What does this line mean in readme.md: check that the path for the include directory of libressl is correct in ALL_INCS and CORE_INCS;

I am not using docker

floh@mysgx:~/intel_sgx/TaLoS$ sudo docker -D run -p 7778:7778 talos /start.sh
/start.sh: line 5: 9 Segmentation fault (core dumped) ./install/bin/httpd -X

What private keys are stored inside an enclave? AFAIK the .key files are stored in disk (as shown in the README).

Hi,
I'm planning to evaluate the TaLoS with Nginx. However, when I accessed the web pages, I had the following issue:

$ wget --no-check-certificate https://localhost:7778/index.html
--2018-01-19 02:47:20--  https://localhost:7778/index.html
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:7778... failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:7778... connected.
Unable to establish SSL connection.

At the same time, the nginx stopped with the error "Segmentation fault (core dumped)".
Could you let me know the reason why the SSL connection failed?

Thanks!

The SEcure Processing of TLS communication segment of the README may have a typo.

void tls_processing_register_ssl_write_processing_cb(void (cb)(const SSL, char*, unsigned int)): register the callback that will be called by do_ssl3_write() in ssl/s3_pkt.c when data is read from the TLS connection socket;

Shouldnt this be

....called by do_ssl3_write() in ssl/s3_pkt.c when data is written to the TLS connection socket;

Null Pointer Dereference (NPD) (70)

In ecall_OBJ_nid2sn, invalid n fed to OBJ_nid2sn will cause NULL is returned to str (e.g. when ecall_OBJ_create is not called before), and then strlen(str) will crash

In ecall_ENGINE_get_name, ename is obtained from e, and can be null, then strlen can crash

In ecall_SSL_CIPHER_get_name, ret obtained from c can be null, then strlen(ret) can crash.

In ecall_SSL_set_fd, when ssl_hardening is never initialized before (get_ssl_hardening not called before), then m obtained is newly created and m->count is 0, cause output in_s with null in hashmapGet, then in SSL_copy_fields_to_in_struct, in->state crashes. What's more, out_s assigned with parameter can be null but without any check, then out->state crashes. Below are functions that have same problem:

• ecall_SSL_connect
• ecall_SSL_accept
• ecall_SSL_pending
• ecall_SSL_ctrl
• ecall_SSL_state
• ecall_SSL_shutdown
• ecall_SSL_read
• ecall_SSL_write
• ecall_SSL_free (in_s can be null, then in_s->references crash)
• ecall_SSL_set_fd
• ecall_SSL_set_verify
• ecall_SSL_set_verify_result
• ecall_SSL_set_session_id_context
• ecall_SSL_set_alpn_protos
• ecall_SSL_set_shutdown
• ecall_SSL_set_cipher_list
• ecall_SSL_set_bio
• ecall_SSL_get_ciphers
• ecall_SSL_get_peer_certificate
• ecall_SSL_get_verify_result
• ecall_SSL_get_verify_mode
• ecall_SSL_get_wbio
• ecall_SSL_get_rbio
• ecall_SSL_get_servername
• ecall_SSL_get_SSL_CTX
• ecall_SSL_get_shutdown

Another simliar case is ecall_SSL_set_info_callback->SSL_copy_fields_to_out_struct, invalid in_s output out_s with null in hashmapGet, then out->state crash. Below are functions that have same problem:

• ecall_SSL_set_info_callback

In ecall_BN_to_ASN1_INTEGER -> BN_to_ASN1_INTEGER, when bn is null, BN_is_negative(bn) can crash.

ecall_X509_get_ex_data -> X509_get_ex_data -> CRYPTO_get_ex_data. When r in ECALL is fed with null, ad is 0x28, then ad->sk cause NPD.

ecall_SSL_CTX_get_client_CA_list -> SSL_CTX_get_client_CA_list. When ctx is null, ctx->client_CA crashes.

ecall_X509_get_cert_key_algor_algorithm->X509_get_cert_key_algor_algorithm. x->cert_info->key->algor can be null, then x->cert_info->key->algor->algorithm; cause NPD. Below are functions that have same problem:

