0

我在发送大于协商的最大长度的 SChannel TLS 消息时遇到问题。

当使用大于 SecPkgContext_StreamSizes.cbMaximumMessage 的缓冲区调用“EncryptSend”时,服务器(也不由 Wireshark)理解大于 SecPkgContext_StreamSizes.cbMaximumMessage 的部分。

4

1 回答 1

2

您应该能够将数据分成小于或等于 cbMaximumMessage 大小的块。例如,如果您要发送 ULONG cbData 字节的 VOID* pvData,那么...

while(0 < cbData)
{
    ULONG cbChunk = (cbData > m_Sizes.cbMaximumMessage) ? m_Sizes.cbMaximumMessage : cbData;

    Message.ulVersion = SECBUFFER_VERSION;
    Message.cBuffers = ARRAYSIZE(Buffers);
    Message.pBuffers = Buffers;

    Buffers[0].pvBuffer = m_pSendBuffer;
    Buffers[0].cbBuffer = m_Sizes.cbHeader;
    Buffers[0].BufferType = SECBUFFER_STREAM_HEADER;

    Buffers[1].pvBuffer = m_pSendBuffer + m_Sizes.cbHeader;
    Buffers[1].cbBuffer = cbChunk;
    Buffers[1].BufferType = SECBUFFER_DATA;
    CopyMemory(Buffers[1].pvBuffer, pvData, cbChunk);

    Buffers[2].pvBuffer = m_pSendBuffer + m_Sizes.cbHeader + cbChunk;
    Buffers[2].cbBuffer = m_Sizes.cbTrailer;
    Buffers[2].BufferType = SECBUFFER_STREAM_TRAILER;

    Buffers[3].BufferType = SECBUFFER_EMPTY;

    hr = EncryptMessage(&m_hContext, &Message, 0, 0);
    if(FAILED(hr))
        break;

    hr = pSocket->Send(m_pSendBuffer, Buffers[0].cbBuffer + cbChunk + Buffers[2].cbBuffer);
    if(FAILED(hr))
        break;

    pvData = reinterpret_cast<PBYTE>(pvData) + cbChunk;
    cbData -= cbChunk;
}

在循环的每次迭代中,小于或等于最大大小的块被加密并发送。为此,用于向套接字发送数据的机制可能需要采用缓冲策略,以防套接字的内部缓冲区已满。

于 2018-12-21T17:13:14.383 回答