黒翼猫はWin9x で動くOpenSSL 1.1.0を作れるか?その6

黒翼猫はWin9x で動くOpenSSL 1.1.0を作れるか?その1

黒翼猫はWin9x で動くOpenSSL 1.1.0を作れるか?その2

黒翼猫はWin9x で動くOpenSSL 1.1.0を作れるか?その5

    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
    buffer = rand_pool_add_begin(pool, bytes_needed);
    if (buffer != NULL) {
        size_t bytes = 0;
        /* poll the CryptoAPI PRNG */
        if (CryptAcquireContextA(&hProvider, NULL, NULL, PROV_RSA_FULL,
                                 CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
            if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
                bytes = bytes_needed;
            else
                printf("W95:ABE3[%0x]\n",GetLastError());           

            CryptReleaseContext(hProvider, 0);
        } else {
           
                printf("W95:ABE4[%0x]\n",GetLastError());           
        }

        rand_pool_add_end(pool, bytes, 8 * bytes);
        entropy_available = rand_pool_entropy_available(pool);
        printf("W95:AB1[%d]\n",entropy_available);
    }

エラー原因を突き止めるために、色々出力してみた・ω・

W95:p0
W95:ABE4[80090009]
W95:AB1[0]
W95:ABE1[80090019]
W95:AB4[0]
W95:entropylen:32<0<32
W95:p0
W95:pT[48][dc0a00]
W95:p0
W95:ABE4[80090009]
出力結果

NTE_BAD_FLAGS0x80090009LThe dwFlags parameter has a value that is not valid.

ん?… CRYPT_SILENT がエラーになってるのか?

CryptAcquireContext

CRYPT_SILENT     

The application requests that the CSP not display any user interface (UI) for this context. If the CSP must display the UI to operate, the call fails and the NTE_SILENT_CONTEXT error code is set as the last error. In addition, if calls are made to CryptGenKey with the CRYPT_USER_PROTECTED flag with a context that has been acquired with the CRYPT_SILENT flag, the calls fail and the CSP sets NTE_SILENT_CONTEXT.
CRYPT_SILENT is intended for use with applications for which the UI cannot be displayed by the CSP.
This flag is supported with Microsoft Windows 2000 or later
Windows Me/98/95 or Internet Explorer 5:  This flag is not supported.
だめやんか!

        if (CryptAcquireContextA(&hProvider, NULL, NULL, PROV_RSA_FULL,
                                 CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
            if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
                bytes = bytes_needed;

            CryptReleaseContext(hProvider, 0);
        } else if (CryptAcquireContextA(&hProvider, NULL, NULL, PROV_RSA_FULL,
                                 CRYPT_VERIFYCONTEXT) != 0) {
            if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
                bytes = bytes_needed;

            CryptReleaseContext(hProvider, 0);
        }
これで良し ・ω・

C:\WINNT\Profiles\デスクトップ\opssl>openssl s_client -connect hogehoge.com:443
CONNECTED(000000B0)
depth=2 C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication
RootCA2
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = JP, O = "SECOM Trust Systems CO.,LTD.", CN = FujiSSL Public Validation Authority - G3
verify return:1
depth=0 CN = hogehoge.com
verify return:1
---
Certificate chain
 0 s:CN = hogehoge.com
   i:C = JP, O = "SECOM Trust Systems CO.,LTD.", CN = FujiSSL Public Validation Authority - G3
 1 s:C = JP, O = "SECOM Trust Systems CO.,LTD.", CN = FujiSSL Public Validation Authority - G3
   i:C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication RootCA2
 2 s:C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication RootCA2
   i:C = JP, O = SECOM Trust.net, OU = Security Communication RootCA1
---
Server certificate
-----BEGIN CERTIFICATE-----
    :
    :
-----END CERTIFICATE-----
subject=CN = hogehoge.com

issuer=C = JP, O = "SECOM Trust Systems CO.,LTD.", CN = FujiSSL Public Validation Authority - G3

---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4559 bytes and written 440 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NO
NE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 8BC936BF355C0E7E1274E594BA812D23EF5705C22A7AFDA18A634E8D550C6DED

    Session-ID-ctx:
    Master-Key: C9F2D6AA85FAA0E8365C47151665D58D4EA280B16411D7905DCCCB11DA789031CE3F4D2E9B47D80CD3516F3E2852A00A
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 7e 4c ce c3 9f 0b e3 44-57 18 06 8e 21 f5 6e c1   ~L.....DW...!.n.
    0010 - e2 73 b9 90 7a 1a 6f f4-fe a8 6e e9 6e 91 c5 e2   .s..z.o...n.n...
    0020 - 0e 05 09 fd a8 6d 36 6c-bf 65 87 2b 91 82 05 04   .....m6l.e.+....
    0030 - c4 34 f3 96 4d f5 cc 33-6a e9 6e 2f 82 d3 64 2f   .4..M..3j.n/..d/
    0040 - cf 22 07 16 b5 8e eb 33-10 60 b0 dd d7 9c 3b f4   .".....3.`....;.
    0050 - b8 ac 2f 4b f7 93 9c 8d-d8 62 30 38 c0 9e 21 5e   ../K.....b08..!^
    0060 - 04 79 f1 0c 18 91 34 70-eb 17 34 48 6f c0 d7 7d   .y....4p..4Ho..}
    0070 - 1d cb b9 1e e2 a8 e8 b8-1f f7 8e c8 36 d8 40 e8   ............6.@.
    0080 - b3 ad 1e 19 5f cd 71 ed-fd aa 09 13 82 7d 0d a5   ...._.q......}..
    0090 - 72 6b ad a2 43 41 e1 e0-fd 4a ba 38 1a b6 98 b9   rk..CA...J.8....
    00a0 - 72 e6 ee 11 40 93 51 48-11 27 34 97 ea 06 4a 96   r...@.QH.'4...J.
    00b0 - 97 05 a1 ce ac a2 16 8a-22 95 30 f1 79 db 26 db   ........".0.y.&.

    Start Time: 1567572887
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: no
---

繋がりました・ω・

後は、もふったーに組み込めば完成です

おすすめ

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です