<div dir="ltr"><div dir="ltr">Dear Mahendra,</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 20, 2020 at 7:57 PM Mahendra SP <<a href="mailto:mahendra.sp@gmail.com">mahendra.sp@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Dmitry Belyavsky,<div><br></div><div>Thank you..To give more info, I am looking at something similar the engine in e_4758cca.c in engines folder where <span style="color:rgb(0,0,0)">ENGINE_set_load_privkey_</span><span style="color:rgb(0,0,0)">function is called.</span></div><div><span style="color:rgb(0,0,0)">My understanding was, once the callback is set, it automatically gets called during RSA operations. As demostrated in e_4758cca.c, ex data can be added and during private key operations, same can be access to decide the operation. Is this not correct ?</span></div><div><font color="#000000">From your above inputs, looks like </font>ENGINE_set_load_privkey_function needs to be called to invoke the callback.</div><div><br></div><div> e_4758cca.c shows that in callback, RSA can be modified to add the ex data so that same can be accessed during RSA private key operations. </div><div>To confirm, once the callback is registered using ENGINE_set_load_privkey_function, callback gets called by openssl before every private key operation. Is this correct ? <br></div></div></blockquote><div><br></div><div>If I understand you correctly, yes.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div></div><div><br></div><div>Thanks</div><div>Mahendra</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 20, 2020 at 10:03 PM Dmitry Belyavsky <<a href="mailto:beldmit@gmail.com" target="_blank">beldmit@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">Dear Mahendra,</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 20, 2020 at 7:27 PM Mahendra SP <<a href="mailto:mahendra.sp@gmail.com" target="_blank">mahendra.sp@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Dmitry Belyavsky,<div><br></div><div>Thank you for the inputs. If I understand correctly, the reference indicates loading the private key to engine instance.</div><div><br></div><div>My requirement is to call the <font color="#000000">ENGINE_set_load_privkey_function so that the callback gets called before each RSA private key operation.</font></div><div><font color="#000000">Reason being, application can use either key with TPM or keys in software. So I need to load the correct key before each operation gets invoked.I was looking at </font></div><div>ENGINE_set_load_privkey_function to set the callback.Is this understanding correct ? </div></div></blockquote><div><br></div><div>You specify the engine-specific function via ENGINE_set_load_privkey_function.</div><div><br></div><div>After that, you can load your key using ENGINE_load_private_key - </div><div>if you pass the reference to your engine to it, the function set via </div><div>ENGINE_set_load_privkey_function will be used.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div>Please suggest.</div><div><br></div><div>Thanks</div><div>Mahendra</div><div><br></div><div> <font color="#000000"><br></font></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 20, 2020 at 8:43 PM Dmitry Belyavsky <<a href="mailto:beldmit@gmail.com" target="_blank">beldmit@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Dear Mahendra,<div><br></div><div>Take a look at the load_key function in the apps/apps.c as a referent example.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 20, 2020 at 2:34 PM Mahendra SP <<a href="mailto:mahendra.sp@gmail.com" target="_blank">mahendra.sp@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi All,<div><br></div><div>While writing the engine implementation for private key encryption and decryption, I need to get the private key from external source. </div><div><div>ENGINE_set_load_privkey_function(e, load_tpm_private_key)<br></div><div>Above API is success.<br></div><div><br></div><div></div></div><div></div><div>RSA structure is as below.</div><div>RSA_METHOD my_rsa_struct =<br>{<br> "MY RSA method",<br> NULL,<br> NULL,<br> MyRSAPrivEnc,<br> MyRSAPrivDec,<br> NULL, <br> NULL,<br> NULL, <br> NULL,<br> 0, <br> NULL,<br> NULL,<br> NULL,<br> NULL<br>};<br></div><div><br></div><div>However, the routine
load_tpm_private_key does not get invoked during private key encryption and decryption.<br></div><div>Private key encryption and decryption gets routed to the above overloaded routines namely "
MyRSAPrivEnc
" and "
MyRSAPrivDec". But
load_tpm_private_key never gets invoked. </div><div><br></div><div>Is there a flag to force the same ? I have tried it using openssl 1.0.2 version. All other engine calls work as expected, but not this one. </div><div><br></div><div>I have also tried to debug in ENGINE_load_private_key in eng_pkey.c file. I dont see this function getting invoked. In this function, the private key callback set above gets invoked.</div><div> </div><div>Please suggest if I am missing something here.</div><div><br></div><div>Thanks</div><div>Mahendra</div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr">SY, Dmitry Belyavsky</div>
</blockquote></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr">SY, Dmitry Belyavsky</div></div>
</blockquote></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">SY, Dmitry Belyavsky</div></div>