SOLVED: Force use of engine all the time
Frederick Gotham
cauldwell.thomas at gmail.com
Thu Nov 7 13:39:03 UTC 2019
I know I've called this "solved", but I've achieved my objective about 98%
so there's only a little bit left to go.
My changes to the source code for LibOpenSSL are confined to the file
"rand_lib.c".
Firstly, I've added the following code:
#include <assert.h>
#include <sys/stat.h>
#include <fcntl.h>
static int Dummy__seed(const void *buf, int num) { (void)buf; (void)num;
return 1; }
static void Dummy__cleanup(void) { /* Do Nothing */ return; }
static int Dummy__add(const void *buf, int num, double randomness) {
(void)buf; (void)num; (void)randomness; return 1; }
static int Dummy__status(void) { /* Do Nothing */ return 1; }
static void Do_Whatever_Needs_Done_For_TPM2(void)
{
CRYPTO_THREAD_write_lock(rand_meth_lock);
CRYPTO_THREAD_write_lock(rand_engine_lock);
/* Initialize the dynamic engine loader */
ENGINE_load_dynamic();
ENGINE *tpm2_engine;
/* If the first fails, try the second one */
(tpm2_engine = ENGINE_by_id("tpm2tss")) || (tpm2_engine =
ENGINE_by_id("libtpm2tss"));
if ( NULL == tpm2_engine )
{
assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: NULL ==
ENGINE_by_id" );
abort();
}
# define TPM2TSS_SET_TCTI (ENGINE_CMD_BASE + 1)
if ( 0 == ENGINE_ctrl(tpm2_engine, TPM2TSS_SET_TCTI, 0, "device",
NULL) )
{
assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: 0 ==
ENGINE_ctrl(tcti:device)" );
abort();
}
int const init_res = ENGINE_init(tpm2_engine);
if ( 0 == init_res )
{
assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: 0 ==
ENGINE_init" );
abort();
}
RAND_METHOD const *const p_rm = ENGINE_get_RAND(tpm2_engine);
if ( NULL == p_rm )
{
assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: NULL ==
ENGINE_get_RAND" );
abort();
}
static RAND_METHOD funcptrs = {
Dummy__seed, /* seed() */
0, /* bytes() */
Dummy__cleanup, /* cleanup() */
Dummy__add, /* add() */
0, /* pseudorand() */
Dummy__status /* status() */
};
funcptrs.bytes = p_rm->bytes; //rand_meth.bytes;
funcptrs.pseudorand = p_rm->bytes; //rand_meth.pseudorand;
funct_ref = tpm2_engine;
default_RAND_meth = &funcptrs;
rand_meth = funcptrs; /* Even set the Drbg func pointers */
/* DON'T DO THIS - - - ENGINE_set_default(tpm2_engine,
ENGINE_METHOD_RAND); */
CRYPTO_THREAD_unlock(rand_meth_lock);
CRYPTO_THREAD_unlock(rand_engine_lock);
}
And then I add one line to the funciton "do_rand_init":
Do_Whatever_Needs_Done_For_TPM2();
So my device starts up just fine, and the first thing I notice is that it
takes a little longer to boot up (maybe because it takes a long longer to
get random numbers from hardware?).
So, when I do the following at the command line:
openssl rand -hex 128
It sometimes gives me back 128 bytes immediately, although sometimes it
gives this:
ERROR:tcti:src/tss2-tcti/tcti-device.c:319:Tss2_Tcti_Device_Init() Failed
to open device file /dev/tpm0: Device or resource busy
WARNING:esys:src/tss2-esys/esys_tcti_default.c:83:tcti_from_init() TCTI
init for function 0x7f6528b376f6 failed with a000a
WARNING:esys:src/tss2-esys/esys_tcti_default.c:113:tcti_from_info() Could
not initialize TCTI named: tcti-device
ERROR:esys:src/tss2-esys/esys_tcti_default.c:150:tcti_from_file() Could
not initialize TCTI file: libtss2-tcti-default.so
WARNING:esys:src/tss2-esys/esys_tcti_default.c:137:tcti_from_file() Could
not load TCTI file: libtss2-tcti-tabrmd.so
In order to try get around this problem of more than one thread (or
process) acessing /dev/tpm0 simultaneously, I added a global named mutex
to my code, and while it does improve things, it doesn't irradicate the
problem completely.
I don't think any code other than "libcrypto.so" is using the TPM2, and so
I don't know why I'm getting "device or resource busy" (considering I'm
using a global named mutex)". I see that there's also a TPM2 tcti called
"abrmd", and I'm not sure if this purpose is exactly what it's for.
Any ideas?
More information about the openssl-users
mailing list