v1.1.0

Readme.md

@@ -3,29 +3,37 @@
 [![Gitter](https://badges.gitter.im/rust-sgx-sdk/community.svg)](https://gitter.im/rust-sgx-sdk/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 
 # Rust SGX SDK
-Rust SGX SDK helps developers write Intel SGX applications in Rust programming language. [[Paper pdf]](documents/ccsp17.pdf)
+Rust SGX SDK helps developers write Intel SGX applications in Rust programming language. [[CCS'17 Paper pdf]](documents/ccsp17.pdf) [[CCS'19 Paper pdf]](https://dingelish.com/ccs19.pdf)
 
-Good news! Our paper "Towards Memory Safety for Enclave Programs with Rust-SGX" has been accepted in ACM CCS'19. See you guys in London!
+Good News! Our paper "Building and Maintaining a Third-Party Library Supply Chain for Productive and Secure SGX Enclave Development" has been accepted by ICSE'20 SEIP track. See you guys in Seoul!
 
 We open-sourced [gbdt-rs](https://github.com/mesalock-linux/gbdt-rs), a light-weight, amazingly fast, memory safe, and trustworthy gradient boosting decision tree implementation and the [paper](documents/gbdt.pdf) has been accepted by IEEE S&P'19! It is optimized for SGX!
 
-To achieve better security, we recommend developers to apply [Non-bypassable Security Paradigm (NbSP)](https://github.com/baidu/rust-sgx-sdk/blob/master/documents/nbsp.pdf) to the system design and implementation.
+To achieve better security, we recommend developers to apply [Non-bypassable Security Paradigm (NbSP)](https://github.com/apache/teaclave-sgx-sdk/blob/master/documents/nbsp.pdf) to the system design and implementation.
 
-To help understand this project and know how to use it, we are writing some [wiki](https://github.com/baidu/rust-sgx-sdk/wiki) articles. Please [send me an email](mailto:[email protected]?subject=Wiki%20page%20needed:) if you'd like to see other topics. We'll add it as soon as possible.
+To help understand this project and know how to use it, we are writing some [wiki](https://github.com/apache/teaclave-sgx-sdk/wiki) articles. Please [send me an email](mailto:[email protected]?subject=Wiki%20page%20needed:) if you'd like to see other topics. We'll add it as soon as possible.
 
 Current wiki pages:
 
-* [The World of Forked crates](https://github.com/baidu/rust-sgx-sdk/wiki/The-World-of-Forked-crates) introduces the forked crate ecosystem, and provides some guidelines and usage, and show how we secure them.
+* [Mitigation of Intel SA 00219 in Rust SGX](https://github.com/apache/incubator-mesatee-sgx/wiki/Mitigation-of-Intel-SA-00219-in-Rust-SGX)
 
-* [Setup gdb 7.11 on Ubuntu 18.04 for VSCode sgx-gdb remote debugging](https://github.com/baidu/rust-sgx-sdk/wiki/Setup-gdb-7.11-on-Ubuntu-18.04-for-VSCode---sgx-gdb-remote-debugging) If you encounter errors like `gdb.error: syntax error in expression, near )0x7ffff4127370 = 0.`, probably you need to follow this instruction to setup gdb 7. Thanks to @akoskinas for this great instruction!
+* [`is_x86_feature_detected` in Rust SGX SDK](https://github.com/apache/incubator-mesatee-sgx/wiki/%60is_x86_feature_detected%60-in-Rust-SGX-SDK)
 
-* [Performance Optimization Tips](https://github.com/baidu/rust-sgx-sdk/wiki/Performance-Optimization-Tips)
+* [The World of Forked crates](https://github.com/apache/teaclave-sgx-sdk/wiki/The-World-of-Forked-crates) introduces the forked crate ecosystem, and provides some guidelines and usage, and show how we secure them.
 
