lsds / talos Goto Github PK
View Code? Open in Web Editor NEWEfficient TLS termination inside Intel SGX enclaves for existing applications
License: Apache License 2.0
Efficient TLS termination inside Intel SGX enclaves for existing applications
License: Apache License 2.0
floh@mysgx:~/intel_sgx/TaLoS$ sudo docker -D run -p 7778:7778 talos /start.sh
/start.sh: line 5: 9 Segmentation fault (core dumped) ./install/bin/httpd -X
What private keys are stored inside an enclave? AFAIK the .key files are stored in disk (as shown in the README).
Hi,
I'm planning to evaluate the TaLoS with Nginx. However, when I accessed the web pages, I had the following issue:
$ wget --no-check-certificate https://localhost:7778/index.html
--2018-01-19 02:47:20-- https://localhost:7778/index.html
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:7778... failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:7778... connected.
Unable to establish SSL connection.
At the same time, the nginx stopped with the error "Segmentation fault (core dumped)".
Could you let me know the reason why the SSL connection failed?
Thanks!
The SEcure Processing of TLS communication segment of the README may have a typo.
void tls_processing_register_ssl_write_processing_cb(void (cb)(const SSL, char*, unsigned int)): register the callback that will be called by do_ssl3_write() in ssl/s3_pkt.c when data is read from the TLS connection socket;
Shouldnt this be
....called by do_ssl3_write() in ssl/s3_pkt.c when data is written to the TLS connection socket;
In ecall_OBJ_nid2sn
, invalid n
fed to OBJ_nid2sn
will cause NULL is returned to str
(e.g. when ecall_OBJ_create
is not called before), and then strlen(str)
will crash
In ecall_ENGINE_get_name
, ename
is obtained from e
, and can be null, then strlen
can crash
In ecall_SSL_CIPHER_get_name
, ret
obtained from c
can be null, then strlen(ret)
can crash.
In ecall_SSL_set_fd
, when ssl_hardening is never initialized before (get_ssl_hardening
not called before), then m
obtained is newly created and m->count
is 0, cause output in_s
with null in hashmapGet
, then in SSL_copy_fields_to_in_struct
, in->state
crashes. What's more, out_s
assigned with parameter can be null but without any check, then out->state
crashes. Below are functions that have same problem:
in_s
can be null, then in_s->references
crash)Another simliar case is ecall_SSL_set_info_callback
->SSL_copy_fields_to_out_struct
, invalid in_s
output out_s
with null in hashmapGet
, then out->state
crash. Below are functions that have same problem:
In ecall_BN_to_ASN1_INTEGER
-> BN_to_ASN1_INTEGER
, when bn
is null, BN_is_negative(bn) can crash.
ecall_X509_get_ex_data
-> X509_get_ex_data
-> CRYPTO_get_ex_data
. When r
in ECALL is fed with null, ad
is 0x28, then ad->sk
cause NPD.
ecall_SSL_CTX_get_client_CA_list
-> SSL_CTX_get_client_CA_list
. When ctx
is null, ctx->client_CA
crashes.
ecall_X509_get_cert_key_algor_algorithm
->X509_get_cert_key_algor_algorithm
. x->cert_info->key->algor
can be null, then x->cert_info->key->algor->algorithm;
cause NPD. Below are functions that have same problem:
ecall_SSL_use_PrivateKey
->SSL_use_PrivateKey
->ssl_cert_inst
. ssl
in SSL_use_PrivateKey
can be null, then o
from &ssl->cert
is 0xf8, then *o == NULL
crash.
ecall_SSL_set_connect_state
->SSL_set_connect_state
. s
can be null, then s->server = 0;
crash. Below are functions that have same problem:
s->cert
in SSL_get_certificate
)s->cert
in SSL_get_privatekey
)s->handshake_func
in SSL_do_handshake
)ctx->cert_store
in SSL_CTX_get_cert_store
)x->cert_info
in X509_sign
)ctx
in SSL_CTX_get_verify_mode
)ctx
in SSL_CTX_set_default_passwd_cb
)ctx
in SSL_CTX_ctrl
)ctx
and ctx->digest
in EVP_DigestFinal_ex
)X509_get_ext
in X509_get_ext
)ctx
in SSL_CTX_get_verify_callback
)a
in X509_get_subject_name
)e
in ENGINE_get_name
)x->cert_info->key
in X509_pubkey_digest
->X509_get0_pubkey_bitstr
)server
in SSL_select_next_proto
, server[i]
)r->meth
in DH_free
)ctx
in SSL_CTX_sess_set_get_cb
)a
in BN_is_zero
)a
in BN_num_bits
)e
in ENGINE_get_id
)p
is from *pp
which is one of ECALL parameters, in d2i_SSL_SESSION
->asn1_GetSequence
->ASN1_get_object
)s
in SSL_CTX_set_ex_data
, then &s->ex_data
is 0xd0, ad->sk
in CRYPTO_set_ex_data
crash)ecall_BN_dup
->BN_dup
->BN_copy
. A
is from a->d
and is null since a
is newly allocated from BN_new
. Then A[0]
crashes. When i
smaller then 0, A[1]
crashes in case 3
, case 2
and case 1
ecall_SSL_CTX_set_default_verify_paths
->SSL_CTX_set_default_verify_paths
. ctx
can be null, then ctx->cert_store
crashes
ecall_SSL_get_error
->SSL_get_error
->SSL_want_read
(SSL_want
). s
can be null, then s->rwstate
crashes
ecall_X509_check_issued
->X509_check_issued
->X509_NAME_cmp
->i2d_X509_NAME
->ASN1_item_i2d
->asn1_item_flags_i2d
->ASN1_item_ex_i2d
->ef->asn1_ex_i2d
->x509_name_encode
->BUF_MEM_grow
. str
can be null, then str->length
crashes.
ecall_SSL_CTX_set_cipher_list
->SSL_CTX_set_cipher_list
. ctx
can be null, then ctx->method
crashes
ecall_SSL_CTX_set_default_verify_paths
->SSL_CTX_set_default_verify_paths
->X509_STORE_set_default_paths
->X509_STORE_add_lookup
->sk_X509_LOOKUP_push
(sk_push
)->sk_insert
. st->data
can be null, st->data[st->num]
crashes
ecall_X509_digest
->X509_digest
->ASN1_item_digest
->ASN1_item_i2d
->asn1_item_flags_i2d
->ASN1_item_ex_i2d
->asn1_template_ex_i2d
->ASN1_item_ex_i2d
->asn1_template_ex_i2d
->ASN1_item_ex_i2d
->asn1_i2d_ex_primitive
->asn1_ex_i2c
. pf
can be null, then pf->prim_i2c
crashes
ecall_EC_KEY_free
->EC_KEY_free
->EC_GROUP_free
. group
ecall_SSL_CTX_use_PrivateKey_file
->SSL_CTX_use_PrivateKey_file
->BIO_new
->execute_bio_ocall_malloc
->bio_alloc_from_pool
. When first call get_bio_mempool
, m_memStart
of returned pool
is 0, then in pool_alloc
, AddrFromIndex
return p
with null, then *p
crashes
ecall_X509_set_ex_data
->X509_set_ex_data
->CRYPTO_set_ex_data
->sk_void_set
(sk_set
). st->data
can be null.
Hi,sir
TaLos is an awesome project , I like it, but here a security issue , and could you help me confirm it?
there is an ecall, that can be used to modify verify_mode
void
ecall_SSL_set_verify(SSL *s, int mode, void* cb)
{
int (*callback)(int, X509_STORE_CTX*);
#ifdef COMPILE_WITH_INTEL_SGX
ssl_set_verify_cb_address = (int (*)(int, X509_STORE_CTX*))cb;
callback = ssl_set_verify_fake_cb;
#else
callback = (int (*)(int, X509_STORE_CTX*))cb;
#endif
#ifdef COMPILE_WITH_INTEL_SGX
SSL* out_s = s;
hashmap* m = get_ssl_hardening();
SSL* in_s = (SSL*) hashmapGet(m, (unsigned long)out_s);
SSL_copy_fields_to_in_struct(in_s, out_s);
SSL_set_verify(in_s, mode, callback);
SSL_copy_fields_to_out_struct(in_s, out_s);
#else
SSL_set_verify(s, mode, callback);
#endif
}
void
SSL_set_verify(SSL *s, int mode,
int (*callback)(int ok, X509_STORE_CTX *ctx))
{
s->verify_mode = mode; // verify_mode can be set to parameter mode by an ECALL
if (callback != NULL)
s->verify_callback = callback;
}
I think that verify_mode
is an important flag, because
/*
* 0 don't care about verify failure.
