I am trying to make a program that uses some Web Services in Delphi XE. To connect to the Web Services, I have to use a self signed certificate, which is stored in the Windows cert store. I open the cert store with CertOpenSystemStore, get the cert with CertFindCertificateInStore and set it with SSL_CTX_use_certificate. No problem with this. Then I get the public key blob with CryptExportKey and make up a private key like this:
function PrivKeyBlob2RSA(const AKeyBlob: PByte; const ALength: Integer; const ASSLCtx: PSSL_CTX): IdSSLOpenSSLHeaders.PEVP_PKEY;
var
modulus: PByte;
bh: PBLOBHEADER;
rp: PRSAPUBKEY;
rsa_modlen: DWORD;
rsa_modulus: PAnsiChar;
rkey: PRSA;
begin
bh := PBLOBHEADER(AKeyBlob);
Assert(bh^.bType = PUBLICKEYBLOB);
rp := PRSAPUBKEY(AKeyBlob + 8);
Assert(rp.magic = $31415352);
rsa_modulus := PAnsiChar(Integer(Pointer(rp))+12);
rkey := RSA_new_method(ASSLCtx.client_cert_engine);
rkey^.References := 1;
rkey^.e := BN_new;
rkey^.n := BN_new;
BN_set_word(rkey^.e, rp^.pubexp);
rsa_modlen := (rp^.bitlen div 8) + 1;
modulus := AllocMem(rsa_modlen);
CopyMemory(modulus, rsa_modulus, rsa_modlen);
RevBuffer(modulus, rsa_modlen);
BN_bin2bn(modulus, rsa_modlen, rkey^.n);
Result := EVP_PKEY_new;
EVP_PKEY_assign_RSA(Result, PAnsiChar(rkey));
end;
I then set it up with SSL_CTX_use_PrivateKey and SSL_CTX_check_private_key - no problem so far. But when the data transfer begins, I get an access violation in libeay32.dll. If I load the key from .pem file, everything is fine. I can't see what I am doing wrong, please help :)
Here is the exact error message:
Access violation at address 09881C5F in module 'libeay32.dll'. Read of address 00000000.
The libeay32.dll version is 1.0.0.5. Tried with version 0.9.something too - got the same error, just different address.
Below is the RSA structure I get in PrivKeyBlob2RSA:
pad 0
version 0
meth $898030C
engine nil
n $A62D508
e $A62D4D8
d nil
p nil
q nil
dmp1 nil
dmq1 nil
iqmp nil
ex_data (nil, -1163005939 {$BAADF00D})
references 1
flags 6
_method_mod_n nil
_method_mod_p nil
_method_mod_q nil
bignum_data nil {#0}
blinding nil
mt_blinding nil
I checked the n and e bignums, and they are CORRECT, and everything else looks ok. And yes, the error happens when calling function ssl_read.
It seems to me the most reasonable reasons you would get these errors include:
Wrong version of OpenSSL dlls (libeay32 ssleay.dll) or error in declaring SSL wrappers (in this case you might need an Indy Version 10 upgrade).
Having already freed the block of memory you're passing into the DLL, as per Ken's comment.
Some subtle pointer dereferencing bug in the code you posted. A call to CopyMemory might be missing a level of pointer indirection via "PointerVariableName^" instead of just "PointerVariableName". Read up on "untyped var parameters and pointers in pascal" if you're unclear.