commit 7292c559dd11a40b70a6ab055a1bfbd800dde54b
author Andreas Fuchs <andreas.fuchs@sit.fraunhofer.de> Thu May 23 13:56:28 2019 +0200
committer Tadeusz Struk <tadeusz.struk@intel.com> Tue May 28 10:52:44 2019 -0700
tree c4de662823b6f8d3d0b2056a25059b8489539ba0
parent afcfb0e6cddcb2f932a58aa8d387b15ba7edad37

Esys: Require software random values

During pk_encrypt we will generate random values
for the key as well as the OAEP padding.
We need to ensure that we use a CPU-based random
function and don't load things from a TPM since
that would defeat the purpose of an encrypted
salt.

Signed-off-by: Andreas Fuchs <andreas.fuchs@sit.fraunhofer.de>

src/tss2-esys/esys_crypto_ossl.c

diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c
index ebf356d..ab2fb72 100644
--- a/src/tss2-esys/esys_crypto_ossl.c
+++ b/src/tss2-esys/esys_crypto_ossl.c
@@ -569,6 +569,13 @@
                            BYTE * out_buffer,
                            size_t * out_size, const char *label)
 {
+    const RAND_METHOD *rand_save = RAND_get_rand_method();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    RAND_set_rand_method(RAND_OpenSSL());
+#else
+    RAND_set_rand_method(RAND_SSLeay());
+#endif
+
     TSS2_RC r = TSS2_RC_SUCCESS;
     const EVP_MD * hashAlg = NULL;
     RSA * rsa_key = NULL;
@@ -581,6 +588,7 @@
     if (!(hashAlg = get_ossl_hash_md(pub_tpm_key->publicArea.nameAlg))) {
         LOG_ERROR("Unsupported hash algorithm (%"PRIu16")",
                   pub_tpm_key->publicArea.nameAlg);
+        RAND_set_rand_method(rand_save);
         return TSS2_ESYS_RC_NOT_IMPLEMENTED;
     }
 
@@ -712,6 +720,7 @@
     OSSL_FREE(evp_rsa_key, EVP_PKEY);
     OSSL_FREE(rsa_key, RSA);
     OSSL_FREE(bne, BN);
+    RAND_set_rand_method(rand_save);
     return r;
 }