Recent

Author Topic: OpenSSL RSA_verify() Access Violation  (Read 285 times)

Fibonacci

  • Hero Member
  • *****
  • Posts: 602
  • Internal Error Hunter
OpenSSL RSA_verify() Access Violation
« on: October 07, 2024, 10:57:31 am »
I guess Im doing something wrong and I dont see it :(

Code: Pascal  [Select][+][-]
  1. uses
  2.   SysUtils,
  3.   Classes,
  4.   openssl;
  5.  
  6. const
  7.   //LIBCRYPTO = 'libcrypto.dll';
  8.   //LIBCRYPTO = 'libcrypto-1_1-x64.dll';
  9.   LIBCRYPTO = 'libcrypto-3-x64.dll';
  10.  
  11. function RSA_verify(typ:integer; m: PByte; m_length: cardinal; sigbuf: PByte; siglen: cardinal; rsa: PRSA): integer; cdecl; external LIBCRYPTO;
  12.  
  13. function loadpub(path: string): PRSA;
  14. var
  15.   bio: PBIO;
  16.   evp: PEVP_PKEY;
  17. begin
  18.   result := nil;
  19.   bio := BIO_new_file(@path[1], 'r');
  20.   if bio = nil then exit;
  21.   evp := nil;
  22.   //evp := EvpPkeyNew;
  23.   result := PEM_read_bio_PUBKEY(bio, evp, nil, nil);
  24. end;
  25.  
  26. var
  27.   r: integer;
  28.   message, signature: string;
  29.   rsa: PRSA;
  30.   f: PRSA_METHOD;
  31.  
  32. begin
  33.   //if not InitSSLInterface then begin
  34.   //if not InitSSLInterface('libssl.dll', 'libcrypto.dll') then begin
  35.   //if not InitSSLInterface('libssl-1_1-x64.dll', 'libcrypto-1_1-x64.dll') then begin
  36.   if not InitSSLInterface('libssl-3-x64.dll', 'libcrypto-3-x64.dll') then begin
  37.     writeln('init ssl failed');
  38.     readln;
  39.     halt;
  40.   end;
  41.  
  42.   message := 'message';
  43.   signature := 'signature';
  44.  
  45.   //rsa := loadpub('public_key.pem');
  46.   rsa := loadpub('public_key_sign.pem');
  47.   writeln('rsa = ', inttohex(ptrint(rsa)));
  48.  
  49.   try
  50.     // Access violation reading from address $0000000000000060.
  51.     f := RSA_get_method(rsa);
  52.     r := f^.rsa_verify(672{NID_sha256}, @message[1], length(message), @signature[1], length(signature), rsa);
  53.  
  54.     // Access violation reading from address $0000000000000060.
  55.     //r := RSA_verify(672{NID_sha256}, @message[1], length(message), @signature[1], length(signature), rsa);
  56.   except
  57.     on E: Exception do writeln(e.Message);
  58.   end;
  59.  
  60.   readln;
  61. end.

Fibonacci

  • Hero Member
  • *****
  • Posts: 602
  • Internal Error Hunter
Re: OpenSSL RSA_verify() Access Violation
« Reply #1 on: October 07, 2024, 12:11:16 pm »
Solved using mormot, in case anyone interested:

Code: Pascal  [Select][+][-]
  1. uses
  2.   SysUtils,
  3.   Classes,
  4.   mormot.crypt.rsa,
  5.   mormot.crypt.secure,
  6.   mormot.crypt.core;
  7.  
  8. const
  9.   _PEM_SIGNATURE_FILE = 'D:\...\public_key_sign.pem';
  10.   _MESSAGE_FILE       = 'D:\...\plaintext.txt';
  11.   _SIGNATURE_FILE     = 'D:\...\rsa_signature.txt';
  12.  
  13. function loadfile(path: string): string;
  14. var
  15.   m: TMemoryStream;
  16. begin
  17.   if not FileExists(path) then exit('');
  18.   m := TMemoryStream.Create;
  19.   try
  20.     m.LoadFromFile(path);
  21.     setlength(result, m.Size);
  22.     m.Read(result[1], m.Size);
  23.   finally  
  24.     m.Free;
  25.   end;
  26. end;
  27.  
  28. var
  29.   k: TRsa;
  30.   message, signature: string;
  31.   hash: TSha256Digest;
  32.  
  33. begin
  34.   k := TRsa.Create;
  35.   try
  36.     k.LoadFromPublicKeyPem(loadfile(_PEM_SIGNATURE_FILE));
  37.  
  38.     message := loadfile(_MESSAGE_FILE);
  39.     hash := Sha256Digest(message);
  40.  
  41.     signature := loadfile(_SIGNATURE_FILE);
  42.  
  43.     writeln('verify 1 = ', k.Verify(@hash[0], @signature[1], hfSHA256, length(signature)));
  44.     writeln('verify 2 = ', k.Verify(@hash[0], hfSHA256, signature));
  45.   finally  
  46.     k.Free;
  47.   end;
  48.  
  49.   readln;
  50. end.
« Last Edit: October 07, 2024, 12:40:34 pm by Fibonacci »

Thaddy

  • Hero Member
  • *****
  • Posts: 16168
  • Censorship about opinions does not belong here.
Re: OpenSSL RSA_verify() Access Violation
« Reply #2 on: October 07, 2024, 02:26:17 pm »
it failed because the structures are not initialized.
Code: Pascal  [Select][+][-]
  1.   rsa: PRSA;
  2.   f: PRSA_METHOD;
If I smell bad code it usually is bad code and that includes my own code.

Fibonacci

  • Hero Member
  • *****
  • Posts: 602
  • Internal Error Hunter
Re: OpenSSL RSA_verify() Access Violation
« Reply #3 on: October 07, 2024, 02:32:25 pm »
it failed because the structures are not initialized.
Code: Pascal  [Select][+][-]
  1.   rsa: PRSA;
  2.   f: PRSA_METHOD;

PRSA type is
Code: Pascal  [Select][+][-]
  1. PRSA = SslPtr;
  2. SslPtr = Pointer;

PRSA_METHOD is a record

There is nothing to initialize

Thaddy

  • Hero Member
  • *****
  • Posts: 16168
  • Censorship about opinions does not belong here.
Re: OpenSSL RSA_verify() Access Violation
« Reply #4 on: October 07, 2024, 03:11:44 pm »
The P suggests a pointer type. If not try {$packrecords C}
but I seem to remember the are pointers to a BIO struct and a pointer to an EVP_KEY_<x> struct.

[edit]
I checked. They are pointers. see openssl.pas line 177
« Last Edit: October 07, 2024, 03:26:50 pm by Thaddy »
If I smell bad code it usually is bad code and that includes my own code.

 

TinyPortal © 2005-2018