我在发送大于协商的最大长度的 SChannel TLS 消息时遇到问题。
当使用大于 SecPkgContext_StreamSizes.cbMaximumMessage 的缓冲区调用“EncryptSend”时,服务器(也不由 Wireshark)理解大于 SecPkgContext_StreamSizes.cbMaximumMessage 的部分。
您应该能够将数据分成小于或等于 cbMaximumMessage 大小的块。例如,如果您要发送 ULONG cbData 字节的 VOID* pvData,那么...
while(0 < cbData)
{
ULONG cbChunk = (cbData > m_Sizes.cbMaximumMessage) ? m_Sizes.cbMaximumMessage : cbData;
Message.ulVersion = SECBUFFER_VERSION;
Message.cBuffers = ARRAYSIZE(Buffers);
Message.pBuffers = Buffers;
Buffers[0].pvBuffer = m_pSendBuffer;
Buffers[0].cbBuffer = m_Sizes.cbHeader;
Buffers[0].BufferType = SECBUFFER_STREAM_HEADER;
Buffers[1].pvBuffer = m_pSendBuffer + m_Sizes.cbHeader;
Buffers[1].cbBuffer = cbChunk;
Buffers[1].BufferType = SECBUFFER_DATA;
CopyMemory(Buffers[1].pvBuffer, pvData, cbChunk);
Buffers[2].pvBuffer = m_pSendBuffer + m_Sizes.cbHeader + cbChunk;
Buffers[2].cbBuffer = m_Sizes.cbTrailer;
Buffers[2].BufferType = SECBUFFER_STREAM_TRAILER;
Buffers[3].BufferType = SECBUFFER_EMPTY;
hr = EncryptMessage(&m_hContext, &Message, 0, 0);
if(FAILED(hr))
break;
hr = pSocket->Send(m_pSendBuffer, Buffers[0].cbBuffer + cbChunk + Buffers[2].cbBuffer);
if(FAILED(hr))
break;
pvData = reinterpret_cast<PBYTE>(pvData) + cbChunk;
cbData -= cbChunk;
}
在循环的每次迭代中,小于或等于最大大小的块被加密并发送。为此,用于向套接字发送数据的机制可能需要采用缓冲策略,以防套接字的内部缓冲区已满。