Microsoft KB Archive/262403

{|
 * width="100%"|

PRB: Obtaining Maximum Buffer Size for SSL Encryption Operations

 * }

Q262403

-

The information in this article applies to:


 * Microsoft Win32 Application Programming Interface (API)
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Professional
 * Microsoft Windows 98
 * Microsoft Windows NT Server versions 4.0 SP5, 4.0 SP6, 4.0 SP6a
 * Microsoft Windows NT Workstation versions 4.0 SP5, 4.0 SP6, 4.0 SP6a

-

SYMPTOMS
When you use the Security Support Provider Interface (SSPI) to perform Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption you can determine the encryption buffer size by using QueryContextAttributes. Use of the cbMaximumMessage value from the SecPkgContext_StreamSizes structure of QueryContextAttributes for specifying the message buffer size to the EncryptMessage or DecryptMessage API might cause the API to fail, with the following error message, on some platforms:

0x80090304 - SEC_E_INTERNAL_ERROR

CAUSE
Differences between SSPI SSL protocol implementations and different properties for a given SSL or TLS connection can result in a variance of the maximum message buffer size limit.

RESOLUTION
To specify a maximum size that is safe in all cases, use the cbMaximumMessage from QueryContextAttributes: (header + trailer).

The following code snippet demonstrates how to set up the security buffers for a call to the EncryptMessage function, with a modified maximum message size.

scRet = QueryContextAttributes(&hContext, SECPKG_ATTR_STREAM_SIZES, &Sizes);

pMsgBuf = (SecPkgContext_StreamSizes*)LocalAlloc(0,Sizes.cbMaximumMessage); cbMsgBuf = Sizes.cbMaximumMessage - (Sizes.cbHeader + Sizes.cbTrailer);

Buffers[0].pvBuffer = pMsgBuf; Buffers[0].cbBuffer = Sizes.cbHeader; Buffers[0].BufferType = SECBUFFER_STREAM_HEADER;

Buffers[1].pvBuffer = pMsgBuf + Sizes.cbHeader; Buffers[1].cbBuffer = cbMsgBuf; Buffers[1].BufferType = SECBUFFER_DATA;

Buffers[2].pvBuffer = pMsgBuf + Sizes.cbHeader + cbMsgBuf; Buffers[2].cbBuffer = Sizes.cbTrailer; Buffers[2].BufferType = SECBUFFER_STREAM_TRAILER;

Buffers[3].BufferType = SECBUFFER_EMPTY;

scRet = EncryptMessage(&hContext,                      0,                       &Message,                       0); Additional query words:

Keywords : kbOSWin2000 kbSDKWin32 kbOSWin98 _IK kbGrpDSKernBase

Issue type : kbprb

Technology : kbWinNTsearch kbWinNTWsearch kbWinNTW400search kbWinNT400xsearch kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Serv kbWinNTW400sp5 kbWinNTSsearch kbWinNTS400sp6 kbWinNTS400sp5 kbWinNTS400xsearch kbwin2000ServSearch kbwin2000Search kbwin2000ProSearch kbwin2000Pro kbAudDeveloper kbWin98search kbWinNTW400sp6 kbWinAdvServSearch kbWin32sSearch kbWin32API kbWin98 kbWinNTW400SP6a