• ecall_X509_get_cert_key_algor_algorithm
• ecall_X509_get_algorithm

ecall_SSL_use_PrivateKey->SSL_use_PrivateKey->ssl_cert_inst. ssl in SSL_use_PrivateKey can be null, then o from &ssl->cert is 0xf8, then *o == NULL crash.

ecall_SSL_set_connect_state->SSL_set_connect_state. s can be null, then s->server = 0; crash. Below are functions that have same problem:

• ecall_SSL_set_connect_state
• ecall_SSL_set_accept_state
• ecall_SSL_get_certificate (s->cert in SSL_get_certificate)
• ecall_SSL_get_privatekey (s->cert in SSL_get_privatekey)
• ecall_SSL_do_handshake (s->handshake_func in SSL_do_handshake)
• ecall_SSL_CTX_get_cert_store (ctx->cert_store in SSL_CTX_get_cert_store)
• ecall_X509_sign (x->cert_info in X509_sign)
• ecall_SSL_CTX_get_verify_mode (ctx in SSL_CTX_get_verify_mode)
• ecall_SSL_CTX_set_default_passwd_cb (ctx in SSL_CTX_set_default_passwd_cb)
• ecall_SSL_CTX_ctrl (ctx in SSL_CTX_ctrl)
• ecall_EVP_DigestFinal_ex (ctx and ctx->digest in EVP_DigestFinal_ex)
• ecall_X509_get_ext (X509_get_ext in X509_get_ext)
• ecall_SSL_CTX_get_verify_callback (ctx in SSL_CTX_get_verify_callback)
• ecall_X509_get_subject_name (a in X509_get_subject_name)
• ecall_ENGINE_get_name (e in ENGINE_get_name)
• ecall_X509_pubkey_digest (x->cert_info->key in X509_pubkey_digest->X509_get0_pubkey_bitstr)
• ecall_SSL_select_next_proto (server in SSL_select_next_proto, server[i])
• ecall_DH_free (r->meth in DH_free)
• ecall_SSL_CTX_sess_set_get_cb (ctx in SSL_CTX_sess_set_get_cb)
• ecall_BN_is_zero (a in BN_is_zero)
• ecall_BN_num_bits (a in BN_num_bits)
• ecall_ENGINE_get_id (e in ENGINE_get_id)
• ecall_d2i_SSL_SESSION (p is from *pp which is one of ECALL parameters, in d2i_SSL_SESSION->asn1_GetSequence->ASN1_get_object)
• ecall_SSL_CTX_set_ex_data (s in SSL_CTX_set_ex_data, then &s->ex_data is 0xd0, ad->sk in CRYPTO_set_ex_data crash)

ecall_BN_dup->BN_dup->BN_copy. A is from a->d and is null since a is newly allocated from BN_new. Then A[0] crashes. When i smaller then 0, A[1] crashes in case 3, case 2 and case 1

ecall_SSL_CTX_set_default_verify_paths->SSL_CTX_set_default_verify_paths. ctx can be null, then ctx->cert_store crashes

ecall_SSL_get_error->SSL_get_error->SSL_want_read (SSL_want). s can be null, then s->rwstate crashes

ecall_X509_check_issued->X509_check_issued->X509_NAME_cmp->i2d_X509_NAME->ASN1_item_i2d->asn1_item_flags_i2d->ASN1_item_ex_i2d->ef->asn1_ex_i2d->x509_name_encode->BUF_MEM_grow. str can be null, then str->length crashes.

ecall_SSL_CTX_set_cipher_list->SSL_CTX_set_cipher_list. ctx can be null, then ctx->method crashes

ecall_SSL_CTX_set_default_verify_paths->SSL_CTX_set_default_verify_paths->X509_STORE_set_default_paths->X509_STORE_add_lookup->sk_X509_LOOKUP_push (sk_push)->sk_insert. st->data can be null, st->data[st->num] crashes

ecall_X509_digest->X509_digest->ASN1_item_digest->ASN1_item_i2d->asn1_item_flags_i2d->ASN1_item_ex_i2d->asn1_template_ex_i2d->ASN1_item_ex_i2d->asn1_template_ex_i2d->ASN1_item_ex_i2d->asn1_i2d_ex_primitive->asn1_ex_i2c. pf can be null, then pf->prim_i2c crashes

