Simple, really:
You have not set the "private" part of the private key (d, p, q, dmp1,
dmq1, iqmp).
You need to export the private key from CryptoAPI too, and convert that
blob, not the public key blob.
Alternatively, I have heard rumors of a "CryptoAPI engine" plug in for
OpenSSL which will let OpenSSL directly use the keys and certificates
stored by Windows.
On 10/28/2011 9:48 AM, Andrejs Štrumfs wrote:
Hi!
I am trying to make a program, that uses some Web Services in Delphi
XE. To connect to the Web Services, i have to use self signed (hope
this is correct term) certificate, which is stored in Windows cert
store. So, i open the cert store with CertOpenSystemStore, get cert
with CertFindCertificateInStore and set it with
SSL_CTX_use_certificate. No problem with this. Then i get the public
key blob with CryptExportKey and make up a private key like this:
function PrivKeyBlob2RSA(const AKeyBlob: PByte; const ALength:
Integer; const ASSLCtx: PSSL_CTX): IdSSLOpenSSLHeaders.PEVP_PKEY; var
modulus: PByte;
bh: PBLOBHEADER;
rp: PRSAPUBKEY;
rsa_modlen: DWORD;
rsa_modulus: PAnsiChar;
rkey: PRSA;
begin
bh := PBLOBHEADER(AKeyBlob);
Assert(bh^.bType = PUBLICKEYBLOB);
rp := PRSAPUBKEY(AKeyBlob + 8);
Assert(rp.magic = $31415352);
rsa_modulus := PAnsiChar(Integer(Pointer(rp))+12);
rkey := RSA_new_method(ASSLCtx.client_cert_engine);
rkey^.References := 1;
rkey^.e := BN_new;
rkey^.n := BN_new;
BN_set_word(rkey^.e, rp^.pubexp);
rsa_modlen := (rp^.bitlen div 8) + 1;
modulus := AllocMem(rsa_modlen);
CopyMemory(modulus, rsa_modulus, rsa_modlen);
RevBuffer(modulus, rsa_modlen);
BN_bin2bn(modulus, rsa_modlen, rkey^.n);
Result := EVP_PKEY_new;
EVP_PKEY_assign_RSA(Result, PAnsiChar(rkey)); end;
and set it up with SSL_CTX_use_PrivateKey and
SSL_CTX_check_private_key. Also, no problem so far. But then, when data
transfer begins, i get access violation in libeay32.dll - Access
violation at address 09881C5F in module 'libeay32.dll'. Read of address
00000000. If i load the key from .pem file, everything is fine.
The libeay32.dll version is 1.0.0.5. Tried with version 0.9.something
too - got the same error, just different address.
Below is the RSA structure i get in PrivKeyBlob2RSA:
pad 0
version 0
meth $898030C
engine nil
n $A62D508
e $A62D4D8
d nil
p nil
q nil
dmp1 nil
dmq1 nil
iqmp nil
ex_data (nil, -1163005939 {$BAADF00D}) references 1
flags 6
_method_mod_n nil
_method_mod_p nil
_method_mod_q nil
bignum_data nil {#0}
blinding nil
mt_blinding nil
I checked the n and e bignums, and they are CORRECT, and everything
else looks ok. The error happens when calling function ssl_read. I
can't see what i am doing wrong, please help :) Thanks
Andrejs
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org