* 1 fail if verify fails
*/
int verify_mode;
So the attack can modify verify_mode
to 0
by invoking ecall_SSL_set_verify(s,0,b)
to bypass the verification?
I think it would be good to implement a simple example of TLS Client.
You can not follow this example without implementing new methods:
https://wiki.openssl.org/index.php/SSL/TLS_Client
I am attempting to use TaLoS as a drop-in library to do TLS termination on a WebSocket server within an SGX enclave.
I am using the uWebSockets C++ Websockets server library, which depends on uSockets.
I have modified the uWebSockets and uSockets Makefiles to use TaLoS rather than openSSL or boringSSL:
else ifeq ($(WITH_TALOS),1)
override CFLAGS += -IuSockets/TaLoS/src/libressl-2.4.1/include -DLIBUS_USE_OPENSSL
override LDFLAGS += uSockets/TaLoS/src/libressl-2.4.1/lib/libssl.a uSockets/TaLoS/src/libressl-2.4.1/lib/libcrypto.a -LuSockets/TaLoS/src/libressl-2.4.1/lib -lstdc++ -lssl -lcrypto -ldl -lrt -lcrypt -lpthread -lsgx_urts -lsgx_uae_service
While it is successfully linking some cryptographic functions against the TaLoS-modified libreSSL lib, it is failing to find some functions:
$ WITH_TALOS=1 make
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `uWS::Loop::LoopCleaner::~LoopCleaner()':
<artificial>:(.text+0x18bc): undefined reference to `BIO_meth_free'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `sni_hostname_destructor':
<artificial>:(.text+0x1a7c): undefined reference to `SSL_CTX_get_default_passwd_cb_userdata'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `BIO_s_custom_create':
<artificial>:(.text+0x1acc): undefined reference to `BIO_set_init'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `BIO_s_custom_read':
<artificial>:(.text+0x1af3): undefined reference to `BIO_get_data'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `ssl_on_open':
<artificial>:(.text+0x2551): undefined reference to `BIO_up_ref'
<artificial>:(.text+0x255c): undefined reference to `BIO_up_ref'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `BIO_s_custom_write':
<artificial>:(.text+0x5723): undefined reference to `BIO_get_data'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `sni_cb':
<artificial>:(.text+0x5893): undefined reference to `sni_find'
<artificial>:(.text+0x58cf): undefined reference to `sni_find'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `create_ssl_context_from_options.isra.0':
<artificial>:(.text+0x7fc5): undefined reference to `SSL_CTX_set_min_proto_version'
<artificial>:(.text+0x810b): undefined reference to `SSL_CTX_get_default_passwd_cb_userdata'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `ofats::any_detail::handler_traits<void, char const*>::small_handler<main::{lambda(char const*)#1}>::call(ofats::any_detail::storage&, char const*)':
<artificial>:(.text+0x81ea): undefined reference to `sni_add'
<artificial>:(.text+0x822e): undefined reference to `SSL_CTX_get_default_passwd_cb_userdata'
/tmp/ccAm2lwl.ltrans0.ltrans.o: In function `uWS::TemplatedApp<true>::~TemplatedApp()':
<artificial>:(.text+0x845a): undefined reference to `SSL_CTX_get_default_passwd_cb_userdata'
<artificial>:(.text+0x847d): undefined reference to `sni_free'
...
It appears there is a collection of cryptographic functions used by uWebSockets's openSSL interface that are not implemented in TaLoS' libreSSL. Do you have advice on bridging this gap? Is this due to differences in openSSL and libreSSL, or due to differences in version? I see TaLoS' libreSSL version is 5 years old.
I have Intel-SGX and the drivers installed on my linux machine
However, I don't have libsgx_tstdcxx, but I have libsgx_tcxx.
If I make that change, though, the loader doesn't find any reference to __explicit_bzero_chk.
Is there anything I need to correct?
System Details
Thinkpad L460
$ uname -a
Linux althea 5.2.8-200.fc30.x86_64 #1 SMP Sat Aug 10 13:21:39 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
TaLoS/src/talos/enclaveshim/enclave.edl
Line 87 in 43d5890
Potential attack methodology: with help of another ecall function, ecall_SSL_read, one can pass a pointer pointing an address inside SGX enclave to ecall_SSL_write, then use ecall_SSL_read to read the content of enclave through SSL communication.
The simple fix will be to change edl attribute for "const void *buf" in ecall_SSL_write from [user_check] to [in], or to add boundary-checking code in the applications, such as using SGX-provided function "sgx_is_outside_enclave" like here.
Please feel free to contact me if you want to discuss this issue, and I can explain it more by demonstrating a POC exploring this vulnerability.
When running Apache:
./install/bin/httpd -X
I cannot load the ssl module due to an X509 not being defined.
Cannot load modules/mod_ssl.so into server: <project_root>/TaLoS/src/httpd-2.4.23/install/modules/mod_ssl.so: undefined symbol: X509_get_notAfter
When initialize_library happens , it does a initilize_enclave. This happens in virtually every function in enclaveshim_ecalls.c , functions such as SSL_read, BIO_*, etc. but after the operation, the enclave is never destroyed. I see a function called destroy_enclave(), but never invoked.
i am still new to TAlos and SGX in general, so, i am not sure if this is a bug or am i missing something. Wouldnt not destroying an enclave pose a security threat.
The compile chain isn't working because the sys/time.h library doesn't accept int gettimeofday(struct timeval *tv, void *tz);
One has to revert it back to int getimeofday(struct timeval *tv, struct timezone *tz);
This issue is related to #13:
In the TaLoS codebase, [user_check]
is widely used (there are 369 instances of it in https://github.com/lsds/TaLoS/blob/master/src/talos/enclaveshim/enclave.edl). However, in most cases these pointers are never checked for inside/outside enclave.
The fix for #13 addressed one instance, but there are many more as far as I can see, for example:
https://github.com/lsds/TaLoS/blob/master/src/talos/patch/ssl_lib.c.patch#L694
This might also affect a lot of uses of SSL *s
, as this pointer is also [user_check]
, and usually read from and written to (via https://github.com/lsds/TaLoS/blob/master/src/talos/patch/ssl_lib.c.patch#L725) without checking in most cases.
the variable ssl_session_outside
is a pointer that holds an untrusted address (outside enclave)
TaLoS/src/talos/patch/ssl_lib.c.patch
Line 1187 in 052a93d
the enclave code copies SSL session to the untrusted target buffer by memcpy
, which results in privacy leakage.
TaLoS/src/talos/patch/ssl_lib.c.patch
Line 1190 in 052a93d
Hi, as I mentioned earlier my application needs to make use of Openssl api and constructs inside the enclave methods, thats why i am making use of TaLoS because I cannot find other sgx compatible openssl libraries
But even after linking the TaLoS libraries (libenclave.so, enclave.signed.so) to my application code I am still getting a list of errors like below:
/tmp/TaLoS/src/libressl-2.4.1/include/openssl/bn.h:442:17: error: unknown type name ‘FILE’
int BN_print_fp(FILE *fp, const BIGNUM *a);
^
In file included from /tmp/TaLoS/src/libressl-2.4.1/include/openssl/objects.h:962:0,
from /tmp/TaLoS/src/libressl-2.4.1/include/openssl/evp.h:86,
from trusted/kssl_private_key.h:8,
from trusted/private_type.h:3,
from trusted/key_operations_t.h:9,
from trusted/key_operations_t.c:1:
/tmp/TaLoS/src/libressl-2.4.1/include/openssl/asn1.h:944:58: error: unknown type name ‘FILE’
void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
^
/tmp/TaLoS/src/libressl-2.4.1/include/openssl/asn1.h:952:45: error: unknown type name ‘FILE’
void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
^
/tmp/TaLoS/src/libressl-2.4.1/include/openssl/asn1.h:953:35: error: unknown type name ‘FILE’
int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x);
Can you tell me whats the issue? I tried to include stdio and uinstd.h files inside the error creating files but no benefit. Thanks
@similar to issue13, i think it is necessary to add a bound-checking function in ecall_SSL_read.