ecall_EC_KEY_free->EC_KEY_free->EC_GROUP_free. group

ecall_SSL_CTX_use_PrivateKey_file->SSL_CTX_use_PrivateKey_file->BIO_new->execute_bio_ocall_malloc->bio_alloc_from_pool. When first call get_bio_mempool, m_memStart of returned pool is 0, then in pool_alloc, AddrFromIndex return p with null, then *p crashes

ecall_X509_set_ex_data->X509_set_ex_data->CRYPTO_set_ex_data->sk_void_set (sk_set). st->data can be null.

Hi,sir
TaLos is an awesome project , I like it, but here a security issue , and could you help me confirm it?
there is an ecall, that can be used to modify verify_mode

void
ecall_SSL_set_verify(SSL *s, int mode, void* cb)
{
	int (*callback)(int, X509_STORE_CTX*);
#ifdef COMPILE_WITH_INTEL_SGX
	ssl_set_verify_cb_address = (int (*)(int, X509_STORE_CTX*))cb;
	callback = ssl_set_verify_fake_cb;
#else
	callback = (int (*)(int, X509_STORE_CTX*))cb;
#endif

#ifdef COMPILE_WITH_INTEL_SGX
	SSL* out_s = s;

	hashmap* m = get_ssl_hardening();
	SSL* in_s = (SSL*) hashmapGet(m, (unsigned long)out_s);

	SSL_copy_fields_to_in_struct(in_s, out_s);
	SSL_set_verify(in_s, mode, callback);
	SSL_copy_fields_to_out_struct(in_s, out_s);
#else
	SSL_set_verify(s, mode, callback);
#endif
}
void
SSL_set_verify(SSL *s, int mode,
    int (*callback)(int ok, X509_STORE_CTX *ctx))
{
	s->verify_mode = mode;                            // verify_mode can be set to parameter mode by an ECALL                       
	if (callback != NULL)
		s->verify_callback = callback;
}

I think that verify_mode is an important flag, because

   /*
     * 0 don't care about verify failure.
     * 1 fail if verify fails
     */
    int verify_mode;

So the attack can modify verify_mode to 0 by invoking ecall_SSL_set_verify(s,0,b) to bypass the verification?

I think it would be good to implement a simple example of TLS Client.

You can not follow this example without implementing new methods:
https://wiki.openssl.org/index.php/SSL/TLS_Client

I am attempting to use TaLoS as a drop-in library to do TLS termination on a WebSocket server within an SGX enclave.

I am using the uWebSockets C++ Websockets server library, which depends on uSockets.

I have modified the uWebSockets and uSockets Makefiles to use TaLoS rather than openSSL or boringSSL:

else ifeq ($(WITH_TALOS),1)
    override CFLAGS += -IuSockets/TaLoS/src/libressl-2.4.1/include -DLIBUS_USE_OPENSSL
    override LDFLAGS += uSockets/TaLoS/src/libressl-2.4.1/lib/libssl.a uSockets/TaLoS/src/libressl-2.4.1/lib/libcrypto.a -LuSockets/TaLoS/src/libressl-2.4.1/lib -lstdc++ -lssl -lcrypto -ldl -lrt -lcrypt -lpthread -lsgx_urts -lsgx_uae_service

While it is successfully linking some cryptographic functions against the TaLoS-modified libreSSL lib, it is failing to find some functions:

