ENGINE_load_private_key does not get invoked

Dmitry Belyavsky beldmit at gmail.com
Mon Apr 20 17:00:19 UTC 2020


Dear Mahendra,

On Mon, Apr 20, 2020 at 7:57 PM Mahendra SP <mahendra.sp at gmail.com> wrote:

> Hi Dmitry Belyavsky,
>
> Thank you..To give more info, I am looking at something similar the engine
> in e_4758cca.c in engines folder where  ENGINE_set_load_privkey_function
> is called.
> My understanding was, once the callback is set, it automatically gets
> called during RSA operations. As demostrated in e_4758cca.c, ex data can be
> added and during private key operations, same can be access to decide the
> operation. Is this not correct ?
> From your above inputs, looks like ENGINE_set_load_privkey_function needs
> to be called to invoke the callback.
>
>  e_4758cca.c shows that in callback, RSA can be modified to add the ex
> data so that same can be accessed during RSA private key operations.
> To confirm, once the callback is registered using
> ENGINE_set_load_privkey_function, callback gets called by openssl before
> every private key operation. Is this correct ?
>

If I understand you correctly, yes.


>
> Thanks
> Mahendra
>
>
> On Mon, Apr 20, 2020 at 10:03 PM Dmitry Belyavsky <beldmit at gmail.com>
> wrote:
>
>> Dear Mahendra,
>>
>> On Mon, Apr 20, 2020 at 7:27 PM Mahendra SP <mahendra.sp at gmail.com>
>> wrote:
>>
>>> Hi Dmitry Belyavsky,
>>>
>>> Thank you for the inputs. If I understand correctly, the
>>> reference indicates loading the private key to engine instance.
>>>
>>> My requirement is to call the ENGINE_set_load_privkey_function so that
>>> the callback gets called before each RSA private key operation.
>>> Reason being, application can use either key with TPM or keys in
>>> software. So I need to load the correct key before each operation gets
>>> invoked.I was looking at
>>> ENGINE_set_load_privkey_function  to set the callback.Is this
>>> understanding correct ?
>>>
>>
>> You specify the engine-specific function via
>> ENGINE_set_load_privkey_function.
>>
>> After that, you can load your key using ENGINE_load_private_key -
>> if you pass the reference to your engine to it, the function set via
>> ENGINE_set_load_privkey_function will be used.
>>
>>
>>> Please suggest.
>>>
>>> Thanks
>>> Mahendra
>>>
>>>
>>>
>>> On Mon, Apr 20, 2020 at 8:43 PM Dmitry Belyavsky <beldmit at gmail.com>
>>> wrote:
>>>
>>>> Dear Mahendra,
>>>>
>>>> Take a look at the load_key function in the apps/apps.c as a referent
>>>> example.
>>>>
>>>> On Mon, Apr 20, 2020 at 2:34 PM Mahendra SP <mahendra.sp at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> While writing the engine implementation for private key encryption and
>>>>> decryption, I need to get the private key from external source.
>>>>> ENGINE_set_load_privkey_function(e, load_tpm_private_key)
>>>>> Above API is success.
>>>>>
>>>>> RSA structure is as below.
>>>>> RSA_METHOD my_rsa_struct =
>>>>> {
>>>>>    "MY RSA method",
>>>>>    NULL,
>>>>>    NULL,
>>>>>    MyRSAPrivEnc,
>>>>>    MyRSAPrivDec,
>>>>>    NULL,
>>>>>    NULL,
>>>>>    NULL,
>>>>>    NULL,
>>>>>    0,
>>>>>    NULL,
>>>>>    NULL,
>>>>>    NULL,
>>>>>    NULL
>>>>> };
>>>>>
>>>>> However, the routine load_tpm_private_key  does not get invoked during
>>>>> private key encryption and decryption.
>>>>> Private key encryption and decryption gets routed to the above
>>>>> overloaded routines namely " MyRSAPrivEnc " and " MyRSAPrivDec". But
>>>>> load_tpm_private_key never gets invoked.
>>>>>
>>>>> Is there a flag  to force the same ? I have tried it using openssl
>>>>> 1.0.2 version. All other engine calls work as expected, but not this one.
>>>>>
>>>>> I have also tried to debug in ENGINE_load_private_key in eng_pkey.c
>>>>> file. I dont see this function getting invoked. In this function, the
>>>>> private key callback set above gets invoked.
>>>>>
>>>>> Please suggest if I am missing something here.
>>>>>
>>>>> Thanks
>>>>> Mahendra
>>>>>
>>>>
>>>>
>>>> --
>>>> SY, Dmitry Belyavsky
>>>>
>>>
>>
>> --
>> SY, Dmitry Belyavsky
>>
>

-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200420/bea435bd/attachment-0001.html>


More information about the openssl-users mailing list