Image a TLS client which can fetch website contents of any server, we can transfer a pointer pointing to enclave memory like this:
bytes = SSL_read(ssl, (char*)(secret_addr), sizeof(buf));
So the secret memory will be overwritten to the website content like below:
Moreover, if the host is not google but controlled by attackers, the secret memory value can be overwritten to arbitrary value like below. (the left terminal is a server controlled by attacker)
Basically, attackers can modify to any memory in enclave to any value.
Thanks for guidance from @david-oswald
#18
/home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/.libs/libssl.a(s3_pkt.o): In function do_ssl3_write': /home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/s3_pkt.c:723: undefined reference to
tls_processing_ssl_write'
/home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/.libs/libssl.a(s3_pkt.o): In function ssl3_read_bytes': /home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/s3_pkt.c:984: undefined reference to
tls_processing_ssl_read'
/home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/.libs/libssl.a(ssl_lib.o): In function SSL_free': /home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/ssl_lib.c:766: undefined reference to
tls_processing_free_connection'
/home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/.libs/libssl.a(ssl_lib.o): In function SSL_new': /home/yibao/projects/TaLoS/src/libressl-2.4.1/ssl/ssl_lib.c:521: undefined reference to
tls_processing_new_connection'
/home/yibao/projects/TaLoS/src/libressl-2.4.1/crypto/.libs/libcrypto.a(libcrypto_la-bio_lib.o): In function BIO_int_ctrl': /home/yibao/projects/TaLoS/src/libressl-2.4.1/crypto/bio/bio_lib.c:590: undefined reference to
tls_processing_set_ssl_type'
collect2: error: ld returned 1 exit status
Makefile:491: recipe for target 'openssl' failed
make[4]: *** [openssl] Error 1
make[4]: Leaving directory '/home/yibao/projects/TaLoS/src/libressl-2.4.1/apps/openssl'
Makefile:363: recipe for target 'all-recursive' failed
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory '/home/yibao/projects/TaLoS/src/libressl-2.4.1/apps'
Makefile:453: recipe for target 'all-recursive' failed
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory '/home/yibao/projects/TaLoS/src/libressl-2.4.1'
objs/Makefile:1175: recipe for target '/home/yibao/projects/TaLoS/src/libressl-2.4.1//.openssl/include/openssl/ssl.h' failed
make[1]: *** [/home/yibao/projects/TaLoS/src/libressl-2.4.1//.openssl/include/openssl/ssl.h] Error 2
make[1]: Leaving directory '/home/yibao/projects/TaLoS/src/nginx-1.11.0'
Makefile:8: recipe for target 'build' failed
make: *** [build] Error 2
My /home/roshan/talos/src/nginx-1.11.0/objs/makefile (full version: https://gist.github.com/gmatesunny/ae600c1d4183c12a0a99387923828cab)
$(LINK) -o objs/nginx \
objs/src/core/nginx.o \
objs/src/core/ngx_log.o \
----------------------
---------------------
-ldl -lpthread /home/roshan/sgxsdk/sdk_libs/libsgx_uae_service_sim.so /home/roshan/sgxsdk/sdk_libs/libsgx_urts_sim.so -lcrypt -lpcre /home/roshan/talos/src/libressl-2.4.1/lib/libssl.a /home/roshan/talos/src/libressl-2.4.1/lib/libcrypto.a -ldl -lz \
-Wl,-E
I have also set: /etc/ld.so.conf.d/sgxlibs.conf to (guide: https://stackoverflow.com/questions/9151491/extending-default-lib-search-path-in-ubuntu)
/home/roshan/sgxsdk/lib64/
Also, set the PATH variable to /home/roshan/sgxsdk/lib64/
I am trying to build Nginx and on doing make at /home/roshan/talos/src/nginx-1.11.0
Step of the readme.md where I got stuck:
on step 3. in `objs/nginx`, for the LINK phase, update the following line with the
correct path to `libssl.a` and `libcrypto.a` and add `-lsgx_urts
-lsgx_uae_service`. Depending on how you compiled TaLoS, you may want to
change `-lsgx_urts -lsgx_uae_service` (real hardware) to `-lsgx_urts_sim
-lsgx_uae_service_sim` (simulator).
The code is ready to be compiled:
$ make
I am keep getting errors like:
/home/roshan/talos/src/libressl-2.4.1/crypto/enclave_u.c:2101: undefined reference to sgx_ecall' /home/roshan/talos/src/libressl-2.4.1/lib/libssl.a(enclave_u.o): In function
ecall_SSL_library_init':
/home/roshan/talos/src/libressl-2.4.1/crypto/enclave_u.c:2109: undefined reference to sgx_ecall' /home/roshan/talos/src/libressl-2.4.1/lib/libssl.a(enclave_u.o): In function
ecall_SSL_get_ex_new_index':
/home/roshan/talos/src/libressl-2.4.1/crypto/enclave_u.c:2137: undefined reference to sgx_ecall' /home/roshan/talos/src/libressl-2.4.1/lib/libssl.a(enclave_u.o): In function
ecall_SSL_CTX_get_ex_new_index':
/home/roshan/talos/src/libressl-2.4.1/crypto/enclave_u.c:2151: undefined reference to sgx_ecall' /home/roshan/talos/src/libressl-2.4.1/lib/libssl.a(enclave_u.o):/home/roshan/talos/src/libressl-2.4.1/crypto/enclave_u.c:2165: more undefined references to
sgx_ecall' follow
Also have a look here:
https://stackoverflow.com/questions/49201545/cannot-find-of-a-so-library
Hello, sir
I found there maybe a security issue here and need your confirm.
related source code:
EVP_PKEY *SSL_get_privatekey(SSL *s) {
if (global_eid == 0) {
initialize_library();
}
log_enter_ecall(__func__);
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
ret = ecall_SSL_get_privatekey(global_eid, &my_evp_pkey, s);
if (ret != SGX_SUCCESS) {
print_error_message(ret, __func__);
return NULL;
}
log_exit_ecall(__func__);
return &my_evp_pkey;
}
In ecall_SSL_get_privatekey
, the private key is copied to the memory area pointed to by pkey
, but since pkey
is user_check
, and points to untrusted memory outside the enclave, so an attacker can monitor its content to obtain the private key.
/* Fix this function so that it takes an optional type parameter */
+void
+ecall_SSL_get_privatekey(EVP_PKEY* pkey, SSL *s) {
+#ifdef COMPILE_WITH_INTEL_SGX
+ const SSL* out_s = s;
+
+ hashmap* m = get_ssl_hardening();
+ SSL* in_s = (SSL*) hashmapGet(m, (unsigned long)out_s);
+
+ EVP_PKEY* enclave_pkey = SSL_get_privatekey(in_s);
+ memcpy(pkey, enclave_pkey, sizeof(*pkey)); // An attacker can spy on the buffer pointed to by pkey
+#else
+ printf("Cannot call %s without SGX!!!\n", __func__);
+#endif
+}
+
It is not mentioned in the README section.
I stumbled across this while trying to debug the fact that the /src/libressl part does not include (for instance) an .edl
file.
Moreover the code is not compiling, with some things fixable and others not
openssl_types.h:695:30: error: conflicting types for ‘EVP_MD_CTX’
695 | typedef struct env_md_ctx_st EVP_MD_CTX;
Couldn't work around. Commenting this line yelds "incomplete type" errors
openssl_types.h:947: warning: "OPENSSL_VERSION_NUMBER" redefined
947 | #define OPENSSL_VERSION_NUMBER 0x20000000L
Added guards
enclave_u.h:271:103: error: unknown type name ‘CRYPTO_EX_new’; did you mean ‘CRYPTO_EX_DATA’?
Added #include <openssl/crypto.h>
. Solved a lot of similar problems
Multiple definitions of: struct crypto_ex_data_st AKA CRYPTO_EX_DATA; typedef struct crypto_threadid_st AKA CRYPTO_THREADID, were solved by adding #if 0 ; #endif
guards
Suggestions?