$ WITH_TALOS=1 make
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `uWS::Loop::LoopCleaner::~LoopCleaner()':
<artificial>:(.text+0x18bc): undefined reference to `BIO_meth_free'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `sni_hostname_destructor':
<artificial>:(.text+0x1a7c): undefined reference to `SSL_CTX_get_default_passwd_cb_userdata'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `BIO_s_custom_create':
<artificial>:(.text+0x1acc): undefined reference to `BIO_set_init'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `BIO_s_custom_read':
<artificial>:(.text+0x1af3): undefined reference to `BIO_get_data'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `ssl_on_open':
<artificial>:(.text+0x2551): undefined reference to `BIO_up_ref'
<artificial>:(.text+0x255c): undefined reference to `BIO_up_ref'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `BIO_s_custom_write':
<artificial>:(.text+0x5723): undefined reference to `BIO_get_data'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `sni_cb':
<artificial>:(.text+0x5893): undefined reference to `sni_find'
<artificial>:(.text+0x58cf): undefined reference to `sni_find'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `create_ssl_context_from_options.isra.0':
<artificial>:(.text+0x7fc5): undefined reference to `SSL_CTX_set_min_proto_version'
<artificial>:(.text+0x810b): undefined reference to `SSL_CTX_get_default_passwd_cb_userdata'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `ofats::any_detail::handler_traits<void, char const*>::small_handler<main::{lambda(char const*)#1}>::call(ofats::any_detail::storage&, char const*)':
<artificial>:(.text+0x81ea): undefined reference to `sni_add'
<artificial>:(.text+0x822e): undefined reference to `SSL_CTX_get_default_passwd_cb_userdata'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `uWS::TemplatedApp<true>::~TemplatedApp()':
<artificial>:(.text+0x845a): undefined reference to `SSL_CTX_get_default_passwd_cb_userdata'
<artificial>:(.text+0x847d): undefined reference to `sni_free'
...

It appears there is a collection of cryptographic functions used by uWebSockets's openSSL interface that are not implemented in TaLoS' libreSSL. Do you have advice on bridging this gap? Is this due to differences in openSSL and libreSSL, or due to differences in version? I see TaLoS' libreSSL version is 5 years old.

I have Intel-SGX and the drivers installed on my linux machine

However, I don't have libsgx_tstdcxx, but I have libsgx_tcxx.

If I make that change, though, the loader doesn't find any reference to __explicit_bzero_chk.

Is there anything I need to correct?

System Details
Thinkpad L460

$ uname -a
Linux althea 5.2.8-200.fc30.x86_64 #1 SMP Sat Aug 10 13:21:39 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

• when I change gcc to clang-8
  
• some errors occurred...
  
• my environment
  • ubuntu 16.04
  • sgx sdk 2.3
  • clang 8

any suggestion is helpful!

Potential attack methodology: with help of another ecall function, ecall_SSL_read, one can pass a pointer pointing an address inside SGX enclave to ecall_SSL_write, then use ecall_SSL_read to read the content of enclave through SSL communication.

The simple fix will be to change edl attribute for "const void *buf" in ecall_SSL_write from [user_check] to [in], or to add boundary-checking code in the applications, such as using SGX-provided function "sgx_is_outside_enclave" like here.

Please feel free to contact me if you want to discuss this issue, and I can explain it more by demonstrating a POC exploring this vulnerability.

When running Apache:

./install/bin/httpd -X

I cannot load the ssl module due to an X509 not being defined.

Cannot load modules/mod_ssl.so into server: <project_root>/TaLoS/src/httpd-2.4.23/install/modules/mod_ssl.so: undefined symbol: X509_get_notAfter

When initialize_library happens , it does a initilize_enclave. This happens in virtually every function in enclaveshim_ecalls.c , functions such as SSL_read, BIO_*, etc. but after the operation, the enclave is never destroyed. I see a function called destroy_enclave(), but never invoked.

i am still new to TAlos and SGX in general, so, i am not sure if this is a bug or am i missing something. Wouldnt not destroying an enclave pose a security threat.

The compile chain isn't working because the sys/time.h library doesn't accept int gettimeofday(struct timeval *tv, void *tz);
One has to revert it back to int getimeofday(struct timeval *tv, struct timezone *tz);

This issue is related to #13:

In the TaLoS codebase, [user_check] is widely used (there are 369 instances of it in https://github.com/lsds/TaLoS/blob/master/src/talos/enclaveshim/enclave.edl). However, in most cases these pointers are never checked for inside/outside enclave.