-* [Use VSCode rls+rust-analysis+sgx-gdb for graphic developing (not in docker)](https://github.com/baidu/rust-sgx-sdk/wiki/Use-VSCode---rls---rust-analysis---sgx-gdb-for-graphic-developing-(not-in-docker))
+* [Setup gdb 7.11 on Ubuntu 18.04 for VSCode sgx-gdb remote debugging](https://github.com/apache/teaclave-sgx-sdk/wiki/Setup-gdb-7.11-on-Ubuntu-18.04-for-VSCode---sgx-gdb-remote-debugging) If you encounter errors like `gdb.error: syntax error in expression, near )0x7ffff4127370 = 0.`, probably you need to follow this instruction to setup gdb 7. Thanks to @akoskinas for this great instruction!
 
-* [Debugging local enclave in docker](https://github.com/baidu/rust-sgx-sdk/wiki/Debugging-a-local-Rust-SGX-enclave-in-docker-with-sgx-gdb)
+* [Performance Optimization Tips](https://github.com/apache/teaclave-sgx-sdk/wiki/Performance-Optimization-Tips)
 
-* Everything about [environment setup](https://github.com/baidu/rust-sgx-sdk/wiki/Environment-Setup)
+* [Use VSCode rls+rust-analysis+sgx-gdb for graphic developing (not in docker)](https://github.com/apache/teaclave-sgx-sdk/wiki/Use-VSCode---rls---rust-analysis---sgx-gdb-for-graphic-developing-(not-in-docker))
+
+* [Debugging local enclave in docker](https://github.com/apache/teaclave-sgx-sdk/wiki/Debugging-a-local-Rust-SGX-enclave-in-docker-with-sgx-gdb)
+
+* Everything about [environment setup](https://github.com/apache/teaclave-sgx-sdk/wiki/Environment-Setup)
+
+## v1.1.0
+
+Supports Intel SGX SDK v2.7.1, and Rust nightly-2019-11-25. v1.1.0 brings up dynamic static supports by `thread::spawn`, and almost everything of `std::sync`. Also v1.1.0 benefits from Intel SGX SDK's aligned memory allocation primitives to mitigate [INTEL-SA-00219](https://github.com/apache/incubator-mesatee-sgx/wiki/Mitigation-of-Intel-SA-00219-in-Rust-SGX). Besides, we enabled [`is_x86_feature_detected!`](https://github.com/apache/incubator-mesatee-sgx/wiki/%60is_x86_feature_detected%60-in-Rust-SGX-SDK) by parsing a hidden global CPU feature indicator initialized by Intel SGX urts/trts. And we provided Dockerfile for Fedora 27. For detailed information, please refer to [release_notes](release_notes.md) for more details.
 
 ## v1.0.9 Release
 
@@ -64,7 +72,7 @@ This version supports Rust nightly build (nightly-2018-10-01) in the master bran
 This version supports the Rust nightly build (nightly-2018-07-16) in master branch and the most recent Rust stable build (stable-2018-07-10). And it supports the latest Intel SGX SDK **v2.2**. New third party libraries include: bytes, http, iovec, rust-crypto, rust-fnv and rust-threshold-secret-sharing. New code sample 'secretsharing' and 'rust-threshold-secret-sharing' is provided by @davidp94. Please refer to [release_notes](release_notes.md) for further details.
 
 ## v1.0.0 Release
-We proudly announce v1.0.0 of rust-sgx-sdk! We port Parity's [Webassembly Interpreter](https://github.com/paritytech/wasmi) to Intel SGX and provide a full functional in-enclave [wasmi sample](samplecode/wasmi), and a [sample solution](samplecode/psi) of two-party private-set-intersection resisting side-channel attacks! From this version, we start to support most recent stable branch of Rust instead of nightly for better stability and future production use. Thus, the [stable branch](https://github.com/baidu/rust-sgx-sdk/tree/rust-stable) of v1.0.0 supports the most recent Rust stable toolchain (1.26.0 stable-2018-05-07), while the master only supports Rust nightly toolchain of nightly-2018-04-11. Please refer to [release_notes](release_notes.md) for further details.
+We proudly announce v1.0.0 of rust-sgx-sdk! We port Parity's [Webassembly Interpreter](https://github.com/paritytech/wasmi) to Intel SGX and provide a full functional in-enclave [wasmi sample](samplecode/wasmi), and a [sample solution](samplecode/psi) of two-party private-set-intersection resisting side-channel attacks! From this version, we start to support most recent stable branch of Rust instead of nightly for better stability and future production use. Thus, the [stable branch](https://github.com/apache/teaclave-sgx-sdk/tree/rust-stable) of v1.0.0 supports the most recent Rust stable toolchain (1.26.0 stable-2018-05-07), while the master only supports Rust nightly toolchain of nightly-2018-04-11. Please refer to [release_notes](release_notes.md) for further details.
 
