我发送SChannel TLS消息大于协商的最大长度时遇到问题。
当使用大于SecPkgContext_StreamSizes.cbMaximumMessage的缓冲区调用“EncryptSend”时,服务器(也不是Wireshark)不会理解大于SecPkgContext_StreamSizes.cbMaximumMessage的部分。
答案 0 :(得分:0)
您应该能够将数据分成小于或等于cbMaximumMessage大小的块。例如,如果您要发送ULONG cbData字节的VOID * pvData,则...
while(0 < cbData)
{
ULONG cbChunk = (cbData > m_Sizes.cbMaximumMessage) ? m_Sizes.cbMaximumMessage : cbData;
Message.ulVersion = SECBUFFER_VERSION;
Message.cBuffers = ARRAYSIZE(Buffers);
Message.pBuffers = Buffers;
Buffers[0].pvBuffer = m_pSendBuffer;
Buffers[0].cbBuffer = m_Sizes.cbHeader;
Buffers[0].BufferType = SECBUFFER_STREAM_HEADER;
Buffers[1].pvBuffer = m_pSendBuffer + m_Sizes.cbHeader;
Buffers[1].cbBuffer = cbChunk;
Buffers[1].BufferType = SECBUFFER_DATA;
CopyMemory(Buffers[1].pvBuffer, pvData, cbChunk);
Buffers[2].pvBuffer = m_pSendBuffer + m_Sizes.cbHeader + cbChunk;
Buffers[2].cbBuffer = m_Sizes.cbTrailer;
Buffers[2].BufferType = SECBUFFER_STREAM_TRAILER;
Buffers[3].BufferType = SECBUFFER_EMPTY;
hr = EncryptMessage(&m_hContext, &Message, 0, 0);
if(FAILED(hr))
break;
hr = pSocket->Send(m_pSendBuffer, Buffers[0].cbBuffer + cbChunk + Buffers[2].cbBuffer);
if(FAILED(hr))
break;
pvData = reinterpret_cast<PBYTE>(pvData) + cbChunk;
cbData -= cbChunk;
}
在循环的每次迭代中,将加密并发送一个小于或等于最大大小的块。为此,将数据发送到套接字的机制可能需要采用缓冲策略,以防套接字的内部缓冲区已满。