What's the purpose of the code in /src/talso/enclaveshim

Question

What's the purpose of the code in /src/talso/enclaveshim

bsdinis opened this issue 5 years ago · comments

It is not mentioned in the README section.
I stumbled across this while trying to debug the fact that the /src/libressl part does not include (for instance) an .edl file.

Moreover the code is not compiling, with some things fixable and others not

openssl_types.h:695:30: error: conflicting types for ‘EVP_MD_CTX’
  695 | typedef struct env_md_ctx_st EVP_MD_CTX;

Couldn't work around. Commenting this line yelds "incomplete type" errors

openssl_types.h:947: warning: "OPENSSL_VERSION_NUMBER" redefined
  947 | #define OPENSSL_VERSION_NUMBER 0x20000000L

Added guards

enclave_u.h:271:103: error: unknown type name ‘CRYPTO_EX_new’; did you mean ‘CRYPTO_EX_DATA’?

Added #include <openssl/crypto.h>. Solved a lot of similar problems

Multiple definitions of: struct crypto_ex_data_st AKA CRYPTO_EX_DATA; typedef struct crypto_threadid_st AKA CRYPTO_THREADID, were solved by adding #if 0 ; #endif guards

Suggestions?

plaublin · Answer 1 · Tue Sep 03 2019 19:23:58 GMT+0800 (China Standard Time)

You normally don't have to modify this file, nor the files in src/talos/enclaveshim. They are copied into src/libressl-2.4.1/crypto when executing patch_libressl.sh.

This file is necessary to compile the ecall and ocall interface file of the SDK (files enclave_[ut].[ch]). Indeed, the enclave.edl uses several types that need to be defined. So unless you modify enclave.edl and add a new type that is not already defined you shouldn't have to modify it.

Baltasar Dinis · Answer 2 · Tue Sep 03 2019 23:09:23 GMT+0800 (China Standard Time)

I see..

I still have trouble linking TaLoS with my enclave code. I've added a from "/path/to/enclave.edl" import * to my EDL file, and the correct path for the include files, but many of them have things unavailable in enclaves (eg: FILE's, etc.).

Am I missing something?

plaublin · Answer 3 · Wed Sep 04 2019 14:38:45 GMT+0800 (China Standard Time)

TaLoS has been successfully integrated with other enclave project in the past, so this should definitely work. However I have never tried.

Do you need to import openssl_types.h in your edl file?

What error do you get? Is it when compiling your enclave source code, the SDK interface files?

Baltasar Dinis · Answer 4 · Wed Sep 04 2019 14:45:38 GMT+0800 (China Standard Time)

openssl/pem.h has a lot of references to FILE *, which fail to compile;
openssl/tls1.h has a double prototype to SSL_get_servername
openssl/dtls1.h includes sys/time.h, which cannot be found

In my EDL file, I am not including openssl_types.h, but I do include the EDL file from the project
this is when I'm compiling the enclave code

plaublin · Answer 5 · Fri Sep 06 2019 09:54:22 GMT+0800 (China Standard Time)

I think we never encountered this problem because we never used this part of the code. What you would need to do is modify the header files so that they can compile successfully:
-openssl/pem.h: define the missing FILE* type;
-openssl/tls1.h: remove the double prototype;
-openssl/dtls1.h: don't include sys/time.h when compiling with SGX.