 ## v0.9.8 Release
 This version provides security updates regards to recent Spectre attacks in Intel SGX, and supports **Rust stable (2018-03-01)** (in branch named 'rust-stable'). It contains support of [Intel SGX SDK 2.1.2](https://download.01.org/intel-sgx/linux-2.1.2/) and a series of API functions to stop speculative execution on demand. In addition, we provide a ported version of [rust-protobuf](https://crates.io/crates/protobuf) v1.4.4. Please refer to [release_notes](release_notes.md) for further details.
@@ -238,8 +246,6 @@ Baidu Rust-SGX SDK is provided under the BSD license. Please refer to the [Licen
 
 Ran Duan, Long Li, Shi Jia, Yu Ding, Yulong Zhang, Yueqiang Cheng, Lenx Wei, Tanghui Chen
 
-![Baidu X-Lab Logo](https://raw.githubusercontent.com/baidu/rust-sgx-sdk/master/logo_25.png)
-
 # Acknowledgement
 
 Thanks to [Prof. Jingqiang Lin](http://people.ucas.ac.cn/~0010268) for his contribution to this project.

buildenv.mk

@@ -1,31 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
 #
-# Copyright (C) 2017-2019 Baidu, Inc. All Rights Reserved.
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-#  * Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-#  * Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#  * Neither the name of Baidu, Inc., nor the names of its
-#    contributors may be used to endorse or promote products derived
-#    from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License..
 #
 #
 

common/inc/assert.h

@@ -1,5 +1,5 @@
-/*	$OpenBSD: assert.h,v 1.12 2006/01/31 10:53:51 hshoexer Exp $	*/
-/*	$NetBSD: assert.h,v 1.6 1994/10/26 00:55:44 cgd Exp $	*/
+/*  $OpenBSD: assert.h,v 1.12 2006/01/31 10:53:51 hshoexer Exp $    */
+/*  $NetBSD: assert.h,v 1.6 1994/10/26 00:55:44 cgd Exp $           */
 
 /*-
  * Copyright (c) 1992, 1993

common/inc/complex.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: complex.h,v 1.3 2010/07/24 22:17:03 guenther Exp $	*/
+/*  $OpenBSD: complex.h,v 1.3 2010/07/24 22:17:03 guenther Exp $    */
 /*
  * Copyright (c) 2008 Martynas Venckus <[email protected]>
  *
@@ -16,7 +16,7 @@
  */
 
 #ifndef _COMPLEX_H_
-#define	_COMPLEX_H_
+#define _COMPLEX_H_
 
 #include <sys/cdefs.h>
 
@@ -25,18 +25,18 @@
  */
 #ifdef __GNUC__
 #if __STDC_VERSION__ < 199901
-#define _Complex	__complex__
+#define _Complex    __complex__
 #endif
-#define _Complex_I	1.0fi
+#define _Complex_I  1.0fi
 #elif defined(lint)
-#define _Complex_I	1.0fi
+#define _Complex_I  1.0fi
 #endif
 
-#define complex		_Complex
+#define complex     _Complex
 
 /* XXX switch to _Imaginary_I */
 #undef I
-#define I		_Complex_I
+#define I           _Complex_I
 
 __BEGIN_DECLS
 /*

common/inc/ctype.h

@@ -34,7 +34,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	@(#)ctype.h	5.3 (Berkeley) 4/3/91
+ *  @(#)ctype.h 5.3 (Berkeley) 4/3/91
  */
 
 #ifndef _CTYPE_H_

common/inc/dirent.h

@@ -29,7 +29,7 @@ struct dirent
 #endif
     unsigned short int d_reclen;
     unsigned char d_type;
-    char d_name[256];		/* We must not include limits.h! */
+    char d_name[256];       /* We must not include limits.h! */
 };
 