Hi,
Thanks for making your work public. I was trying to compile this but it turns out that
/TaLoS/src/libressl-2.4.1/lib is missing. I am able to compile /TaLoS/src/libressl-2.4.1/crypto folder fine.
Can you please tell if I am doing something right?
When compiling TaLoS in there is a warning in HW mode from file asn1/a_bitstr.c
In file included from /usr/include/string.h:494:0,
from ../include/compat/string.h:16,
from asn1/a_bitstr.c:60:
In function ‘memcpy’,
inlined from ‘i2c_ASN1_BIT_STRING’ at asn1/a_bitstr.c:121:2:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: ‘__builtin_memcpy’: specified
size between 18446744071562067968 and 18446744073709551615 exceeds maximum object
size 9223372036854775807 [-Werror=stringop-overflow=]
return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi, everyone, I used the lastest version code, but I still meet this error "Unable to establish SSL connection", could you please give some advise?
start nignx:
sudo LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:$(pwd)/../libressl-2.4.1/lib ./objs/nginx
However, the wget cannot establish SSl connection with nginx:
The nginx.conf:
server
{
listen 7788 ssl;
server_name localhost;
ssl_certificate cert.crt;
ssl_certificate_key cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
xxx:~/Documents/TaLoS-master/src/nginx-1.11.0$ ls install/conf/cert.*
install/conf/cert.crt install/conf/cert.key
Data races among the following shared variables and functions.
shared variable | function1 | function2 |
---|---|---|
OPENSSL_ia32cap_P | AES_cbc_encrypt | OPENSSL_cpuid_setup |
OPENSSL_ia32cap_P | OPENSSL_cpu_caps | OPENSSL_cpuid_setup |
OPENSSL_ia32cap_P | OPENSSL_cpuid_setup | OPENSSL_cpuid_setup |
OPENSSL_ia32cap_P | RC4 | OPENSSL_cpuid_setup |
OPENSSL_ia32cap_P | RC4_options | OPENSSL_cpuid_setup |
OPENSSL_ia32cap_P | RC4_set_key | OPENSSL_cpuid_setup |
OPENSSL_ia32cap_P | aesni_cbc_sha1_enc | OPENSSL_cpuid_setup |
OPENSSL_ia32cap_P | bn_GF2m_mul_2x2 | OPENSSL_cpuid_setup |
OPENSSL_ia32cap_P | sha1_block_data_order | OPENSSL_cpuid_setup |
OPENSSL_ia32cap_P+0x4 | OPENSSL_cpuid_setup | OPENSSL_cpuid_setup |
OPENSSL_ia32cap_P+0x4 | aesni_cbc_sha1_enc | OPENSSL_cpuid_setup |
OPENSSL_ia32cap_P+0x4 | sha1_block_data_order | OPENSSL_cpuid_setup |
SSL_CTX_set_tmp_dh_cb_address | ecall_SSL_CTX_set_tmp_dh_callback | ecall_SSL_CTX_set_tmp_dh_callback |
add_lock_callback | CRYPTO_get_add_lock_callback | CRYPTO_set_add_lock_callback |
add_lock_callback | CRYPTO_set_add_lock_callback | CRYPTO_add_lock |
add_lock_callback | CRYPTO_set_add_lock_callback | CRYPTO_set_add_lock_callback |
added | OBJ_add_object | OBJ_add_object |
added | OBJ_add_object | OBJ_ln2nid |
added | OBJ_add_object | OBJ_nid2ln |
added | OBJ_add_object | OBJ_nid2obj |
added | OBJ_add_object | OBJ_nid2sn |
added | OBJ_add_object | OBJ_obj2nid |
added | OBJ_add_object | OBJ_sn2nid |
added | OBJ_cleanup | OBJ_add_object |
added | OBJ_cleanup | OBJ_cleanup |
added | OBJ_cleanup | OBJ_ln2nid |
added | OBJ_cleanup | OBJ_nid2ln |
added | OBJ_cleanup | OBJ_nid2obj |
added | OBJ_cleanup | OBJ_nid2sn |
added | OBJ_cleanup | OBJ_obj2nid |
added | OBJ_cleanup | OBJ_sn2nid |
app_locks | CRYPTO_get_new_lockid | CRYPTO_get_lock_name |
app_locks | CRYPTO_get_new_lockid | CRYPTO_get_new_lockid |
app_methods | EVP_PKEY_asn1_add0 | EVP_PKEY_asn1_add0 |
app_methods | EVP_PKEY_asn1_find | EVP_PKEY_asn1_add0 |
app_methods | EVP_PKEY_asn1_find_str | EVP_PKEY_asn1_add0 |
app_methods | EVP_PKEY_asn1_get0 | EVP_PKEY_asn1_add0 |
app_methods | EVP_PKEY_asn1_get_count | EVP_PKEY_asn1_add0 |
app_pkey_methods | EVP_PKEY_meth_add0 | EVP_PKEY_meth_add0 |
app_pkey_methods | EVP_PKEY_meth_find | EVP_PKEY_meth_add0 |
bio_mempool_map | get_bio_mempool | get_bio_mempool |
bio_methods_map | get_bio_methods_map | get_bio_methods_map |
bn_limit_bits | BN_set_params | BN_get_params |
bn_limit_bits | BN_set_params | BN_set_params |
bn_limit_bits_high | BN_set_params | BN_get_params |
bn_limit_bits_high | BN_set_params | BN_set_params |
bn_limit_bits_low | BN_set_params | BN_get_params |
bn_limit_bits_low | BN_set_params | BN_set_params |
bn_limit_bits_mont | BN_set_params | BN_get_params |
bn_limit_bits_mont | BN_set_params | BN_set_params |
cleanup_stack | ENGINE_cleanup | ENGINE_cleanup |
cleanup_stack | engine_cleanup_add_first | ENGINE_cleanup |
cleanup_stack | engine_cleanup_add_first | engine_cleanup_add_first |
cleanup_stack | engine_cleanup_add_first | engine_cleanup_add_last |
cleanup_stack | engine_cleanup_add_last | ENGINE_cleanup |
cleanup_stack | engine_cleanup_add_last | engine_cleanup_add_last |
crypto_ex_dup_cb_address | ecall_SSL_get_ex_new_index | ecall_SSL_get_ex_new_index |
crypto_ex_dup_cb_address | fake_crypto_ex_dup_cb | ecall_SSL_get_ex_new_index |
crypto_ex_free_cb_address | ecall_SSL_get_ex_new_index | ecall_SSL_get_ex_new_index |
crypto_ex_free_cb_address | fake_crypto_ex_free_cb | ecall_SSL_get_ex_new_index |
crypto_ex_new_cb_address | ecall_SSL_get_ex_new_index | ecall_SSL_get_ex_new_index |
crypto_ex_new_cb_address | fake_crypto_ex_new_cb | ecall_SSL_get_ex_new_index |
crypto_set_dynlock_create_cb_addr | ecall_CRYPTO_set_dynlock_create_callback | ecall_CRYPTO_set_dynlock_create_callback |
crypto_set_dynlock_destroy_cb_addr | ecall_CRYPTO_set_dynlock_destroy_callback | ecall_CRYPTO_set_dynlock_destroy_callback |
crypto_set_dynlock_lock_cb_addr | ecall_CRYPTO_set_dynlock_lock_callback | ecall_CRYPTO_set_dynlock_lock_callback |
crypto_set_id_cb_address | ecall_CRYPTO_set_id_callback | ecall_CRYPTO_set_id_callback |
crypto_set_locking_cb_address | crypto_set_locking_fake_cb | ecall_CRYPTO_set_locking_callback |
crypto_set_locking_cb_address | ecall_CRYPTO_set_locking_callback | ecall_CRYPTO_set_locking_callback |
default_CONF_method | CONF_set_default_method | CONF_set_default_method |
default_CONF_method | CONF_set_nconf | CONF_set_default_method |
default_CONF_method | CONF_set_nconf | CONF_set_nconf |
default_DH_method | DH_get_default_method | DH_get_default_method |
default_DH_method | DH_get_default_method | DH_new_method |
default_DH_method | DH_new_method | DH_new_method |
default_DH_method | DH_set_default_method | DH_get_default_method |
default_DH_method | DH_set_default_method | DH_new_method |
default_DH_method | DH_set_default_method | DH_set_default_method |
default_DSA_method | DSA_get_default_method | DSA_get_default_method |
