jonhoo
commented
8 years ago In fact, looking at a recent diff that removes a bunch of code, it seems like it is possible to access OpenSSL through OpenSGX. Is this documented anywhere?
Closed jonhoo closed 8 years ago
jonhoo
commented
8 years ago In fact, looking at a recent diff that removes a bunch of code, it seems like it is possible to access OpenSSL through OpenSGX. Is this documented anywhere?
johnmwshih
commented
8 years ago Yes we've ported OpenSSL and made some applications (e.g., Tor). We are currently working on making a more complete version. Should be released soon.
johnmwshih
commented
8 years ago Due to libc support, now we are able to support native openssl/polarssl library inside the enclave. Closing this issue!
I noticed that some preliminary work has been done on making PolarSSL's (now named mbed TLS by the way) net_* functions work. For example, the code in
net.chas been modified to usesgx_memcpyandsgx_memset. Are there any plans to extend this to support establishing TLS connections inside the enclave?The modifications are likely to be relatively mechanical (e.g., changing
connecttosgx_connect,bindtosgx_bind, etc.), but there will probably a lot of them. PolarSSL is modular enough that it may be possible to simply override handlers all over the place, but it would be very useful if OpenSGX provided this out-of-the-box!