 //#ifdef __USE_LARGEFILE64
@@ -39,11 +39,11 @@ struct dirent64
     __off64_t d_off;
     unsigned short int d_reclen;
     unsigned char d_type;
-    char d_name[256];		/* We must not include limits.h! */
+    char d_name[256];       /* We must not include limits.h! */
 };
 //#endif
 
-#define d_fileno	d_ino	/* Backwards compatibility.  */
+#define d_fileno	d_ino   /* Backwards compatibility.  */
 
 #undef  _DIRENT_HAVE_D_NAMLEN
 #define _DIRENT_HAVE_D_RECLEN
@@ -52,8 +52,8 @@ struct dirent64
 
 #if defined __OFF_T_MATCHES_OFF64_T && defined __INO_T_MATCHES_INO64_T
 /* Inform libc code that these two types are effectively identical.  */
-# define _DIRENT_MATCHES_DIRENT64	1
+# define _DIRENT_MATCHES_DIRENT64   1
 #else
-# define _DIRENT_MATCHES_DIRENT64	0
+# define _DIRENT_MATCHES_DIRENT64   0
+#endif
 #endif
-#endif

common/inc/endian.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: endian.h,v 1.18 2006/03/27 07:09:24 otto Exp $	*/
+/*  $OpenBSD: endian.h,v 1.18 2006/03/27 07:09:24 otto Exp $    */
 
 /*-
  * Copyright (c) 1997 Niklas Hallqvist.  All rights reserved.

common/inc/errno.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: errno.h,v 1.1 2005/12/28 16:33:56 millert Exp $	*/
+/*  $OpenBSD: errno.h,v 1.1 2005/12/28 16:33:56 millert Exp $   */
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1993
@@ -33,7 +33,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	@(#)errno.h	8.5 (Berkeley) 1/21/94
+ *  @(#)errno.h 8.5 (Berkeley) 1/21/94
  */
 
 #ifndef	_ERRNO_H_
@@ -180,7 +180,7 @@ __BEGIN_DECLS
 
 #ifndef errno
 int * _TLIBC_CDECL_ __errno(void);
-#define	errno (*__errno())
+#define errno   (*__errno())
 #endif /* errno */
 __END_DECLS
 

common/inc/float.h

@@ -1,5 +1,5 @@
-/* $OpenBSD: float.h,v 1.3 2008/07/21 20:50:54 martynas Exp $ */
-/* $NetBSD: float.h,v 1.8 1995/06/20 20:45:37 jtc Exp $ */
+/*  $OpenBSD: float.h,v 1.3 2008/07/21 20:50:54 martynas Exp $  */
+/*  $NetBSD: float.h,v 1.8 1995/06/20 20:45:37 jtc Exp $    */
 
 /*
  * Copyright (c) 1989 Regents of the University of California.

common/inc/iso646.h

@@ -1,5 +1,5 @@
-/*	$OpenBSD: iso646.h,v 1.3 2001/10/11 00:05:21 espie Exp $	*/
-/*	$NetBSD: iso646.h,v 1.1 1995/02/17 09:08:10 jtc Exp $	*/
+/*  $OpenBSD: iso646.h,v 1.3 2001/10/11 00:05:21 espie Exp $  */
+/*  $NetBSD: iso646.h,v 1.1 1995/02/17 09:08:10 jtc Exp $     */
 
 /*
  * Written by J.T. Conklin <[email protected]> 02/16/95.

common/inc/limits.h

@@ -1,5 +1,5 @@
-/*	$OpenBSD: limits.h,v 1.15 2008/02/10 09:59:54 kettenis Exp $	*/
-/*	$NetBSD: limits.h,v 1.7 1994/10/26 00:56:00 cgd Exp $	*/
+/*  $OpenBSD: limits.h,v 1.15 2008/02/10 09:59:54 kettenis Exp $    */
+/*  $NetBSD: limits.h,v 1.7 1994/10/26 00:56:00 cgd Exp $           */
 