default_DSA_method | DSA_get_default_method | DSA_new_method |
default_DSA_method | DSA_new_method | DSA_new_method |
default_DSA_method | DSA_set_default_method | DSA_get_default_method |
default_DSA_method | DSA_set_default_method | DSA_new_method |
default_DSA_method | DSA_set_default_method | DSA_set_default_method |
default_DSO_meth | DSO_get_default_method | DSO_new_method |
default_DSO_meth | DSO_new_method | DSO_global_lookup |
default_DSO_meth | DSO_new_method | DSO_new_method |
default_DSO_meth | DSO_new_method | DSO_pathbyaddr |
default_DSO_meth | DSO_set_default_method | DSO_get_default_method |
default_DSO_meth | DSO_set_default_method | DSO_global_lookup |
default_DSO_meth | DSO_set_default_method | DSO_new_method |
default_DSO_meth | DSO_set_default_method | DSO_pathbyaddr |
default_DSO_meth | DSO_set_default_method | DSO_set_default_method |
default_ECDH_method | ECDH_DATA_new_method.constprop.1 | ECDH_DATA_new_method.constprop.1 |
default_ECDH_method | ECDH_DATA_new_method.constprop.1 | ECDH_get_default_method |
default_ECDH_method | ECDH_DATA_new_method.constprop.1 | ECDH_set_default_method |
default_ECDH_method | ECDH_get_default_method | ECDH_get_default_method |
default_ECDH_method | ECDH_set_default_method | ECDH_get_default_method |
default_ECDH_method | ECDH_set_default_method | ECDH_set_default_method |
default_ECDSA_method | ECDSA_DATA_new_method.constprop.1 | ECDSA_DATA_new_method.constprop.1 |
default_ECDSA_method | ECDSA_DATA_new_method.constprop.1 | ECDSA_get_default_method |
default_ECDSA_method | ECDSA_DATA_new_method.constprop.1 | ECDSA_set_default_method |
default_ECDSA_method | ECDSA_get_default_method | ECDSA_get_default_method |
default_ECDSA_method | ECDSA_set_default_method | ECDSA_get_default_method |
default_ECDSA_method | ECDSA_set_default_method | ECDSA_set_default_method |
default_RSA_meth | RSA_get_default_method | RSA_get_default_method |
default_RSA_meth | RSA_get_default_method | RSA_new_method |
default_RSA_meth | RSA_new_method | RSA_new_method |
default_RSA_meth | RSA_set_default_method | RSA_get_default_method |
default_RSA_meth | RSA_set_default_method | RSA_new_method |
default_RSA_meth | RSA_set_default_method | RSA_set_default_method |
default_UI_meth | UI_get_default_method | UI_get_default_method |
default_UI_meth | UI_new_method | UI_get_default_method |
default_UI_meth | UI_new_method | UI_new_method |
default_UI_meth | UI_new_method | UI_set_default_method |
default_UI_meth | UI_set_default_method | UI_get_default_method |
default_UI_meth | UI_set_default_method | UI_set_default_method |
default_crl_method | X509_CRL_set_default_method | X509_CRL_set_default_method |
default_crl_method | crl_cb | X509_CRL_set_default_method |
default_passwd_callback_ocall | ecall_SSL_CTX_set_default_passwd_cb | ecall_SSL_CTX_set_default_passwd_cb |
default_passwd_callback_ocall | pem_password_cb_for_ocall | ecall_SSL_CTX_set_default_passwd_cb |
default_trust | X509_TRUST_set_default | X509_TRUST_set_default |
default_trust | X509_TRUST_set_default | X509_check_trust |
dyn_locks | CRYPTO_get_new_dynlockid | CRYPTO_destroy_dynlockid |
dyn_locks | CRYPTO_get_new_dynlockid | CRYPTO_get_dynlock_value |
dyn_locks | CRYPTO_get_new_dynlockid | CRYPTO_get_new_dynlockid |
dynlock_create_callback | CRYPTO_get_dynlock_create_callback | CRYPTO_set_dynlock_create_callback |
dynlock_create_callback | CRYPTO_get_dynlock_create_callback | ecall_CRYPTO_set_dynlock_create_callback |
dynlock_create_callback | CRYPTO_set_dynlock_create_callback | CRYPTO_get_new_dynlockid |
dynlock_create_callback | CRYPTO_set_dynlock_create_callback | CRYPTO_set_dynlock_create_callback |
dynlock_create_callback | ecall_CRYPTO_set_dynlock_create_callback | CRYPTO_get_new_dynlockid |
dynlock_create_callback | ecall_CRYPTO_set_dynlock_create_callback | CRYPTO_set_dynlock_create_callback |
dynlock_destroy_callback | CRYPTO_get_dynlock_destroy_callback | CRYPTO_set_dynlock_destroy_callback |
dynlock_destroy_callback | CRYPTO_get_dynlock_destroy_callback | ecall_CRYPTO_set_dynlock_destroy_callback |
dynlock_destroy_callback | CRYPTO_set_dynlock_destroy_callback | CRYPTO_destroy_dynlockid |
dynlock_destroy_callback | CRYPTO_set_dynlock_destroy_callback | CRYPTO_get_new_dynlockid |
dynlock_destroy_callback | CRYPTO_set_dynlock_destroy_callback | CRYPTO_set_dynlock_destroy_callback |
dynlock_destroy_callback | ecall_CRYPTO_set_dynlock_destroy_callback | CRYPTO_destroy_dynlockid |
dynlock_destroy_callback | ecall_CRYPTO_set_dynlock_destroy_callback | CRYPTO_get_new_dynlockid |
dynlock_destroy_callback | ecall_CRYPTO_set_dynlock_destroy_callback | CRYPTO_set_dynlock_destroy_callback |
dynlock_lock_callback | CRYPTO_get_dynlock_lock_callback | CRYPTO_set_dynlock_lock_callback |
dynlock_lock_callback | CRYPTO_get_dynlock_lock_callback | ecall_CRYPTO_set_dynlock_lock_callback |
dynlock_lock_callback | CRYPTO_set_dynlock_lock_callback | CRYPTO_lock |
dynlock_lock_callback | CRYPTO_set_dynlock_lock_callback | CRYPTO_set_dynlock_lock_callback |
dynlock_lock_callback | ecall_CRYPTO_set_dynlock_lock_callback | CRYPTO_lock |
dynlock_lock_callback | ecall_CRYPTO_set_dynlock_lock_callback | CRYPTO_set_dynlock_lock_callback |
ecall_alias_buffer_len | ecall_X509_alias_get0 | ecall_X509_alias_get0 |
engine_list_head | ENGINE_add | ENGINE_add |
engine_list_head | ENGINE_add | ENGINE_by_id |
engine_list_head | ENGINE_add | ENGINE_remove |
engine_list_head | ENGINE_add | engine_list_cleanup |
engine_list_head | ENGINE_get_first | ENGINE_add |
engine_list_head | ENGINE_get_first | ENGINE_remove |
engine_list_head | ENGINE_remove | ENGINE_by_id |
engine_list_head | ENGINE_remove | ENGINE_remove |
engine_list_head | ENGINE_remove | engine_list_cleanup |
engine_list_tail | ENGINE_add | ENGINE_add |
engine_list_tail | ENGINE_add | ENGINE_remove |
engine_list_tail | ENGINE_get_last | ENGINE_add |
engine_list_tail | ENGINE_get_last | ENGINE_remove |
engine_list_tail | ENGINE_remove | ENGINE_remove |
err_fns | ERR_get_implementation | ERR_set_implementation |
err_fns | ERR_set_implementation | ERR_free_strings |
err_fns | ERR_set_implementation | ERR_func_error_string |
err_fns | ERR_set_implementation | ERR_get_err_state_table |
err_fns | ERR_set_implementation | ERR_get_next_error_library |
err_fns | ERR_set_implementation | ERR_get_state |
