I want to establish TLS connection using by Win SSPI(Schannel) interface.
I am at the stage of encrypt- decrypt process, and I find myself really confused - who is responsible to manage the memory allocations? :
- When I want to send a data packet to the rempte party, I have to encrypt the data before by calling to EncryptMessage function with buffer that contains 4 buffers: buffer to the header, buffer to the data should be encrypt, buffer to the trailer, and fourth buffer of type SECBUFFER_EMPTY (that I must say that I dont understand what it uses for, but in the MSDN is wrriten to add it.). Now when the EncryptMessage function is called, where is the encrypted data located? does it overwrite the data that I sent in as input buffers? if so, what will be happaned in case that the encrypted data is too large from the size of the orginal buffer that I sent? does the EncrypteMessage allocate additional memory and join it to the orginal buffer?
- When I receive data, I also get a stream of the encrypted bytes were received, and I have to send the encrypted data to DecryptMessage function. my question is again - where does the SSPI locate the decrypted data? and if the decrypt data is shorte than the orginal stream, who is responsible to free the leftover bytes were allocated?
- When I decrypt message, somtimes the function returns buffer of type SECBUFFER_EXTRA. In the MSDN is wrriten what is mean of this extra buffer. and again I dont total understand who is allocate this memory location, does it just a pointer to any location in the the orginal strean that I sent?
I am not sure that just someone is familar with SSPI could answer me, maybe someone that know well Microsoft implementations.
I would appreciate any answer, or even partial answer that will explain me what is the internal process that SSPI manages.
Thanks!