ENGINE_load_private_key does not get invoked

Dmitry Belyavsky beldmit at gmail.com
Mon Apr 20 16:33:17 UTC 2020 

Dear Mahendra,

On Mon, Apr 20, 2020 at 7:27 PM Mahendra SP <mahendra.sp at gmail.com> wrote:

> Hi Dmitry Belyavsky,
>
> Thank you for the inputs. If I understand correctly, the
> reference indicates loading the private key to engine instance.
>
> My requirement is to call the ENGINE_set_load_privkey_function so that
> the callback gets called before each RSA private key operation.
> Reason being, application can use either key with TPM or keys in software.
> So I need to load the correct key before each operation gets invoked.I was
> looking at
> ENGINE_set_load_privkey_function  to set the callback.Is this
> understanding correct ?
>

You specify the engine-specific function via
ENGINE_set_load_privkey_function.

After that, you can load your key using ENGINE_load_private_key -
if you pass the reference to your engine to it, the function set via
ENGINE_set_load_privkey_function will be used.


> Please suggest.
>
> Thanks
> Mahendra
>
>
>
> On Mon, Apr 20, 2020 at 8:43 PM Dmitry Belyavsky <beldmit at gmail.com>
> wrote:
>
>> Dear Mahendra,
>>
>> Take a look at the load_key function in the apps/apps.c as a referent
>> example.
>>
>> On Mon, Apr 20, 2020 at 2:34 PM Mahendra SP <mahendra.sp at gmail.com>
>> wrote:
>>
>>> Hi All,
>>>
>>> While writing the engine implementation for private key encryption and
>>> decryption, I need to get the private key from external source.
>>> ENGINE_set_load_privkey_function(e, load_tpm_private_key)
>>> Above API is success.
>>>
>>> RSA structure is as below.
>>> RSA_METHOD my_rsa_struct =
>>> {
>>>    "MY RSA method",
>>>    NULL,
>>>    NULL,
>>>    MyRSAPrivEnc,
>>>    MyRSAPrivDec,
>>>    NULL,
>>>    NULL,
>>>    NULL,
>>>    NULL,
>>>    0,
>>>    NULL,
>>>    NULL,
>>>    NULL,
>>>    NULL
>>> };
>>>
>>> However, the routine load_tpm_private_key  does not get invoked during
>>> private key encryption and decryption.
>>> Private key encryption and decryption gets routed to the above
>>> overloaded routines namely " MyRSAPrivEnc " and " MyRSAPrivDec". But
>>> load_tpm_private_key never gets invoked.
>>>
>>> Is there a flag  to force the same ? I have tried it using openssl 1.0.2
>>> version. All other engine calls work as expected, but not this one.
>>>
>>> I have also tried to debug in ENGINE_load_private_key in eng_pkey.c
>>> file. I dont see this function getting invoked. In this function, the
>>> private key callback set above gets invoked.
>>>
>>> Please suggest if I am missing something here.
>>>
>>> Thanks
>>> Mahendra
>>>
>>
>>
>> --
>> SY, Dmitry Belyavsky
>>
>

-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200420/4215c8f0/attachment-0001.html>

More information about the openssl-users mailing list