CryptHashToBeSigned

The CryptHashToBeSigned function computes the hash of the encoded content from a signed and encoded certificate. The data structure is "to be signed" encoded content and its signature.

#include <wincrypt.h>
BOOL WINAPI CryptHashToBeSigned(
  HCRYPTPROV hCryptProv,         // in
  DWORD dwCertEncodingType,      // in
  const BYTE *pbEncoded,         // in, constant
  DWORD cbEncoded,               // in
  BYTE *pbComputedHash,          // out
  DWORD *pcbComputedHash         // in, out
);

Parameters

hCryptProv

Specifies the Cryptographic Service Provider to use to compute the hash.

Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, zero should be passed in. Passing in zero causes the default RSA or DSS provider to be acquired before doing hash, signature verification or recipient encryption operations.

dwCertEncodingType

The type of encoding used on the certificate. Currently defined certificate encoding types are shown in the following table:

Encoding type	Value
X509_ASN_ENCODING	0x00000001

pbEncoded

The address of the content that is to be hashed (the encoded CERT_SIGNED_CONTENT_INFO).

cbEncoded

Size, in bytes, of the encoded CERT_SIGNED_CONTENT_INFO.

pbComputedHash

Pointer to a buffer that receives the computed hash.

This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see Common In/Out Parameter Conventions.

pcbComputedHash

Pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pbComputedHash parameter. When the function returns, the variable pointed to by the pcbComputedHash parameter contains the number of bytes stored in the buffer. This parameter can be NULL only if pbComputedHash is NULL.

Note When processing the data returned in the buffer, applications need to use the actual size of the data returned. The actual size may be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually specified large enough to insure that the largest possible output data will fit in the buffer.) On output, the variable pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.

Return Values

TRUE if the function succeeded, FALSE if the function failed.

Call GetLastError to see the reason for any failures. Note that errors from the called functions CryptCreateHash, CryptGetHashParam and CryptHashData may be propagated to this function. This function has the following error codes.

Error code	Description
CRYPT_E_OSS_ERROR	ASN.1 decoding error. Note, to get the OSS error subtract CRYPT_E_OSS_ERROR from the returned error and see asn1code.h for details on the error.
ERROR_MORE_DATA	If the buffer specified by the pbComputedHash parameter is not large enough to hold the returned data, the function sets the ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbComputedHash.
ERROR_FILE_NOT_FOUND	Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.
NTE_BAD_ALGID	The signature algorithm's Object Identifier doesn't map to a known or supported hash algorithm.

Example

// EXAMPLE CODE FOR USING CryptHashToBeSigned().
// From a signed and encoded certificate, computes the hash of the
// encoded content that was originally signed (the original "to be
// signed").
// Assume that a pointer to the CERT_SIGNED_CONTENT_INFO
// (*pbEncoded) has already been defined.

// Set up the variables.
HCRYPTPROV hCryptProv = 0;    // Service Provider handle- normally 0
DWORD dwCertEncodingType = X509_ASN_ENCODING;
                              // Type of encoding
const BYTE *pbEncoded;        // Address of CERT_SIGNED_CONTENT_INFO
                              //   struct
DWORD cbEncoded;              // size of content
BYTE * pbComputedHash;        // Pointer to computed hash
DWORD cbComputedHash;         // Size of computer hash
BOOL fResult;                 // Return TRUE if function succeeded
                              //   FALSE if function failed

// Function called the first time to get
// the size of cbEncoded.
fResult= CryptHashToBeSigned(
           hCryptProv,
           dwCertEncodingType,
           pbEncoded,
           cbEncoded,
           NULL,              // NULL on first call to determine the
                              //   size needed to insure that the
                              //   returned data fits in the specified
                              //   buffer 
           &cbComputedHash);

if (!fResult){
  cout<< "first call to CryptHashToBeSigned failed"<< endl;
}
else {
  cout<< "first call to CryptHashToBeSigned successful"<< endl;
  pbComputedHash = (BYTE *) malloc (cbComputedHash);
  cout<< "memory allocated"<< endl;
}

// Make the call to get the hash.
fResult= CryptHashToBeSigned(
           hCryptProv,        // in - 0 is default RSA or DSS provider 
           dwCertEncodingType,// in - X509_ASN_ENCODING
           pbEncoded,         // in - const address
           cbEncoded,
           pbComputedHash,    // out - Pointer to computed hash
           &cbComputedHash);  // in/out - size of computed hash

if (!fResult) {               // FALSE
 cout<< "Function failed"<< endl
     << "error code = "<< GetLastError()<< endl;
}
else {                        // TRUE
 cout<< "Function succeeded"<< endl;
}
free (pbComputedHash);

QuickInfo

  Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
  Windows: Requires Windows 98 (or Windows 95 with IE 3.02 or later).
  Windows CE: Unsupported.
  Header: Declared in wincrypt.h.
  Import Library: Use crypt32.lib.

CryptHashToBeSigned

Parameters

Return Values

Example

QuickInfo

See Also