err_fns | ERR_set_implementation | ERR_get_string_table |
err_fns | ERR_set_implementation | ERR_lib_error_string |
err_fns | ERR_set_implementation | ERR_load_ERR_strings |
err_fns | ERR_set_implementation | ERR_load_strings |
err_fns | ERR_set_implementation | ERR_reason_error_string |
err_fns | ERR_set_implementation | ERR_release_err_state_table |
err_fns | ERR_set_implementation | ERR_remove_thread_state |
err_fns | ERR_set_implementation | ERR_set_implementation |
err_fns | ERR_set_implementation | ERR_unload_strings |
err_fns | err_fns_check.part.2 | ERR_free_strings |
err_fns | err_fns_check.part.2 | ERR_func_error_string |
err_fns | err_fns_check.part.2 | ERR_get_err_state_table |
err_fns | err_fns_check.part.2 | ERR_get_implementation |
err_fns | err_fns_check.part.2 | ERR_get_next_error_library |
err_fns | err_fns_check.part.2 | ERR_get_state |
err_fns | err_fns_check.part.2 | ERR_get_string_table |
err_fns | err_fns_check.part.2 | ERR_lib_error_string |
err_fns | err_fns_check.part.2 | ERR_load_ERR_strings |
err_fns | err_fns_check.part.2 | ERR_load_strings |
err_fns | err_fns_check.part.2 | ERR_reason_error_string |
err_fns | err_fns_check.part.2 | ERR_release_err_state_table |
err_fns | err_fns_check.part.2 | ERR_remove_thread_state |
err_fns | err_fns_check.part.2 | ERR_set_implementation |
err_fns | err_fns_check.part.2 | ERR_unload_strings |
err_fns | err_fns_check.part.2 | err_fns_check.part.2 |
err_fns | err_fns_check.part.2 | int_err_del_item |
err_fns | err_fns_check.part.2 | int_err_get_item |
err_fns | err_fns_check.part.2 | int_err_set_item |
err_fns | err_fns_check.part.2 | int_thread_del_item |
err_fns | err_fns_check.part.2 | int_thread_get_item |
err_fns | err_fns_check.part.2 | int_thread_set_item |
err_fns | int_err_del_item | ERR_set_implementation |
err_fns | int_err_get_item | ERR_set_implementation |
err_fns | int_err_set_item | ERR_set_implementation |
err_fns | int_thread_del_item | ERR_set_implementation |
err_fns | int_thread_get_item | ERR_set_implementation |
err_fns | int_thread_set_item | ERR_set_implementation |
ex_class | int_new_class | int_new_class |
ex_data | def_get_class | int_cleanup |
ex_data | ex_data_check | def_get_class |
ex_data | ex_data_check | ex_data_check |
ex_data | ex_data_check | int_cleanup |
ex_data | int_cleanup | int_cleanup |
ext_list | X509V3_EXT_add | X509V3_EXT_add |
ext_list | X509V3_EXT_add | X509V3_EXT_cleanup |
ext_list | X509V3_EXT_add | X509V3_EXT_get_nid |
ext_list | X509V3_EXT_cleanup | X509V3_EXT_cleanup |
ext_list | X509V3_EXT_get_nid | X509V3_EXT_cleanup |
ext_nids | X509_REQ_extension_nid | X509_REQ_set_extension_nids |
ext_nids | X509_REQ_get_extension_nids | X509_REQ_set_extension_nids |
ext_nids | X509_REQ_set_extension_nids | X509_REQ_get_extensions |
ext_nids | X509_REQ_set_extension_nids | X509_REQ_set_extension_nids |
free_connection_cb | tls_processing_register_free_connection_cb | tls_processing_free_connection |
free_connection_cb | tls_processing_register_free_connection_cb | tls_processing_register_free_connection_cb |
free_type | OBJ_NAME_cleanup | OBJ_NAME_cleanup |
free_type | names_lh_free_LHASH_DOALL | OBJ_NAME_cleanup |
global_mask | ASN1_STRING_get_default_mask | ASN1_STRING_set_default_mask_asc |
global_mask | ASN1_STRING_set_default_mask | ASN1_STRING_get_default_mask |
global_mask | ASN1_STRING_set_default_mask | ASN1_STRING_set_by_NID |
global_mask | ASN1_STRING_set_default_mask | ASN1_STRING_set_default_mask |
global_mask | ASN1_STRING_set_default_mask | ASN1_STRING_set_default_mask_asc |
global_mask | ASN1_STRING_set_default_mask_asc | ASN1_STRING_set_by_NID |
global_mask | ASN1_STRING_set_default_mask_asc | ASN1_STRING_set_default_mask_asc |
id_callback | CRYPTO_THREADID_current | CRYPTO_set_id_callback |
id_callback | CRYPTO_THREADID_current | ecall_CRYPTO_set_id_callback |
id_callback | CRYPTO_get_id_callback | CRYPTO_set_id_callback |
id_callback | CRYPTO_get_id_callback | ecall_CRYPTO_set_id_callback |
id_callback | CRYPTO_set_id_callback | CRYPTO_set_id_callback |
id_callback | CRYPTO_set_id_callback | CRYPTO_thread_id |
id_callback | ecall_CRYPTO_set_id_callback | CRYPTO_set_id_callback |
id_callback | ecall_CRYPTO_set_id_callback | CRYPTO_thread_id |
impl | CRYPTO_get_ex_data_implementation | CRYPTO_set_ex_data_implementation |
impl | CRYPTO_set_ex_data_implementation | CRYPTO_cleanup_all_ex_data |
impl | CRYPTO_set_ex_data_implementation | CRYPTO_dup_ex_data |
impl | CRYPTO_set_ex_data_implementation | CRYPTO_ex_data_new_class |
impl | CRYPTO_set_ex_data_implementation | CRYPTO_free_ex_data |
impl | CRYPTO_set_ex_data_implementation | CRYPTO_get_ex_new_index |
impl | CRYPTO_set_ex_data_implementation | CRYPTO_new_ex_data |
impl | CRYPTO_set_ex_data_implementation | CRYPTO_set_ex_data_implementation |
impl | impl_check | CRYPTO_cleanup_all_ex_data |
impl | impl_check | CRYPTO_dup_ex_data |
impl | impl_check | CRYPTO_ex_data_new_class |
impl | impl_check | CRYPTO_free_ex_data |
impl | impl_check | CRYPTO_get_ex_data_implementation |
impl | impl_check | CRYPTO_get_ex_new_index |
impl | impl_check | CRYPTO_new_ex_data |
impl | impl_check | CRYPTO_set_ex_data_implementation |
impl | impl_check | impl_check |
impl | impl_check | int_cleanup |
impl | int_cleanup | CRYPTO_cleanup_all_ex_data |
impl | int_cleanup | CRYPTO_dup_ex_data |
impl | int_cleanup | CRYPTO_ex_data_new_class |
impl | int_cleanup | CRYPTO_free_ex_data |
impl | int_cleanup | CRYPTO_get_ex_data_implementation |
impl | int_cleanup | CRYPTO_get_ex_new_index |
impl | int_cleanup | CRYPTO_new_ex_data |
impl | int_cleanup | CRYPTO_set_ex_data_implementation |
in_bc | ecall_X509_get_ext_d2i | ecall_X509_get_ext_d2i |
init.5310 | ERR_load_ERR_strings | ERR_load_ERR_strings |
init.5744 | BN_options | BN_options |
init.7113 | DES_options | DES_options |
initialized_engines | int_engine_init | int_engine_init |
initialized_engines | int_engine_module_finish | int_engine_init |
initialized_engines | int_engine_module_finish | int_engine_module_finish |
initialized_modules | CONF_modules_finish | CONF_modules_finish |
initialized_modules | CONF_modules_load | CONF_modules_finish |
initialized_modules | CONF_modules_load | CONF_modules_load |
int_err_library_number | int_err_get_next_lib | int_err_get_next_lib |
int_error_hash | int_err_del | int_err_del |
