ENGINE_load_private_key does not get invoked

Mahendra SP mahendra.sp at gmail.com
Mon Apr 20 16:56:24 UTC 2020


Hi Dmitry Belyavsky,

Thank you..To give more info, I am looking at something similar the engine
in e_4758cca.c in engines folder where  ENGINE_set_load_privkey_function is
called.
My understanding was, once the callback is set, it automatically gets
called during RSA operations. As demostrated in e_4758cca.c, ex data can be
added and during private key operations, same can be access to decide the
operation. Is this not correct ?
>From your above inputs, looks like ENGINE_set_load_privkey_function needs
to be called to invoke the callback.

 e_4758cca.c shows that in callback, RSA can be modified to add the ex data
so that same can be accessed during RSA private key operations.
To confirm, once the callback is registered using
ENGINE_set_load_privkey_function, callback gets called by openssl before
every private key operation. Is this correct ?

Thanks
Mahendra


On Mon, Apr 20, 2020 at 10:03 PM Dmitry Belyavsky <beldmit at gmail.com> wrote:

> Dear Mahendra,
>
> On Mon, Apr 20, 2020 at 7:27 PM Mahendra SP <mahendra.sp at gmail.com> wrote:
>
>> Hi Dmitry Belyavsky,
>>
>> Thank you for the inputs. If I understand correctly, the
>> reference indicates loading the private key to engine instance.
>>
>> My requirement is to call the ENGINE_set_load_privkey_function so that
>> the callback gets called before each RSA private key operation.
>> Reason being, application can use either key with TPM or keys in
>> software. So I need to load the correct key before each operation gets
>> invoked.I was looking at
>> ENGINE_set_load_privkey_function  to set the callback.Is this
>> understanding correct ?
>>
>
> You specify the engine-specific function via
> ENGINE_set_load_privkey_function.
>
> After that, you can load your key using ENGINE_load_private_key -
> if you pass the reference to your engine to it, the function set via
> ENGINE_set_load_privkey_function will be used.
>
>
>> Please suggest.
>>
>> Thanks
>> Mahendra
>>
>>
>>
>> On Mon, Apr 20, 2020 at 8:43 PM Dmitry Belyavsky <beldmit at gmail.com>
>> wrote:
>>
>>> Dear Mahendra,
>>>
>>> Take a look at the load_key function in the apps/apps.c as a referent
>>> example.
>>>
>>> On Mon, Apr 20, 2020 at 2:34 PM Mahendra SP <mahendra.sp at gmail.com>
>>> wrote:
>>>
>>>> Hi All,
>>>>
>>>> While writing the engine implementation for private key encryption and
>>>> decryption, I need to get the private key from external source.
>>>> ENGINE_set_load_privkey_function(e, load_tpm_private_key)
>>>> Above API is success.
>>>>
>>>> RSA structure is as below.
>>>> RSA_METHOD my_rsa_struct =
>>>> {
>>>>    "MY RSA method",
>>>>    NULL,
>>>>    NULL,
>>>>    MyRSAPrivEnc,
>>>>    MyRSAPrivDec,
>>>>    NULL,
>>>>    NULL,
>>>>    NULL,
>>>>    NULL,
>>>>    0,
>>>>    NULL,
>>>>    NULL,
>>>>    NULL,
>>>>    NULL
>>>> };
>>>>
>>>> However, the routine load_tpm_private_key  does not get invoked during
>>>> private key encryption and decryption.
>>>> Private key encryption and decryption gets routed to the above
>>>> overloaded routines namely " MyRSAPrivEnc " and " MyRSAPrivDec". But
>>>> load_tpm_private_key never gets invoked.
>>>>
>>>> Is there a flag  to force the same ? I have tried it using openssl
>>>> 1.0.2 version. All other engine calls work as expected, but not this one.
>>>>
>>>> I have also tried to debug in ENGINE_load_private_key in eng_pkey.c
>>>> file. I dont see this function getting invoked. In this function, the
>>>> private key callback set above gets invoked.
>>>>
>>>> Please suggest if I am missing something here.
>>>>
>>>> Thanks
>>>> Mahendra
>>>>
>>>
>>>
>>> --
>>> SY, Dmitry Belyavsky
>>>
>>
>
> --
> SY, Dmitry Belyavsky
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200420/0555188b/attachment.html>


More information about the openssl-users mailing list