SslGenerateMasterKey function
The SslGenerateMasterKey function computes the Secure Sockets Layer protocol (SSL) master secret key.
Syntax
SECURITY_STATUS WINAPI SslGenerateMasterKey(
_In_ NCRYPT_PROV_HANDLE hSslProvider,
_In_ NCRYPT_KEY_HANDLE hPrivateKey,
_In_ NCRYPT_KEY_HANDLE hPublicKey,
_Out_ NCRYPT_KEY_HANDLE *phMasterKey,
_In_ DWORD dwProtocol,
_In_ DWORD dwCipherSuite,
_In_ PNCryptBufferDesc pParameterList,
_Out_ PBYTE pbOutput,
_In_ DWORD cbOutput,
_Out_ DWORD *pcbResult,
_In_ DWORD dwFlags
);
Parameters
-
hSslProvider [in]
-
The handle to the SSL protocol provider instance.
-
hPrivateKey [in]
-
The handle to the private key used in the exchange.
-
hPublicKey [in]
-
The handle to the public key used in the exchange.
-
phMasterKey [out]
-
A pointer to the handle to the generated master key.
-
dwProtocol [in]
-
One of the CNG SSL Provider Protocol Identifier values.
-
dwCipherSuite [in]
-
One of the CNG SSL Provider Cipher Suite Identifier values.
-
pParameterList [in]
-
A pointer to an array of NCryptBuffer buffers that contain information used as part of the key exchange operation. The precise set of buffers is dependent on the protocol and cipher suite that is used. At the minimum, the list will contain buffers that contain the client and server supplied random values.
-
pbOutput [out]
-
The address of a buffer that receives the premaster secret encrypted with the public key of the server. The cbOutput parameter contains the size of this buffer. If this parameter is NULL, this function returns the required size, in bytes, in the DWORD pointed to by the pcbResult parameter.
Note
This buffer is used when performing a RSA key exchange.
-
cbOutput [in]
-
The size, in bytes, of the pbOutput buffer.
-
pcbResult [out]
-
A pointer to a DWORD value in which to place number of bytes written to the pbOutput buffer.
-
dwFlags [in]
-
Specifies whether this function is being used for client-side or server-side key exchange.
Value Meaning - NCRYPT_SSL_CLIENT_FLAG
- 0x00000001
Specifies a client-side key exchange. - NCRYPT_SSL_SERVER_FLAG
- 0x00000002
Specifies a server-side key exchange.
Return value
If the function succeeds, it returns zero.
If the function fails, it returns a nonzero error value.
Possible return codes include, but are not limited to, the following.
| Return code/value | Description |
|---|---|
|
Not enough memory is available to allocate necessary buffers. |
|
One of the provided handles is not valid. |
|
The phMasterKey or hPublicKey parameter is not valid. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows Vista [desktop apps only] |
| Minimum supported server |
Windows Server 2008 [desktop apps only] |
| Header |
|
| DLL |
|
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for