 /*
  * Copyright (c) 1988 The Regents of the University of California.
@@ -29,7 +29,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	@(#)limits.h	5.9 (Berkeley) 4/3/91
+ *  @(#)limits.h    5.9 (Berkeley) 4/3/91
  */
 
 

common/inc/math.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: math.h,v 1.27 2010/12/14 11:16:15 martynas Exp $	*/
+/*  $OpenBSD: math.h,v 1.27 2010/12/14 11:16:15 martynas Exp $  */
 /*
  * ====================================================
  * Copyright (C) 1993 by Sun Microsystems, Inc. All rights reserved.
@@ -145,7 +145,7 @@ double _TLIBC_CDECL_ tgamma(double);
 
 double _TLIBC_CDECL_ nearbyint(double);
 double _TLIBC_CDECL_ rint(double);
-long int _TLIBC_CDECL_ lrint(double); 
+long int _TLIBC_CDECL_ lrint(double);
 long long int _TLIBC_CDECL_ llrint(double);
 double _TLIBC_CDECL_ round(double);
 long int _TLIBC_CDECL_ lround(double);

common/inc/mbusafecrt.h

@@ -1,6 +1,6 @@
 //
 // Copyright (c) Microsoft. All rights reserved.
-// Licensed under the MIT license. See LICENSE file in the project root for full license information. 
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
 //
 
 /***
@@ -80,4 +80,4 @@ extern errno_t memmove_s( void * dst, size_t sizeInBytes, const void * src, size
     }
 #endif
 
-#endif	/* MBUSAFECRT_H */
+#endif  /* MBUSAFECRT_H */

common/inc/netdb.h

@@ -0,0 +1,37 @@
+  /* Copyright (C) 1996-2018 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+/* All data returned by the network data base library are supplied in
+   host order and returned in network order (suitable for use in
+   system calls).  */
+
+#ifndef _NETDB_H
+#define _NETDB_H
+
+struct addrinfo
+{
+    int ai_flags;               /* Input flags.  */
+    int ai_family;              /* Protocol family for socket.  */
+    int ai_socktype;            /* Socket type.  */
+    int ai_protocol;            /* Protocol for socket.  */
+    socklen_t ai_addrlen;       /* Length of socket address.  */
+    struct sockaddr *ai_addr;   /* Socket address for socket.  */
+    char *ai_canonname;         /* Canonical name for service location.  */
+    struct addrinfo *ai_next;   /* Pointer to next in list.  */
+};
+
+#endif

common/inc/poll.h

@@ -7,9 +7,9 @@ typedef unsigned long int nfds_t;
 /* Data structure describing a polling request.  */
 struct pollfd
 {
-    int fd;			/* File descriptor to poll.  */
-    short int events;		/* Types of events poller cares about.  */
-    short int revents;		/* Types of events that actually occurred.  */
+    int fd;             /* File descriptor to poll.  */
+    short int events;   /* Types of events poller cares about.  */
+    short int revents;  /* Types of events that actually occurred.  */
 };
 
 #endif

common/inc/pthread.h

@@ -0,0 +1,34 @@
+#ifndef _SYS_THREAD_H_
+#define _SYS_THREAD_H_
+
+/* Thread identifiers.  The structure of the attribute type is not
+   exposed on purpose.  */
+typedef unsigned long int pthread_t;
+
+#if defined __x86_64__ && !defined __ILP32__
+# define __WORDSIZE 64
+#else
+# define __WORDSIZE 32
+#define __WORDSIZE32_SIZE_ULONG     0
+#define __WORDSIZE32_PTRDIFF_LONG   0
+#endif
+
+#ifdef __x86_64__
+# if __WORDSIZE == 64
+#  define __SIZEOF_PTHREAD_ATTR_T   56
+# else
+#  define __SIZEOF_PTHREAD_ATTR_T   32
+#endif
+
+union pthread_attr_t
+{
+    char __size[__SIZEOF_PTHREAD_ATTR_T];
+    long int __align;
+};
+#ifndef __have_pthread_attr_t
+typedef union pthread_attr_t pthread_attr_t;
+# define __have_pthread_attr_t 1
+#endif
+
+#endif
+#endif