Simple, really:
You have not set the "private" part of the private key (d, p, q, dmp1,
dmq1, iqmp).
You need to export the private key from CryptoAPI too, and convert that
blob,
not the public key blob.
Alternatively, I have heard rumors of a "CryptoAPI engine" plug in for
OpenSSL
which will let OpenSSL directly use the keys and certificates stored by
Windows.
On 10/28/2011 9:48 AM, Andrejs Štrumfs wrote:
Hi!
I am trying to make a program, that uses some Web Services in Delphi XE. To
connect to the Web Services, i have to use self signed (hope this is correct
term) certificate, which is stored in Windows cert store. So, i open the cert
store with CertOpenSystemStore, get cert with CertFindCertificateInStore and
set it with SSL_CTX_use_certificate. No problem with this. Then i get the
public key blob with CryptExportKey and make up a private key like this:
function PrivKeyBlob2RSA(const AKeyBlob: PByte; const ALength: Integer; const
ASSLCtx: PSSL_CTX): IdSSLOpenSSLHeaders.PEVP_PKEY;
var
modulus: PByte;
bh: PBLOBHEADER;
rp: PRSAPUBKEY;
rsa_modlen: DWORD;
rsa_modulus: PAnsiChar;
rkey: PRSA;
begin
bh := PBLOBHEADER(AKeyBlob);
Assert(bh^.bType = PUBLICKEYBLOB);
rp := PRSAPUBKEY(AKeyBlob + 8);
Assert(rp.magic = $31415352);
rsa_modulus := PAnsiChar(Integer(Pointer(rp))+12);
rkey := RSA_new_method(ASSLCtx.client_cert_engine);
rkey^.References := 1;
rkey^.e := BN_new;
rkey^.n := BN_new;
BN_set_word(rkey^.e, rp^.pubexp);
rsa_modlen := (rp^.bitlen div 8) + 1;
modulus := AllocMem(rsa_modlen);
CopyMemory(modulus, rsa_modulus, rsa_modlen);
RevBuffer(modulus, rsa_modlen);
BN_bin2bn(modulus, rsa_modlen, rkey^.n);
Result := EVP_PKEY_new;
EVP_PKEY_assign_RSA(Result, PAnsiChar(rkey));
end;
and set it up with SSL_CTX_use_PrivateKey and SSL_CTX_check_private_key. Also,
no problem so far. But then, when data transfer begins, i get access violation
in libeay32.dll - Access violation at address 09881C5F in module
'libeay32.dll'. Read of address 00000000. If i load the key from .pem file,
everything is fine.
The libeay32.dll version is 1.0.0.5. Tried with version 0.9.something too - got
the same error, just different address.
Below is the RSA structure i get in PrivKeyBlob2RSA:
pad 0
version 0
meth $898030C
engine nil
n $A62D508
e $A62D4D8
d nil
p nil
q nil
dmp1 nil
dmq1 nil
iqmp nil
ex_data (nil, -1163005939 {$BAADF00D})
references 1
flags 6
_method_mod_n nil
_method_mod_p nil
_method_mod_q nil
bignum_data nil {#0}
blinding nil
mt_blinding nil
I checked the n and e bignums, and they are CORRECT, and everything else looks
ok. The error happens when calling function ssl_read. I can't see what i am
doing wrong, please help :)
Thanks
Andrejs
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