int_error_hash | int_err_del | int_err_get |
int_error_hash | int_err_get | int_err_get |
int_thread_hash | int_thread_del_item | int_thread_del_item |
int_thread_hash | int_thread_get | int_thread_del_item |
int_thread_hash | int_thread_get | int_thread_get |
int_thread_hash_references | int_thread_get | int_thread_del_item |
intr_signal | read_string_inner | read_string_inner |
intr_signal | recsig | read_string_inner |
intr_signal | recsig | recsig |
is_a_tty | open_console | open_console |
is_a_tty | read_string_inner | open_console |
locking_callback | CRYPTO_get_locking_callback | CRYPTO_set_locking_callback |
locking_callback | CRYPTO_get_locking_callback | ecall_CRYPTO_set_locking_callback |
locking_callback | CRYPTO_set_locking_callback | CRYPTO_lock |
locking_callback | CRYPTO_set_locking_callback | CRYPTO_set_locking_callback |
locking_callback | ecall_CRYPTO_set_locking_callback | CRYPTO_lock |
locking_callback | ecall_CRYPTO_set_locking_callback | CRYPTO_set_locking_callback |
name_funcs_stack | OBJ_NAME_add | OBJ_NAME_cleanup |
name_funcs_stack | OBJ_NAME_cleanup | OBJ_NAME_cleanup |
name_funcs_stack | OBJ_NAME_new_index | OBJ_NAME_add |
name_funcs_stack | OBJ_NAME_new_index | OBJ_NAME_cleanup |
name_funcs_stack | OBJ_NAME_new_index | OBJ_NAME_new_index |
name_funcs_stack | OBJ_NAME_new_index | OBJ_NAME_remove |
name_funcs_stack | OBJ_NAME_remove | OBJ_NAME_cleanup |
name_funcs_stack | obj_name_LHASH_COMP | OBJ_NAME_cleanup |
name_funcs_stack | obj_name_LHASH_COMP | OBJ_NAME_new_index |
name_funcs_stack | obj_name_LHASH_HASH | OBJ_NAME_cleanup |
name_funcs_stack | obj_name_LHASH_HASH | OBJ_NAME_new_index |
names_lh | OBJ_NAME_add | OBJ_NAME_cleanup |
names_lh | OBJ_NAME_cleanup | OBJ_NAME_cleanup |
names_lh | OBJ_NAME_do_all | OBJ_NAME_cleanup |
names_lh | OBJ_NAME_do_all_sorted | OBJ_NAME_cleanup |
names_lh | OBJ_NAME_get | OBJ_NAME_cleanup |
names_lh | OBJ_NAME_init | OBJ_NAME_cleanup |
names_lh | OBJ_NAME_init.part.2 | OBJ_NAME_add |
names_lh | OBJ_NAME_init.part.2 | OBJ_NAME_cleanup |
names_lh | OBJ_NAME_init.part.2 | OBJ_NAME_do_all |
names_lh | OBJ_NAME_init.part.2 | OBJ_NAME_do_all_sorted |
names_lh | OBJ_NAME_init.part.2 | OBJ_NAME_get |
names_lh | OBJ_NAME_init.part.2 | OBJ_NAME_init |
names_lh | OBJ_NAME_init.part.2 | OBJ_NAME_init.part.2 |
names_lh | OBJ_NAME_init.part.2 | OBJ_NAME_remove |
names_lh | OBJ_NAME_remove | OBJ_NAME_cleanup |
names_type_num | OBJ_NAME_new_index | OBJ_NAME_new_index |
net.6087 | DES_enc_read | DES_enc_read |
new_connection_cb | tls_processing_register_new_connection_cb | tls_processing_new_connection |
new_connection_cb | tls_processing_register_new_connection_cb | tls_processing_register_new_connection_cb |
new_nid | OBJ_create | OBJ_create |
new_nid | OBJ_new_nid | OBJ_create |
new_nid | OBJ_new_nid | OBJ_new_nid |
obj_cleanup_defer | OBJ_cleanup | EVP_cleanup |
obj_cleanup_defer | OBJ_cleanup | OBJ_cleanup |
obj_cleanup_defer | check_defer | EVP_cleanup |
obj_cleanup_defer | check_defer | OBJ_cleanup |
obj_cleanup_defer | check_defer | check_defer |
openssl_configured | OPENSSL_config | OPENSSL_no_config |
outbuf.6253 | DES_enc_write | DES_enc_write |
param_table | X509_VERIFY_PARAM_add0_table | X509_VERIFY_PARAM_add0_table |
param_table | X509_VERIFY_PARAM_add0_table | X509_VERIFY_PARAM_lookup |
param_table | X509_VERIFY_PARAM_add0_table | X509_VERIFY_PARAM_table_cleanup |
param_table | X509_VERIFY_PARAM_lookup | X509_VERIFY_PARAM_table_cleanup |
param_table | X509_VERIFY_PARAM_table_cleanup | X509_VERIFY_PARAM_table_cleanup |
pbe_algs | EVP_PBE_alg_add_type | EVP_PBE_alg_add_type |
pbe_algs | EVP_PBE_alg_add_type | EVP_PBE_cleanup |
pbe_algs | EVP_PBE_cleanup | EVP_PBE_cleanup |
pbe_algs | EVP_PBE_find.part.1 | EVP_PBE_alg_add_type |
pbe_algs | EVP_PBE_find.part.1 | EVP_PBE_cleanup |
pem_read_bio_dhparams_cb_addr | ecall_PEM_read_bio_DHparams | ecall_PEM_read_bio_DHparams |
pem_read_bio_ecpkparam_cb_addr | ecall_PEM_read_bio_ECPKParameters | ecall_PEM_read_bio_ECPKParameters |
pem_read_bio_privatekey_cb_address | ecall_PEM_read_bio_PrivateKey | ecall_PEM_read_bio_PrivateKey |
pem_read_bio_privatekey_cb_address | pem_read_bio_privatekey_fake_cb | ecall_PEM_read_bio_PrivateKey |
ps.6187 | read_string_inner | read_string_inner |
set_ssl_type_cb | tls_processing_register_set_ssl_type_cb | tls_processing_register_set_ssl_type_cb |
set_ssl_type_cb | tls_processing_register_set_ssl_type_cb | tls_processing_set_ssl_type |
sig_app | OBJ_add_sigid | OBJ_add_sigid |
sig_app | OBJ_add_sigid | OBJ_sigid_free |
sig_app | OBJ_find_sigid_algs | OBJ_add_sigid |
sig_app | OBJ_find_sigid_algs | OBJ_sigid_free |
sig_app | OBJ_sigid_free | OBJ_sigid_free |
sigx_app | OBJ_add_sigid | OBJ_add_sigid |
sigx_app | OBJ_add_sigid | OBJ_sigid_free |
sigx_app | OBJ_find_sigid_by_algs | OBJ_add_sigid |
sigx_app | OBJ_find_sigid_by_algs | OBJ_sigid_free |
sigx_app | OBJ_sigid_free | OBJ_sigid_free |
sk_pop_free_cb_addr | ecall_sk_pop_free | ecall_sk_pop_free |
sk_pop_free_cb_addr | sk_pop_free_fake_cb | ecall_sk_pop_free |
ssl_cipher_methods | ssl_load_ciphers | ssl_create_cipher_list |
ssl_cipher_methods | ssl_load_ciphers | ssl_load_ciphers |
ssl_cipher_methods+0x10 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_cipher_methods+0x10 | ssl_load_ciphers | ssl_load_ciphers |
ssl_cipher_methods+0x18 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_cipher_methods+0x18 | ssl_load_ciphers | ssl_load_ciphers |
ssl_cipher_methods+0x28 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_cipher_methods+0x28 | ssl_load_ciphers | ssl_load_ciphers |
ssl_cipher_methods+0x30 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_cipher_methods+0x30 | ssl_load_ciphers | ssl_load_ciphers |
ssl_cipher_methods+0x38 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_cipher_methods+0x38 | ssl_load_ciphers | ssl_load_ciphers |
ssl_cipher_methods+0x40 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_cipher_methods+0x40 | ssl_load_ciphers | ssl_load_ciphers |
ssl_cipher_methods+0x48 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_cipher_methods+0x48 | ssl_load_ciphers | ssl_load_ciphers |
ssl_cipher_methods+0x50 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_cipher_methods+0x50 | ssl_load_ciphers | ssl_load_ciphers |
ssl_cipher_methods+0x58 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_cipher_methods+0x58 | ssl_load_ciphers | ssl_load_ciphers |
