ENGINE_load_private_key does not get invoked

Mahendra SP mahendra.sp at gmail.com
Mon Apr 20 16:26:24 UTC 2020 

Hi Dmitry Belyavsky,

Thank you for the inputs. If I understand correctly, the
reference indicates loading the private key to engine instance.

My requirement is to call the ENGINE_set_load_privkey_function so that the
callback gets called before each RSA private key operation.
Reason being, application can use either key with TPM or keys in software.
So I need to load the correct key before each operation gets invoked.I was
looking at
ENGINE_set_load_privkey_function  to set the callback.Is this understanding
correct ?

Please suggest.

Thanks
Mahendra



On Mon, Apr 20, 2020 at 8:43 PM Dmitry Belyavsky <beldmit at gmail.com> wrote:

> Dear Mahendra,
>
> Take a look at the load_key function in the apps/apps.c as a referent
> example.
>
> On Mon, Apr 20, 2020 at 2:34 PM Mahendra SP <mahendra.sp at gmail.com> wrote:
>
>> Hi All,
>>
>> While writing the engine implementation for private key encryption and
>> decryption, I need to get the private key from external source.
>> ENGINE_set_load_privkey_function(e, load_tpm_private_key)
>> Above API is success.
>>
>> RSA structure is as below.
>> RSA_METHOD my_rsa_struct =
>> {
>>    "MY RSA method",
>>    NULL,
>>    NULL,
>>    MyRSAPrivEnc,
>>    MyRSAPrivDec,
>>    NULL,
>>    NULL,
>>    NULL,
>>    NULL,
>>    0,
>>    NULL,
>>    NULL,
>>    NULL,
>>    NULL
>> };
>>
>> However, the routine load_tpm_private_key  does not get invoked during
>> private key encryption and decryption.
>> Private key encryption and decryption gets routed to the above overloaded
>> routines namely " MyRSAPrivEnc " and " MyRSAPrivDec". But
>> load_tpm_private_key never gets invoked.
>>
>> Is there a flag  to force the same ? I have tried it using openssl 1.0.2
>> version. All other engine calls work as expected, but not this one.
>>
>> I have also tried to debug in ENGINE_load_private_key in eng_pkey.c file.
>> I dont see this function getting invoked. In this function, the private key
>> callback set above gets invoked.
>>
>> Please suggest if I am missing something here.
>>
>> Thanks
>> Mahendra
>>
>
>
> --
> SY, Dmitry Belyavsky
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200420/5b337a5f/attachment.html>

More information about the openssl-users mailing list