The fix for #13 addressed one instance, but there are many more as far as I can see, for example:

https://github.com/lsds/TaLoS/blob/master/src/talos/patch/ssl_lib.c.patch#L694

This might also affect a lot of uses of SSL *s, as this pointer is also [user_check], and usually read from and written to (via https://github.com/lsds/TaLoS/blob/master/src/talos/patch/ssl_lib.c.patch#L725) without checking in most cases.

the variable ssl_session_outside is a pointer that holds an untrusted address (outside enclave)

the enclave code copies SSL session to the untrusted target buffer by memcpy, which results in privacy leakage.

Hi, as I mentioned earlier my application needs to make use of Openssl api and constructs inside the enclave methods, thats why i am making use of TaLoS because I cannot find other sgx compatible openssl libraries

But even after linking the TaLoS libraries (libenclave.so, enclave.signed.so) to my application code I am still getting a list of errors like below:

/tmp/TaLoS/src/libressl-2.4.1/include/openssl/bn.h:442:17: error: unknown type name ‘FILE’
int BN_print_fp(FILE *fp, const BIGNUM *a);
^
In file included from /tmp/TaLoS/src/libressl-2.4.1/include/openssl/objects.h:962:0,
from /tmp/TaLoS/src/libressl-2.4.1/include/openssl/evp.h:86,
from trusted/kssl_private_key.h:8,
from trusted/private_type.h:3,
from trusted/key_operations_t.h:9,
from trusted/key_operations_t.c:1:
/tmp/TaLoS/src/libressl-2.4.1/include/openssl/asn1.h:944:58: error: unknown type name ‘FILE’
void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
^
/tmp/TaLoS/src/libressl-2.4.1/include/openssl/asn1.h:952:45: error: unknown type name ‘FILE’
void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
^
/tmp/TaLoS/src/libressl-2.4.1/include/openssl/asn1.h:953:35: error: unknown type name ‘FILE’
int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x);

Can you tell me whats the issue? I tried to include stdio and uinstd.h files inside the error creating files but no benefit. Thanks

@similar to issue13, i think it is necessary to add a bound-checking function in ecall_SSL_read.
Image a TLS client which can fetch website contents of any server, we can transfer a pointer pointing to enclave memory like this:
bytes = SSL_read(ssl, (char*)(secret_addr), sizeof(buf));
So the secret memory will be overwritten to the website content like below:

Moreover, if the host is not google but controlled by attackers, the secret memory value can be overwritten to arbitrary value like below. (the left terminal is a server controlled by attacker)

Basically, attackers can modify to any memory in enclave to any value.
Thanks for guidance from @david-oswald
#18

/home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/.libs/libssl.a(s3_pkt.o): In function do_ssl3_write': /home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/s3_pkt.c:723: undefined reference to tls_processing_ssl_write'
/home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/.libs/libssl.a(s3_pkt.o): In function ssl3_read_bytes': /home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/s3_pkt.c:984: undefined reference to tls_processing_ssl_read'
/home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/.libs/libssl.a(ssl_lib.o): In function SSL_free': /home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/ssl_lib.c:766: undefined reference to tls_processing_free_connection'
/home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/.libs/libssl.a(ssl_lib.o): In function SSL_new': /home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/ssl_lib.c:521: undefined reference to tls_processing_new_connection'
/home/yibao/projects/TaLoS/src/libressl-2.4.1/crypto/.libs/libcrypto.a(libcrypto_la-bio_lib.o): In function BIO_int_ctrl': /home/yibao/projects/TaLoS/src/libressl-2.4.1/crypto/bio/bio_lib.c:590: undefined reference to tls_processing_set_ssl_type'
collect2: error: ld returned 1 exit status
Makefile:491: recipe for target 'openssl' failed
make[4]: *** [openssl] Error 1
make[4]: Leaving directory '/home/yibao/projects/TaLoS/src/libressl-2.4.1/apps/openssl'
Makefile:363: recipe for target 'all-recursive' failed
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory '/home/yibao/projects/TaLoS/src/libressl-2.4.1/apps'
Makefile:453: recipe for target 'all-recursive' failed
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory '/home/yibao/projects/TaLoS/src/libressl-2.4.1'
objs/Makefile:1175: recipe for target '/home/yibao/projects/TaLoS/src/libressl-2.4.1//.openssl/include/openssl/ssl.h' failed
make[1]: *** [/home/yibao/projects/TaLoS/src/libressl-2.4.1//.openssl/include/openssl/ssl.h] Error 2
make[1]: Leaving directory '/home/yibao/projects/TaLoS/src/nginx-1.11.0'
Makefile:8: recipe for target 'build' failed
make: *** [build] Error 2

I am able to build nginx with dynamic library and I followed the readme.md but on running the nginx binary it fails to start. Please see the figure to understand more.

