated.

-Thanks

0 Kudos

Accepted Solutions
Highlighted
130 Views

Hi Sam,

Are you using the Intel trusted OpenSSL library? There is a sample code "X509 project" that shows how to use the trusted OpenSSL (topenssl) inside enclaves. If you want to use another version of OpenSSL you should build it with Intel trusted standard C/C++ libraries and create an "enclave library" then link it to the enclave. You can not link the enclave with some random libraries you only can link it with trusted static libraries.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

0 Kudos
11 Replies
Highlighted
130 Views

Hi Sam,

You should probably either, Configure OpenSSL with no-stdio if you are not using it; or include <stdio.h> on Windows for FILE (or <unistd.h> on Linux)

Thanks and Reagrds,
Surenthar Selvaraj

0 Kudos
Highlighted
New Contributor I
130 Views

Hi,

I am not sure if I configure the enclave correctly.

VC++ Directories   -->   Include Directories "C://OpenSSL-Win32/include" 
                                      Library Directories "C://OpenSSL-Win32/lib"
C/C++                    -->   Additional Include Directories "(some SGX default); C://OpenSSL-Win32/include"
Linker                     -->  General  -->  Additional Library Directories "C://OpenSSL-Win32/lib"
                                      Input --> Additional Dependencies: "libeay32.lib; ssleay32.lib"

Any help is appreciated.

-Thanks

0 Kudos
Highlighted
131 Views

Hi Sam,

Are you using the Intel trusted OpenSSL library? There is a sample code "X509 project" that shows how to use the trusted OpenSSL (topenssl) inside enclaves. If you want to use another version of OpenSSL you should build it with Intel trusted standard C/C++ libraries and create an "enclave library" then link it to the enclave. You can not link the enclave with some random libraries you only can link it with trusted static libraries.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

0 Kudos
Highlighted
Beginner
130 Views

wolfSSL is currently developing the wolfCrypt operations (SHA-256, AES-GCM and RSA Encrypt/Decrypt)
to work with SGX Enclave on an internal test bed. It is expected to be ready for the public in the near future!

The reason wolfSSL thought it relevant to reply to your question is:

wolfSSL footprints typically average between 80K and 120K. Footprints vary depending on 
functionality and speed optimizations. wolfSSL expects to see similar footprints here. This is
preferential to OpenSSL footprint sizes.

0 Kudos
Highlighted
New Contributor I
130 Views

Yes, i am using the Intel trusted OpenSSL Lib.

0 Kudos
Highlighted
Beginner
130 Views

I did not find the "X509 Project " in the SDK for Linux. Where is the topenssl library in SDK for Linux?

0 Kudos
Highlighted
Employee
130 Views

Have a look at IntelSGXSDK\src\X509Verifier

0 Kudos
Highlighted
Beginner
130 Views

Hi,

 I know this thread is older, but is there a OpenSSL version for the Linux SDK already?

I just saw the release for WIndows here: https://software.intel.com/en-us/sgx-sdk/download

0 Kudos
Highlighted
Employee
130 Views

No, there is no OpenSSL for the Linux SDK.

0 Kudos
Highlighted
130 Views

Juan D. (Intel) wrote:

No, there is no OpenSSL for the Linux SDK.

 What is the similar solution to openssl for sdk linux? 

0 Kudos
Highlighted
130 Views

Thanks for your Query. We will update you soon.

-Surenthar

0 Kudos