Resetting EVP_set_default_properties to avoid usage of tpm provider. #23916
Replies: 2 comments
-
can you provide a more complete reproducer example please? Dependent on exactly how you create/manage your context, if you have an allocated instance of a rand object in your context, the provider will still be used, even after unloading it. |
Beta Was this translation helpful? Give feedback.
-
Thanks for the reply @nhorman. This is the code; I use to read the private key info from 0x81010001 OSSL_STORE_CTX *ctx;
And then, when i fetch the EVP_PKEY *pkey , this is the information it gives, After setting the value to cmp context, CMP IR is performed, this is the info it gives RAND NEW And then unloading the providers after the IR is finished as part of destructor. This is the cmp_ctx i'm creating,
** I'm not creating any RAND_CTX internally, I just loaded and unloaded providers and also setting up the EVP_set_default_properties.. Is there any mechanism to clean up even after unloading the providers? Just to make it back to non provider(no provider). I'm not using any provider for KUR, and this is running in the same memory location in the mock server. So, after restarting the mock server and perform KUR, it works. If I'm not restarting server KUR keeps on crashing. And the above error logs is seen. So, in the same server and memory context, how to make it happen? |
Beta Was this translation helpful? Give feedback.
-
Hi,
I'm using tpm2 provider and set the EVP property with tpm2 query for performing CMP IR, after the end of the IR, I don't want to use the provider.
For Performing IR,
**Loading providers: **
#define TPM2_PROVIDER "/usr/lib64/ossl-packages/tpm2.so"
#define TPM_PROP_QUERY "?provider=tpm2,tpm2.digest!=yes"
loadedProvider = OSSL_PROVIDER_load(NULL, TPM2_PROVIDER);
if (!loadedProvider)
{
ERR_print_errors_fp(stderr);
}
if (! EVP_set_default_properties(NULL, TPM_PROP_QUERY))
{
ERR_print_errors_fp(stderr);
}
**Unloading Providers: **
if (loadedProvider != nullptr)
{
OSSL_PROVIDER_unload(loadedProvider);
loadedProvider = nullptr;
}
I don't want to use the providers, even after unloading it, I got the below errors. It is running in same memory context
**These are the errors i got, when i'm not relying on providers: **
RAND GET_CTX_PARAMS [ max_request ]
RAND GENERATE
RAND GET_CTX_PARAMS [ max_request ]
RAND GENERATE
RAND GET_CTX_PARAMS [ strength ]
0017E64D487F0000:error:1C8000BB:Provider routines:get_entropy:parent cannot supply entropy seed:providers/implementations/rands/drbg.c:211:
0017E64D487F0000:error:1C8000BD:Provider routines:ossl_prov_drbg_instantiate:error retrieving entropy:providers/implementations/rands/drbg.c:456:
0017E64D487F0000:error:1200006C:random number generator:rand_new_drbg:error instantiating drbg:crypto/rand/rand_lib.c:607:
0017E64D487F0000:error:02080003:rsa routines:RSA_setup_blinding:BN lib:crypto/rsa/rsa_crpt.c:161:
0017E64D487F0000:error:020C0103:rsa routines:rsa_ossl_private_encrypt:internal error:crypto/rsa/rsa_ossl.c:304:
0017E64D487F0000:error:1C880004:Provider routines:rsa_sign:RSA lib:providers/implementations/signature/rsa_sig.c:588:
0017E64D487F0000:error:06880006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:crypto/asn1/a_sign.c:284:
0017E64D487F0000:error:1D0000A3:CMP routines:ossl_cmp_certreq_new:error creating certreq:crypto/cmp/cmp_msg.c:439:
Is there any way to set it back to normal in the same context,
**How to EVP_set_default_properties without any providers, like resetting it without use of any provider? **
What prop query i have to use?
I tried using NULL also, it still throws same error.
EVP_set_default_properties(NULL, NULL);
Thanks in advance.
Beta Was this translation helpful? Give feedback.
All reactions