Using Asylo with OpenSSL
49 views
Skip to first unread message
Seraphime -
Jan 27, 2020, 10:02:17 AM1/27/20
to Asylo Users
Hi Folks,
I'm doing some benchmarks and the thing I'm benchmarking against uses OpenSSL. As the operations are simple and the deviations is enormous in favor of Asylo, I'm thinking this comes from the crypto implementation.
Is there a way I can link my enclave with libcrypto from OpenSSL.
Studying the dependency graph of bazel, I doesn't look optimistic :(.
Thanks,
Seraphime
Stojan Dimitrovski
Jan 27, 2020, 10:07:27 AM1/27/20
to Seraphime -, Asylo Users
Hi Seraphime,
I've not done this in Asylo, but wolfSSL can be used within Intel SGX
enclaves. It has OpenSSL API compatibility mode as well.
> --
> Visit asylo.dev for the latest information.
> ---
> You received this message because you are subscribed to the Google Groups "Asylo Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to asylo-users...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/asylo-users/d98ba34c-c083-44a6-8950-99ff4f0c8f20%40googlegroups.com.
--
Stojan Dimitrovski
http://stojan.me
I've not done this in Asylo, but wolfSSL can be used within Intel SGX
enclaves. It has OpenSSL API compatibility mode as well.
> Visit asylo.dev for the latest information.
> ---
> You received this message because you are subscribed to the Google Groups "Asylo Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to asylo-users...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/asylo-users/d98ba34c-c083-44a6-8950-99ff4f0c8f20%40googlegroups.com.
--
Stojan Dimitrovski
http://stojan.me
Seraphime -
Jan 27, 2020, 10:45:46 AM1/27/20
to Asylo Users
Hi Stojan,
Thanks, but Asylo is part of my requirements.
On Monday, January 27, 2020 at 5:07:27 PM UTC+2, Stojan Dimitrovski wrote:
Hi Seraphime,
I've not done this in Asylo, but wolfSSL can be used within Intel SGX
enclaves. It has OpenSSL API compatibility mode as well.
On Mon, Jan 27, 2020 at 4:02 PM Seraphime - <kirks...@gmail.com> wrote:
>
> Hi Folks,
>
> I'm doing some benchmarks and the thing I'm benchmarking against uses OpenSSL. As the operations are simple and the deviations is enormous in favor of Asylo, I'm thinking this comes from the crypto implementation.
>
> Is there a way I can link my enclave with libcrypto from OpenSSL.
>
> Studying the dependency graph of bazel, I doesn't look optimistic :(.
>
> Thanks,
> Seraphime
>
> --
> Visit asylo.dev for the latest information.
> ---
> You received this message because you are subscribed to the Google Groups "Asylo Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to asylo...@googlegroups.com.
Dionna Amalie Glaze
Jan 27, 2020, 11:24:23 AM1/27/20
to Seraphime -, Asylo Users
Asylo's crypto operations are implemented by boringssl (https://boringssl.googlesource.com/boringssl/), which is a trimmed down OpenSSL implementation linked into the enclave trusted runtime. You should be able to #include <openssl/sha.h> or other common OpenSSL headers and get the same symbols, without adding any extra dependencies to your enclave target*.
Let us know if you run into any issues.
* Our growing concern with large binary sizes from linking whole archives may change this convenience in the future, and you'll need to add @boringssl//:crypto to your deps. Some libraries may no longer be wholely transitively linked, just the used portions by dependencies.
To unsubscribe from this group and stop receiving emails from it, send an email to asylo-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/asylo-users/10a35a70-b4d5-4525-b69c-ec2bcfd2f640%40googlegroups.com.
-Dionna Glaze, PhD (she/her)
Reply all
Reply to author
Forward
0 new messages