Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Sam5
New Contributor I
309 Views

OpenSSL with Intel SGX Enclave

Jump to solution

Hi,

I am currently developing a Intel SGX Application. And I need to use OpenSSL library in the enclave. However, when I build the enclave, tons of errors appear. They looks like this:

Error   17  error C2061: syntax error : identifier 'FILE'   C:\OpenSSL-Win32\include\openssl\asn1.h 994 1   Enclave

Any help is appreciated.

-Thanks

0 Kudos
1 Solution
309 Views

Hi Sam,

Are you using the Intel trusted OpenSSL library? There is a sample code "X509 project" that shows how to use the trusted OpenSSL (topenssl) inside enclaves. If you want to use another version of OpenSSL you should build it with Intel trusted standard C/C++ libraries and create an "enclave library" then link it to the enclave. You can not link the enclave with some random libraries you only can link it with trusted static libraries.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

11 Replies
309 Views

Hi Sam,

You should probably either, Configure OpenSSL with no-stdio if you are not using it; or include <stdio.h> on Windows for FILE (or <unistd.h> on Linux)

Thanks and Reagrds,
Surenthar Selvaraj

Sam5
New Contributor I
309 Views

Hi,

I am not sure if I configure the enclave correctly.

VC++ Directories   -->   Include Directories "C://OpenSSL-Win32/include" 
                                      Library Directories "C://OpenSSL-Win32/lib"
C/C++                    -->   Additional Include Directories "(some SGX default); C://OpenSSL-Win32/include"
Linker                     -->  General  -->  Additional Library Directories "C://OpenSSL-Win32/lib"
                                      Input --> Additional Dependencies: "libeay32.lib; ssleay32.lib"

Any help is appreciated.

-Thanks

310 Views

Hi Sam,

Are you using the Intel trusted OpenSSL library? There is a sample code "X509 project" that shows how to use the trusted OpenSSL (topenssl) inside enclaves. If you want to use another version of OpenSSL you should build it with Intel trusted standard C/C++ libraries and create an "enclave library" then link it to the enclave. You can not link the enclave with some random libraries you only can link it with trusted static libraries.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

kalsheraut
Beginner
309 Views

wolfSSL is currently developing the wolfCrypt operations (SHA-256, AES-GCM and RSA Encrypt/Decrypt)
to work with SGX Enclave on an internal test bed. It is expected to be ready for the public in the near future!

The reason wolfSSL thought it relevant to reply to your question is:

wolfSSL footprints typically average between 80K and 120K. Footprints vary depending on 
functionality and speed optimizations. wolfSSL expects to see similar footprints here. This is
preferential to OpenSSL footprint sizes.

Sam5
New Contributor I
309 Views

Yes, i am using the Intel trusted OpenSSL Lib.

shen_y_
Beginner
309 Views

I did not find the "X509 Project " in the SDK for Linux. Where is the topenssl library in SDK for Linux?

Juan_d_Intel
Employee
309 Views

Have a look at IntelSGXSDK\src\X509Verifier

Svart_K_
Beginner
309 Views

Hi,

 I know this thread is older, but is there a OpenSSL version for the Linux SDK already?

I just saw the release for WIndows here: https://software.intel.com/en-us/sgx-sdk/download

Juan_d_Intel
Employee
309 Views

No, there is no OpenSSL for the Linux SDK.

309 Views

Juan D. (Intel) wrote:

No, there is no OpenSSL for the Linux SDK.

 What is the similar solution to openssl for sdk linux? 

309 Views

Thanks for your Query. We will update you soon.

-Surenthar

Reply