Re: crypto api in ISAPI extension

From: Vishal Agarwal[MSFT] (vishala_at_online.microsoft.com)
Date: 12/08/03


Date: Mon, 8 Dec 2003 10:02:28 -0800

Are you sure its "Bad UID"?

IS the error code 8009001 or 80090010 ?

if it's 80090010, the error message text is "Access denied"?

Thanks,
Vishal

-- 
This posting is provided "AS IS" with no warranties, and confers no rights
"John Yule" <anonymous@discussions.microsoft.com> wrote in message
news:018e01c3bb5c$8023c8c0$a301280a@phx.gbl...
> I have an ISAPI extension which uses the crypto api to
> decrypt data sent from a client.  It works flawlessly on
> all of our (5) test servers and also at a couple of
> clients.
>
> However, on a specific client's (2) servers I get the
> following error thrown by CryptDeriveKey(): x8009001 'Bad
> UID'.  This is after the CryptAcquireContext()
> successfully returns a seemingly valid UID (code below).
> A call to CryptReleaseContext() with the same handle gets
> the same error.  So it looks like the handle returned by
> CryptAcquireContext() is bad even though it indicates
> success.
>
> The frustrating thing is that it goes through several
> similar decryptions (in the same process request)
> successfully prior to failing.  In some cases restarting
> IIS causes it to work the 1st time but fail on all
> subsequent requests.
>
> The code is pretty much straight out of msdn samples:
> ===================
> BOOL CPhynityCrypto::CryptoDecrypt(CString csPassword,
> void* pvBuff,
> ULONG* ulBuffSize,
> CString* csErrMsg)
> {
> LPTSTR lpWork=NULL;
> BOOL bStatus=false;
> HCRYPTPROV hCryptProv=NULL;
> HCRYPTHASH = lHHash=NULL;
> HCRYPTKEY = lHkey=NULL;
>
>  // Get handle to the default CSP.
> CString csProvider(MS_DEF_PROV);
> if (!CryptAcquireContext(&hCryptProv, NULL, csProvider,
> PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
> {
> csErrMsg->Format(_T("Error %x during
> CryptAcquireContext!\n\n%s"),GetLastError
> (),CPhynityCommonServices::GetLastErrorString());
> goto EXIT;
> }
>
>  // Create a hash object
>  if (!CryptCreateHash(hCryptProv, CALG_MD5, 0, 0,
> &lHHash))
> {
> csErrMsg->Format(_T("Error %x during
> CryptCreateHash!\n\n%s"),GetLastError
> (),CPhynityCommonServices::GetLastErrorString());
> goto EXIT;
> }
>
> // Hash in the password text
> lpWork=csPassword.LockBuffer();
> if (!CryptHashData(lHHash, (BYTE*)lpWork,
> csPassword.GetLength(), 0))
> {
> csErrMsg->Format(_T("Error %x during
> CryptHashData!\n\n%s"),GetLastError
> (),CPhynityCommonServices::GetLastErrorString());
> csPassword.UnlockBuffer();
> goto EXIT;
> }
> csPassword.UnlockBuffer();
>
> // Create a session key from the hash object
> if (!CryptDeriveKey(hCryptProv, CALG_RC4, lHHash, 0,
> &lHkey))
> {
> csErrMsg->Format(_T("Error %x during
> CryptDeriveKey!\n\n%s"),GetLastError
> (),CPhynityCommonServices::GetLastErrorString());
> goto EXIT;
> }
>
> // Destroy the hash object.
> CryptDestroyHash(lHHash);
> lHHash = 0;
>
> // Decrypt data
> if (!CryptDecrypt(lHkey, 0, true, 0, (BYTE*)pvBuff,
> ulBuffSize))
> {
> csErrMsg->Format(_T("Error %x during CryptDecrypt!
> \n\n%s"),GetLastError
> (),CPhynityCommonServices::GetLastErrorString());
> goto EXIT;
> }
>
> // success
> bStatus=true;
>
> EXIT:
> if (lHkey!=NULL)
> CryptDestroyKey(lHkey);
> if (lHHash!=NULL)
> CryptDestroyHash(lHHash);
> if (hCryptProv!=NULL)
> CryptReleaseContext(hCryptProv, 0);
> return(bStatus);
> }
>
>