You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@teaclave.apache.org by GitBox <gi...@apache.org> on 2020/04/19 06:19:54 UTC

[GitHub] [incubator-teaclave-sgx-sdk] edisonljh commented on issue #218: thread panics while doing keygen

edisonljh commented on issue #218: thread panics while doing keygen
URL: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/218#issuecomment-616050779
 
 
   > For bad example 2, please check if the panic info is: `thread '<unnamed>' panicked at 'TLS access error: AccessError { msg: "If TLS data needs to be destructed, TCS policy must be Bound." }'`. If so, the problem is:
   > 
   >     1. the enclave is signed with TCSPOLICY=UNBOUND, which means there's no reliable thread local storage slots.
   > 
   >     2. the enclave is using thread local storage, which often relates to `thread_rng`
   > 
   > 
   > Two ways to fix:
   > 
   >     * Edit TCSPolicy in `Enclave.config.xml`. make TCSPolicy = 0
   > 
   >     * or use `SgxRng` in `sgx_rand`, or `OsRng` in ported `rand`
   > 
   > 
   > ```toml
   > rand = { git = "https://github.com/mesalock-linux/rand-sgx", tag = "v0.6.5_sgx1.1.1" }
   > ```
   > 
   > ```rust
   > use std::string::ToString;
   > let threshold = 128;
   > let secret = "abcdefg".to_string();
   > let mut rand_container = vec![0u8; (threshold - 1) as usize];
   > let mut coefficients= vec![];
   > 
   > for c in secret.as_bytes() {
   > 
   >     // fixme: randomise the bytes
   > 
   >     let mut rng = SgxRng::new().unwrap();
   >     rng.fill_bytes(&mut rand_container);
   >     let mut coef: Vec<u8> = vec![*c];
   >     for r in rand_container.iter() {
   >         coef.push(*r);
   >     }
   >     coefficients.push(coef);
   > }
   > 
   > {
   >     use rand::rngs::OsRng;
   >     use rand::RngCore;
   >     OsRng.fill_bytes(&mut rand_container);
   > }
   > ```
   
   Thanks for the help! :) 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org