Dear Mahendra,
On Mon, Apr 20, 2020 at 7:57 PM Mahendra SP <mahendra.sp@xxxxxxxxx> wrote:
Hi Dmitry Belyavsky,Thank you..To give more info, I am looking at something similar the engine in e_4758cca.c in engines folder where ENGINE_set_load_privkey_function is called.My understanding was, once the callback is set, it automatically gets called during RSA operations. As demostrated in e_4758cca.c, ex data can be added and during private key operations, same can be access to decide the operation. Is this not correct ?From your above inputs, looks like ENGINE_set_load_privkey_function needs to be called to invoke the callback.e_4758cca.c shows that in callback, RSA can be modified to add the ex data so that same can be accessed during RSA private key operations.To confirm, once the callback is registered using ENGINE_set_load_privkey_function, callback gets called by openssl before every private key operation. Is this correct ?
If I understand you correctly, yes.
ThanksMahendraOn Mon, Apr 20, 2020 at 10:03 PM Dmitry Belyavsky <beldmit@xxxxxxxxx> wrote:Dear Mahendra,On Mon, Apr 20, 2020 at 7:27 PM Mahendra SP <mahendra.sp@xxxxxxxxx> wrote:Hi Dmitry Belyavsky,Thank you for the inputs. If I understand correctly, the reference indicates loading the private key to engine instance.My requirement is to call the ENGINE_set_load_privkey_function so that the callback gets called before each RSA private key operation.Reason being, application can use either key with TPM or keys in software. So I need to load the correct key before each operation gets invoked.I was looking atENGINE_set_load_privkey_function to set the callback.Is this understanding correct ?You specify the engine-specific function via ENGINE_set_load_privkey_function.After that, you can load your key using ENGINE_load_private_key -if you pass the reference to your engine to it, the function set viaENGINE_set_load_privkey_function will be used.Please suggest.ThanksMahendraOn Mon, Apr 20, 2020 at 8:43 PM Dmitry Belyavsky <beldmit@xxxxxxxxx> wrote:Dear Mahendra,Take a look at the load_key function in the apps/apps.c as a referent example.On Mon, Apr 20, 2020 at 2:34 PM Mahendra SP <mahendra.sp@xxxxxxxxx> wrote:Hi All,While writing the engine implementation for private key encryption and decryption, I need to get the private key from external source.ENGINE_set_load_privkey_function(e, load_tpm_private_key)Above API is success.RSA structure is as below.RSA_METHOD my_rsa_struct =
{
"MY RSA method",
NULL,
NULL,
MyRSAPrivEnc,
MyRSAPrivDec,
NULL,
NULL,
NULL,
NULL,
0,
NULL,
NULL,
NULL,
NULL
};However, the routine load_tpm_private_key does not get invoked during private key encryption and decryption.Private key encryption and decryption gets routed to the above overloaded routines namely " MyRSAPrivEnc " and " MyRSAPrivDec". But load_tpm_private_key never gets invoked.Is there a flag to force the same ? I have tried it using openssl 1.0.2 version. All other engine calls work as expected, but not this one.I have also tried to debug in ENGINE_load_private_key in eng_pkey.c file. I dont see this function getting invoked. In this function, the private key callback set above gets invoked.Please suggest if I am missing something here.ThanksMahendra--SY, Dmitry Belyavsky--SY, Dmitry Belyavsky
SY, Dmitry Belyavsky