使用Windows证书存储区中的证书和私钥与OpenSSL

Question

I am trying to make a program that uses some Web Services in Delphi XE. To connect to the Web Services, I have to use a self signed certificate, which is stored in the Windows cert store. I open the cert store with CertOpenSystemStore, get the cert with CertFindCertificateInStore and set it with SSL_CTX_use_certificate . No problem with this. Then I get the public key blob with CryptExportKey and make up a private key like this:

function PrivKeyBlob2RSA(const AKeyBlob: PByte; const ALength: Integer; const ASSLCtx: PSSL_CTX): IdSSLOpenSSLHeaders.PEVP_PKEY;
var
  modulus: PByte;
  bh: PBLOBHEADER;
  rp: PRSAPUBKEY;
  rsa_modlen: DWORD;
  rsa_modulus: PAnsiChar;
  rkey: PRSA;
begin
  bh := PBLOBHEADER(AKeyBlob);
  Assert(bh^.bType = PUBLICKEYBLOB);
  rp := PRSAPUBKEY(AKeyBlob + 8);
  Assert(rp.magic = $31415352);
  rsa_modulus := PAnsiChar(Integer(Pointer(rp))+12);
  rkey := RSA_new_method(ASSLCtx.client_cert_engine);
  rkey^.References := 1;
  rkey^.e := BN_new;
  rkey^.n := BN_new;
  BN_set_word(rkey^.e, rp^.pubexp);
  rsa_modlen := (rp^.bitlen div 8) + 1;
  modulus := AllocMem(rsa_modlen);
  CopyMemory(modulus, rsa_modulus, rsa_modlen);
  RevBuffer(modulus, rsa_modlen);
  BN_bin2bn(modulus, rsa_modlen, rkey^.n);
  Result := EVP_PKEY_new;
  EVP_PKEY_assign_RSA(Result, PAnsiChar(rkey));
end;

I then set it up with SSL_CTX_use_PrivateKey and SSL_CTX_check_private_key - no problem so far. But when the data transfer begins, I get an access violation in libeay32.dll. If I load the key from .pem file, everything is fine. I can't see what I am doing wrong, please help :)

Here is the exact error message:

Access violation at address 09881C5F in module 'libeay32.dll'. Read of address 00000000.

The libeay32.dll version is 1.0.0.5. Tried with version 0.9.something too - got the same error, just different address.

Below is the RSA structure I get in PrivKeyBlob2RSA :

pad    0
version  0
meth       $898030C
engine     nil
n      $A62D508
e      $A62D4D8
d      nil
p      nil
q      nil
dmp1       nil
dmq1       nil
iqmp       nil
ex_data (nil, -1163005939 {$BAADF00D})
references  1
flags      6
_method_mod_n   nil
_method_mod_p   nil
_method_mod_q   nil
bignum_data nil {#0}
blinding    nil
mt_blinding nil

I checked the n and e bignums, and they are CORRECT, and everything else looks ok. And yes, the error happens when calling function ssl_read .

Answer 1

It seems to me the most reasonable reasons you would get these errors include:

1. Wrong version of OpenSSL dlls (libeay32 ssleay.dll) or error in declaring SSL wrappers (in this case you might need an Indy Version 10 upgrade).

2. Having already freed the block of memory you're passing into the DLL, as per Ken's comment.

3. Some subtle pointer dereferencing bug in the code you posted. A call to CopyMemory might be missing a level of pointer indirection via "PointerVariableName^" instead of just "PointerVariableName". Read up on "untyped var parameters and pointers in pascal" if you're unclear.