ssl_cipher_methods+0x8 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_cipher_methods+0x8 | ssl_load_ciphers | ssl_load_ciphers |
ssl_ctx_set_cert_verify_cb_address | ecall_SSL_CTX_set_cert_verify_callback | ecall_SSL_CTX_set_cert_verify_callback |
ssl_ctx_set_cert_verify_cb_address | ssl_ctx_set_cert_verify_fake_cb | ecall_SSL_CTX_set_cert_verify_callback |
ssl_ctx_set_next_proto_select_cb_address | ecall_SSL_CTX_set_next_proto_select_cb | ecall_SSL_CTX_set_next_proto_select_cb |
ssl_ctx_set_tmp_rsa_callback_address | ecall_SSL_CTX_set_tmp_rsa_callback | ecall_SSL_CTX_set_tmp_rsa_callback |
ssl_ctx_set_tmp_rsa_callback_address | ssl_ctx_set_tmp_rsa_fake_callback | ecall_SSL_CTX_set_tmp_rsa_callback |
ssl_ctx_set_verify_callback_address | ecall_SSL_CTX_set_verify | ecall_SSL_CTX_set_verify |
ssl_ctx_set_verify_callback_address | ssl_ctx_set_verify_fake_callback | ecall_SSL_CTX_set_verify |
ssl_digest_methods | ssl_load_ciphers | ssl_create_cipher_list |
ssl_digest_methods | ssl_load_ciphers | ssl_load_ciphers |
ssl_digest_methods+0x10 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_digest_methods+0x10 | ssl_load_ciphers | ssl_load_ciphers |
ssl_digest_methods+0x18 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_digest_methods+0x18 | ssl_load_ciphers | ssl_load_ciphers |
ssl_digest_methods+0x20 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_digest_methods+0x20 | ssl_load_ciphers | ssl_load_ciphers |
ssl_digest_methods+0x28 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_digest_methods+0x28 | ssl_load_ciphers | ssl_load_ciphers |
ssl_digest_methods+0x30 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_digest_methods+0x30 | ssl_load_ciphers | ssl_load_ciphers |
ssl_digest_methods+0x38 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_digest_methods+0x38 | ssl_load_ciphers | ssl_load_ciphers |
ssl_digest_methods+0x8 | ssl_load_ciphers | ssl_create_cipher_list |
ssl_digest_methods+0x8 | ssl_load_ciphers | ssl_load_ciphers |
ssl_hardening_map | get_ssl_hardening | get_ssl_hardening |
ssl_mac_secret_size | ssl_load_ciphers | ssl_load_ciphers |
ssl_mac_secret_size+0x10 | ssl_load_ciphers | ssl_load_ciphers |
ssl_mac_secret_size+0x14 | ssl_load_ciphers | ssl_load_ciphers |
ssl_mac_secret_size+0x18 | ssl_load_ciphers | ssl_load_ciphers |
ssl_mac_secret_size+0x1c | ssl_load_ciphers | ssl_load_ciphers |
ssl_mac_secret_size+0x4 | ssl_load_ciphers | ssl_load_ciphers |
ssl_mac_secret_size+0x8 | ssl_load_ciphers | ssl_load_ciphers |
ssl_read_processing_cb | tls_processing_register_ssl_read_processing_cb | tls_processing_register_ssl_read_processing_cb |
ssl_read_processing_cb | tls_processing_register_ssl_read_processing_cb | tls_processing_ssl_read |
ssl_write_processing_cb | tls_processing_register_ssl_write_processing_cb | tls_processing_register_ssl_write_processing_cb |
ssl_write_processing_cb | tls_processing_register_ssl_write_processing_cb | tls_processing_ssl_write |
ssl_x509_store_ctx_idx.17876 | SSL_get_ex_data_X509_STORE_CTX_idx | SSL_get_ex_data_X509_STORE_CTX_idx |
stable | ASN1_STRING_TABLE_add | ASN1_STRING_TABLE_add |
stable | ASN1_STRING_TABLE_add | ASN1_STRING_TABLE_cleanup |
stable | ASN1_STRING_TABLE_cleanup | ASN1_STRING_TABLE_cleanup |
stable | ASN1_STRING_TABLE_get | ASN1_STRING_TABLE_add |
stable | ASN1_STRING_TABLE_get | ASN1_STRING_TABLE_cleanup |
start.6257 | DES_enc_write | DES_enc_write |
supported_modules | CONF_modules_load | CONF_modules_unload |
supported_modules | CONF_modules_unload | CONF_modules_unload |
supported_modules | module_add | CONF_modules_load |
supported_modules | module_add | CONF_modules_unload |
supported_modules | module_add | module_add |
table_flags | ENGINE_get_table_flags | ENGINE_set_table_flags |
table_flags | ENGINE_set_table_flags | ENGINE_set_table_flags |
table_flags | ENGINE_set_table_flags | engine_table_select |
threadid_callback | CRYPTO_THREADID_set_callback | CRYPTO_THREADID_current |
threadid_callback | CRYPTO_THREADID_set_callback | CRYPTO_THREADID_get_callback |
threadid_callback | CRYPTO_THREADID_set_callback | CRYPTO_THREADID_set_callback |
tmpbuf.6091 | DES_enc_read | DES_enc_read |
tntmp.13840 | asn1_cb | asn1_cb |
trigger.6589 | OPENSSL_cpuid_setup | OPENSSL_cpuid_setup |
trtable | X509_TRUST_add | X509_TRUST_add |
trtable | X509_TRUST_add | X509_TRUST_cleanup |
trtable | X509_TRUST_cleanup | X509_TRUST_cleanup |
trtable | X509_TRUST_get0 | X509_TRUST_add |
trtable | X509_TRUST_get0 | X509_TRUST_cleanup |
trtable | X509_TRUST_get_by_id.part.3 | X509_TRUST_add |
trtable | X509_TRUST_get_by_id.part.3 | X509_TRUST_cleanup |
trtable | X509_TRUST_get_count | X509_TRUST_add |
trtable | X509_TRUST_get_count | X509_TRUST_cleanup |
trtable | X509_check_trust | X509_TRUST_add |
trtable | X509_check_trust | X509_TRUST_cleanup |
tty_in | close_console | open_console |
tty_in | open_console | open_console |
tty_in | read_string_inner | open_console |
tty_out | close_console | open_console |
tty_out | open_console | open_console |
tty_out | read_string | open_console |
tty_out | read_string_inner | open_console |
unnet.6088 | DES_enc_read | DES_enc_read |
unnet_left.6090 | DES_enc_read | DES_enc_read |
unnet_start.6089 | DES_enc_read | DES_enc_read |
xptable | X509_PURPOSE_add | X509_PURPOSE_add |
xptable | X509_PURPOSE_add | X509_PURPOSE_cleanup |
xptable | X509_PURPOSE_cleanup | X509_PURPOSE_cleanup |
xptable | X509_PURPOSE_get0.part.4 | X509_PURPOSE_add |
xptable | X509_PURPOSE_get0.part.4 | X509_PURPOSE_cleanup |
xptable | X509_PURPOSE_get_by_id.part.5 | X509_PURPOSE_add |
xptable | X509_PURPOSE_get_by_id.part.5 | X509_PURPOSE_cleanup |
xptable | X509_PURPOSE_get_by_sname | X509_PURPOSE_add |
xptable | X509_PURPOSE_get_by_sname | X509_PURPOSE_cleanup |
xptable | X509_PURPOSE_get_count | X509_PURPOSE_add |
xptable | X509_PURPOSE_get_count | X509_PURPOSE_cleanup |
I recently discovered a bug. In /src/talos/patch/tasn_fre.c.patch::24
, you have a #else macro, which is unnecessary. The code should be like this:
static void smart_free(void* ptr) {
#ifdef COMPILE_WITH_INTEL_SGX
if (sgx_is_within_enclave(ptr, 1)) {
//#else
#endif
free(ptr);
//#endif
#ifdef COMPILE_WITH_INTEL_SGX
} else {
ocall_free(ptr);
}
#endif
}
Otherwise the ptr will not be freed.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.