diff options
| author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-03-22 22:48:45 -0400 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-03-22 22:59:44 -0400 |
| commit | ebd7ed47000caa972be7ba5d7392be9d8020137d (patch) | |
| tree | 256b8d2d7f1b36527cfcf7e9625ef68b7235b2f5 | |
| parent | e718104c9aaf79c192cccd6f2cdfd56875145797 (diff) | |
| download | openssl_tpm2_engine-ebd7ed47000caa972be7ba5d7392be9d8020137d.tar.gz | |
decode_encode: fix the provider recursion problem
Normally providers are selected in order, so specifying
--provider default --provider tpm2
is enough to ensure that the default provider is used for all routines
the tpm2 provider doesn't actually provide. However, there is an
exception to this ordering in that openssl will search the cache first
before going in provider order, so when the implementation beneath
this provider also needs to use openssl (as all tss's do) then you get
into a situation where the first use of a tpm2 routine will populate
the cache for tpm2 only and then all subsequent uses will find tpm2
before default. This is a serious recursion problem in the tss
because it uses elliptic curve derivation to obtain the encrypted salt
for sessions but it can't go back around and use this providers
routines for EC because they'll eventually need to derive the
encrypted salt ...
The fix is to artificially populate the cache with the default
provider before the tpm2 also gets added.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
| -rw-r--r-- | src/provider/decode_encode.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/provider/decode_encode.c b/src/provider/decode_encode.c index 8b55dd9..9ef9308 100644 --- a/src/provider/decode_encode.c +++ b/src/provider/decode_encode.c @@ -100,6 +100,25 @@ static int tpm2_pkey_decode(void *ctx, OSSL_CORE_BIO *cin, int selection, params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, &ad, sizeof(ad)); params[3] = OSSL_PARAM_construct_end(); + if (alg == TPM_ALG_ECC) { + /* + * NASTY HACK for provider recursion problem. If the + * provider depends on openssl, like this one does + * (tss uses it) then you always get a problem with + * the key management methods for this provider being + * found first in the cache because the order of + * searching is cache first then providers by order. + * The specific problem is that the lower tss routines + * need to use EC derivation to create the + * encryption/HMAC salt, but they can't use this + * provider to do it (otherwise they'd recurse + * forvever), so you need to populate the cache with + * the default implementation of EC keys so they are + * found before this provider's ones. + */ + EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); + EVP_PKEY_CTX_free(ctx); + } ret = data_cb(params, data_cbarg); if (ret) |