Using certificate and private key from Windows cert store with OpenSSL

Fri, 28 Oct 2011 01:20:54 -0700 

Hi!

I am trying to make a program, that uses some Web Services in Delphi XE. To 
connect to the Web Services, i have to use self signed (hope this is correct 
term) certificate, which is stored in Windows cert store. So, i open the cert 
store with CertOpenSystemStore, get cert with CertFindCertificateInStore and 
set it with SSL_CTX_use_certificate. No problem with this. Then i get the 
public key blob with CryptExportKey and make up a private key like this:

function PrivKeyBlob2RSA(const AKeyBlob: PByte; const ALength: Integer; const 
ASSLCtx: PSSL_CTX): IdSSLOpenSSLHeaders.PEVP_PKEY;
var
  modulus: PByte;
  bh: PBLOBHEADER;
  rp: PRSAPUBKEY;
  rsa_modlen: DWORD;
  rsa_modulus: PAnsiChar;
  rkey: PRSA;
begin
  bh := PBLOBHEADER(AKeyBlob);
  Assert(bh^.bType = PUBLICKEYBLOB);
  rp := PRSAPUBKEY(AKeyBlob + 8);
  Assert(rp.magic = $31415352);
  rsa_modulus := PAnsiChar(Integer(Pointer(rp))+12);
  rkey := RSA_new_method(ASSLCtx.client_cert_engine);
  rkey^.References := 1;
  rkey^.e := BN_new;
  rkey^.n := BN_new;
  BN_set_word(rkey^.e, rp^.pubexp);
  rsa_modlen := (rp^.bitlen div 8) + 1;
  modulus := AllocMem(rsa_modlen);
  CopyMemory(modulus, rsa_modulus, rsa_modlen);
  RevBuffer(modulus, rsa_modlen);
  BN_bin2bn(modulus, rsa_modlen, rkey^.n);
  Result := EVP_PKEY_new;
  EVP_PKEY_assign_RSA(Result, PAnsiChar(rkey));
end;

and set it up with SSL_CTX_use_PrivateKey and SSL_CTX_check_private_key. Also, 
no problem so far. But then, when data transfer begins, i get access violation 
in libeay32.dll - Access violation at address 09881C5F in module 
'libeay32.dll'. Read of address 00000000. If i load the key from .pem file, 
everything is fine.

The libeay32.dll version is 1.0.0.5. Tried with version 0.9.something too - got 
the same error, just different address.

Below is the RSA structure i get in PrivKeyBlob2RSA:

pad    0
version  0
meth       $898030C
engine     nil
n      $A62D508
e      $A62D4D8
d      nil
p      nil
q      nil
dmp1       nil
dmq1       nil
iqmp       nil
ex_data (nil, -1163005939 {$BAADF00D})
references  1
flags      6
_method_mod_n   nil
_method_mod_p   nil
_method_mod_q   nil
bignum_data nil {#0}
blinding    nil
mt_blinding nil

I checked the n and e bignums, and they are CORRECT, and everything else looks 
ok. The error happens when calling function ssl_read. I can't see what i am 
doing wrong, please help :)
Thanks

Andrejs

Reply via email to