Could someone please help me to run nginx with TaLoS.

My /home/roshan/talos/src/nginx-1.11.0/objs/makefile (full version: https://gist.github.com/gmatesunny/ae600c1d4183c12a0a99387923828cab)

$(LINK) -o objs/nginx \
objs/src/core/nginx.o \
objs/src/core/ngx_log.o \
     ----------------------
     ---------------------
-ldl -lpthread /home/roshan/sgxsdk/sdk_libs/libsgx_uae_service_sim.so /home/roshan/sgxsdk/sdk_libs/libsgx_urts_sim.so -lcrypt -lpcre /home/roshan/talos/src/libressl-2.4.1/lib/libssl.a /home/roshan/talos/src/libressl-2.4.1/lib/libcrypto.a -ldl -lz \
-Wl,-E

I have also set: /etc/ld.so.conf.d/sgxlibs.conf to (guide: https://stackoverflow.com/questions/9151491/extending-default-lib-search-path-in-ubuntu)
/home/roshan/sgxsdk/lib64/

Also, set the PATH variable to /home/roshan/sgxsdk/lib64/

I am trying to build Nginx and on doing make at /home/roshan/talos/src/nginx-1.11.0

Step of the readme.md where I got stuck:

on step 3. in `objs/nginx`, for the LINK phase, update the following line with the
   correct path to `libssl.a` and `libcrypto.a` and add `-lsgx_urts
   -lsgx_uae_service`. Depending on how you compiled TaLoS, you may want to
   change `-lsgx_urts -lsgx_uae_service` (real hardware) to `-lsgx_urts_sim
   -lsgx_uae_service_sim` (simulator).

The code is ready to be compiled:
$ make

I am keep getting errors like:
/home/roshan/talos/src/libressl-2.4.1/crypto/enclave_u.c:2101: undefined reference to sgx_ecall' /home/roshan/talos/src/libressl-2.4.1/lib/libssl.a(enclave_u.o): In function ecall_SSL_library_init':
/home/roshan/talos/src/libressl-2.4.1/crypto/enclave_u.c:2109: undefined reference to sgx_ecall' /home/roshan/talos/src/libressl-2.4.1/lib/libssl.a(enclave_u.o): In function ecall_SSL_get_ex_new_index':
/home/roshan/talos/src/libressl-2.4.1/crypto/enclave_u.c:2137: undefined reference to sgx_ecall' /home/roshan/talos/src/libressl-2.4.1/lib/libssl.a(enclave_u.o): In function ecall_SSL_CTX_get_ex_new_index':
/home/roshan/talos/src/libressl-2.4.1/crypto/enclave_u.c:2151: undefined reference to sgx_ecall' /home/roshan/talos/src/libressl-2.4.1/lib/libssl.a(enclave_u.o):/home/roshan/talos/src/libressl-2.4.1/crypto/enclave_u.c:2165: more undefined references to sgx_ecall' follow

Also have a look here:
https://stackoverflow.com/questions/49201545/cannot-find-of-a-so-library

Hello, sir

I found there maybe a security issue here and need your confirm.

related source code:

EVP_PKEY *SSL_get_privatekey(SSL *s) {
   if (global_eid == 0) {
   	initialize_library();
   }

   log_enter_ecall(__func__);
	sgx_status_t ret = SGX_ERROR_UNEXPECTED;
	ret = ecall_SSL_get_privatekey(global_eid, &my_evp_pkey, s); 
	if (ret != SGX_SUCCESS) {
		print_error_message(ret, __func__);
		return NULL;
	}
	log_exit_ecall(__func__);

	return &my_evp_pkey;
}

In ecall_SSL_get_privatekey, the private key is copied to the memory area pointed to by pkey, but since pkey is user_check, and points to untrusted memory outside the enclave, so an attacker can monitor its content to obtain the private key.

