Re: CPSignHash error 80090008

From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 12/21/04 

Date: Tue, 21 Dec 2004 07:27:06 -0800

I think the main problem is that you try to call down with the Cryptxxx
functions. That's not the way you should do. Here is what I do in my CSP and
it's been working well for years:
In youd DllMain (of your CSP code) do LoadLibrary of the Micrtosoft (or
default) CSP. (You get it from the Registry or pick a known MS one like
"Microsoft RSA SChannel Cryptographic Provider") Then get the CPxxx entry
points with GetProcAddress and use those addresses to 'call down'.
Even if that's not the problem there is definitely one problem with your
calling down CryptAcquireContext: you should NOT return the handle you got
from that call. You MUST create your own context and save the context you got
from the called-down CSP into your context.

Laszlo Elteto
SafeNet, Inc.

"iandoll" wrote:

> Laszlo,
> thanks for fast response.
>
> I have made changes as you suggested. So my CPAcquireContext function
> calling CryptAcquireContext(...PROV_RSA_SCHANNEL..).
> Also I changes type of MyCSP to 12 (PROV_RSA_SCHANNEL).
>
> When I now start IE, everything working same as previous
> (CPAcquireContext,
> CPCreateHash, CPSetHashParam, CPSignHash, CPDestroyHash,
> CPReleaseContext),
> but CPSignHash generate 8009008 error.
>
> This is how CPSignHash look like:
>
> retVal = CryptSignHash(hHash, dwKeySpec, NULL, dwFlags, pbSignature,
> pcbSigLen);
> if (!retVal) { ERROR_MSGBOX("CPSignHash-ERROR");}
> return retVal;
>
> and CPAcquireContext is:
> BOOL WINAPI CPAcquireContext(
> OUT HCRYPTPROV *phProv,
> IN LPCSTR szContainer,
> IN DWORD dwFlags,
> IN PVTableProvStruc pVTable)
> {
> BOOL retVal = FALSE;
> DWORD dwLastError = 0;
> char * szProviderName = NULL;
>
> retVal = CryptAcquireContext(phProv, szContainer, szProviderName,
> PROV_RSA_SCHANNEL, dwFlags);
> if (!retVal) { ERROR_MSGBOX("CPAcquireContext-ERROR");}
> return retVal;
> }
>
> Also I test my CSP with CSP Test suite, and work fine in 76% otherwise
> is
> error or warning.
> Do you know what is cause of this error, or maybe where can I find
> sample
> (empty, just simple wrapper) custom CSP implementation.
>
> Thanks,
> Ian
>
>

Relevant Pages

  • RE: I get error ERROR_INVALID_PARAMETER testing my CSP with "cspte
    ... the context THEN still try to use it?) ... CryptGetUserKey than you really need to debug your test code to see what's ... I just implemented 10 functions of CSP and the other functions ...
    (microsoft.public.platformsdk.security)
  • RE: I get error ERROR_INVALID_PARAMETER testing my CSP with "cspte
    ... Assuming that in your DoTransmit routine uses the provided hProv as *MyCSP ... I've read the following page on MSDN which is titled "CSP Architectural ... SCARDCONTEXT hContext1; ... your OWN context and return this to the CAPI ...
    (microsoft.public.platformsdk.security)
  • RE: I get error ERROR_INVALID_PARAMETER testing my CSP with "cspte
    ... CryptAcquireContext will NEVER return YOUR context. ... As I explained, CAPI ... So, pProv gets a handle to CSP(thus, "g_hmodule" global parameter in CSP ... CryptGetUserKey than you really need to debug your test code to see what's ...
    (microsoft.public.platformsdk.security)
  • RE: I get error ERROR_INVALID_PARAMETER testing my CSP with "cspte
    ... In CryptAcquireContext implementation, there is a line as following: ... So, pProv gets a handle to CSP(thus, "g_hmodule" global parameter in CSP ... the context THEN still try to use it?) ... I think there should be something wrong between CAPI and CryptoSPI ...
    (microsoft.public.platformsdk.security)
  • RE: Biometric CSP wrapper
    ... You need to have your own Context and the ... 'downstream' original smartcard CSP you allocate some memory, ... is used you get the 'downstream' context / handle from your struct and pass ... that down to the smartcard CSP. ...
    (microsoft.public.platformsdk.security)