Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
56 Views

Third Party Library in Enclave

Jump to solution

Does enclave support using third party library in the enclave? Like the openssl library?

If so, how should I configure this? Because I configure the enclave like a normal Win32 console application but a lot of errors coming up. All the erro rs are about the openssl library.

For example

    120    IntelliSense: identifier "FILE" is undefined    c:\OpenSSL-Win32\include\openssl\ec.h    983    21    Enclave1 (Intel C++ 16.0)

But I didn't get any errors in a normal application.

 

Any help is appreciated.

 

0 Kudos

Accepted Solutions
Highlighted
56 Views

Anything that you can build and statically link can be incorporated into an enclave, however, porting a library to work in an enclave is not a trivial task. Enclaves have limited memory, restrictions on what instructions can be executed, and most importantly cannot depend on dynamically loaded libraries. Because of the latter restriction, enclave programs also depend on Intel-provided C and C++ template libraries which are linked statically at build time. I would not expect a large, complex package like OpenSSL to just build and work. Significant porting would probably be needed.

View solution in original post

0 Kudos
3 Replies
Highlighted
57 Views

Anything that you can build and statically link can be incorporated into an enclave, however, porting a library to work in an enclave is not a trivial task. Enclaves have limited memory, restrictions on what instructions can be executed, and most importantly cannot depend on dynamically loaded libraries. Because of the latter restriction, enclave programs also depend on Intel-provided C and C++ template libraries which are linked statically at build time. I would not expect a large, complex package like OpenSSL to just build and work. Significant porting would probably be needed.

View solution in original post

0 Kudos
Highlighted
Beginner
56 Views

Hi,

I am trying to integrate a third party library archive file into SGX Enclave. When the function in the third party library is being called from the trusted function call, I am getting the errors like the below

relocation R_X86_64_32S against `_ZNSs4_Rep20_S_empty_rep_storageE' can not be used when making a shared object; recompile with -fPIC

error adding symbols: Bad value

Does this mean that I have to compile the third part source code with -fPIC option and link that library to create the trusted shared object ? As per your comments, I guess lot of porting also is needed to make the third party library to be compatible for SGX. Do we have any porting guidance or manual for such exercise ? Any tool which will scan the third party source code and highlight the incompatible portion of the code with the suggestion for modification. I understand that the trusted shared object along with all the needed third party library also will be enclaved.  Is there any size restriction we have on this ?

Kinda struck on this. Any help and suggestion will be highly appreciated.

Regards,Sathya

0 Kudos
Highlighted
56 Views

Hi 

Please look into sample application shipped with SDK. 

\Intel\IntelSGXSDK\src\X509Verifier.

-Surenthar

- Surenthar Selvaraj
0 Kudos