 /* Fix this function so that it takes an optional type parameter */
+void
+ecall_SSL_get_privatekey(EVP_PKEY* pkey, SSL *s) {
+#ifdef COMPILE_WITH_INTEL_SGX
+	const SSL* out_s = s;
+
+	hashmap* m = get_ssl_hardening();
+	SSL* in_s = (SSL*) hashmapGet(m, (unsigned long)out_s);
+
+	EVP_PKEY* enclave_pkey = SSL_get_privatekey(in_s);
+	memcpy(pkey, enclave_pkey, sizeof(*pkey)); //   An attacker can spy on the buffer pointed to by pkey
+#else
+	printf("Cannot call %s without SGX!!!\n", __func__);
+#endif
+}
+

After I followed the steps in README.md on ubuntu-16.04_3 OS, I got a binary and run it. Unfortunately, I got a segmentation fault.

It is not mentioned in the README section.
I stumbled across this while trying to debug the fact that the /src/libressl part does not include (for instance) an .edl file.

Moreover the code is not compiling, with some things fixable and others not

openssl_types.h:695:30: error: conflicting types for ‘EVP_MD_CTX’
  695 | typedef struct env_md_ctx_st EVP_MD_CTX;

Couldn't work around. Commenting this line yelds "incomplete type" errors

openssl_types.h:947: warning: "OPENSSL_VERSION_NUMBER" redefined
  947 | #define OPENSSL_VERSION_NUMBER 0x20000000L

Added guards

enclave_u.h:271:103: error: unknown type name ‘CRYPTO_EX_new’; did you mean ‘CRYPTO_EX_DATA’?

Added #include <openssl/crypto.h>. Solved a lot of similar problems

Multiple definitions of: struct crypto_ex_data_st AKA CRYPTO_EX_DATA; typedef struct crypto_threadid_st AKA CRYPTO_THREADID, were solved by adding #if 0 ; #endif guards

Suggestions?

Hi,

Thanks for making your work public. I was trying to compile this but it turns out that
/TaLoS/src/libressl-2.4.1/lib is missing. I am able to compile /TaLoS/src/libressl-2.4.1/crypto folder fine.

Can you please tell if I am doing something right?

When compiling TaLoS in there is a warning in HW mode from file asn1/a_bitstr.c

In file included from /usr/include/string.h:494:0,
from ../include/compat/string.h:16,
from asn1/a_bitstr.c:60:
In function ‘memcpy’,
inlined from ‘i2c_ASN1_BIT_STRING’ at asn1/a_bitstr.c:121:2:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: ‘__builtin_memcpy’: specified size between 18446744071562067968 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Werror=stringop-overflow=]
return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hi, everyone, I used the lastest version code, but I still meet this error "Unable to establish SSL connection", could you please give some advise?
start nignx:
sudo LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:$(pwd)/../libressl-2.4.1/lib ./objs/nginx

However, the wget cannot establish SSl connection with nginx:

The nginx.conf:

server
{
       listen       7788 ssl;
       server_name  localhost;

       ssl_certificate      cert.crt;
       ssl_certificate_key  cert.key;

       ssl_session_cache    shared:SSL:1m;
       ssl_session_timeout  5m;

       ssl_ciphers  HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers  on;

       location / {
           root   html;
           index  index.html index.htm;
       }
  }

xxx:~/Documents/TaLoS-master/src/nginx-1.11.0$ ls install/conf/cert.*


install/conf/cert.crt  install/conf/cert.key

Data races among the following shared variables and functions.

I recently discovered a bug. In /src/talos/patch/tasn_fre.c.patch::24, you have a #else macro, which is unnecessary. The code should be like this:

static void smart_free(void* ptr) {
#ifdef COMPILE_WITH_INTEL_SGX
	if (sgx_is_within_enclave(ptr, 1)) {
//#else
#endif
		free(ptr);
//#endif
#ifdef COMPILE_WITH_INTEL_SGX
	} else {
		ocall_free(ptr);
	}
#endif
}

Otherwise the ptr will not be freed.