SslComputeClientAuthHash function

The SslComputeClientAuthHash function computes a hash to use during certificate authentication.


  _In_  NCRYPT_PROV_HANDLE hSslProvider,
  _In_  NCRYPT_KEY_HANDLE  hMasterKey,
  _In_  NCRYPT_HASH_HANDLE hHandshakeHash,
  _In_  LPCWSTR            pszAlgId,
  _Out_ PBYTE              pbOutput,
  _In_  DWORD              cbOutput,
  _Out_ DWORD              *pcbResult,
  _In_  DWORD              dwFlags


hSslProvider [in]

The handle of the Secure Sockets Layer protocol (SSL) protocol provider instance.

hMasterKey [in]

The handle of the master key object.

hHandshakeHash [in]

The handle of the hash of the handshake computed so far.

pszAlgId [in]

A pointer to a null-terminated Unicode string that identifies the requested cryptographic algorithm. This can be one of the standard CNG Algorithm Identifiers or the identifier for another registered algorithm.

pbOutput [out]

The address of a buffer that receives the key BLOB. The cbOutput parameter contains the size of this buffer. If this parameter is NULL, this function will place the required size, in bytes, in the DWORD pointed to by the pcbResult parameter.

cbOutput [in]

The length, in bytes, of the pbOutput buffer.

pcbResult [out]

A pointer to a DWORD value that specifies the length, in bytes, of the hash written to the pbOutput buffer.

dwFlags [in]

This parameter is reserved for future use.

Return value

If the function succeeds, it returns zero.

If the function fails, it returns a nonzero error value.

Possible return codes include, but are not limited to, the following.

Return code/value Description
One of the supplied handles is not valid.


The SslComputeClientAuthHash function computes the hash that is sent in the certificate verification message of the SSL handshake. The hash value is computed by creating a hash that contains the master secret with a hash of all previous handshake messages sent or received. For more information about the SSL handshake sequence, see Description of the Secure Sockets Layer (SSL) Handshake.

The manner in which the hash is computed depends on the protocol and cipher suite used. In addition, the hash depends on the type of client authentication key used; the pszAlgId parameter indicates the type of key used for client authentication.


Requirement Value
Minimum supported client
Windows Vista [desktop apps only]
Minimum supported server
Windows Server 2008 [desktop apps only]