RE: CryptoAPI: CSP compile problem

From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 10/15/05 

Date: Sat, 15 Oct 2005 10:47:28 -0700

That error indicates that your CSP is not signed by Microsoft and as such
cannot be loaded. To TEST your CSP Microsoft requires to load a KERNEL
debugger on the test computer. (You don't actually have to use it - it just
have to be loaded.)

Another (not supported) way is to patch advapi32.dll. so this security check
is bypassed. You can search this forum for "advapi32" to instruction which
bytes have to be patched for various dll versions. (and how to replace the
dll - either from another system on multi-boot setup or from Recovery Console)

Laszlo Elteto
SafeNet, Inc.

"bender" wrote:

> nm, problem fixed.
>
> Now I just have to figure out why the CSPDK gives me a
>
> CryptAcquireContext
>
> INFO Returned: False
>
> INFO Error type: API failed unexpectedly
>
> INFO Known error: No
>
> INFO Actual error code: 0x8009001d (Provider DLL failed to initialize
> correctly. )
>
>
>
> "bender" wrote:
>
> > When trying to compile a CSP dll has anyone seen "error C2375: 'CPDeriveKey'
> > : redefinition; different linkage"
> >
> > i get this for all the CSP functions EXCEPT CPCreateHash and CPAquireContext.
> >
> > I havent found any circular links yet...
> >
> > My dll is including
> >
> > #include <windows.h>
> > #include <wincrypt.h>
> > #include <C:\cspdk\sdkinc\Cspdk.h>
> >
> >
> >
> > An example of one of my functions is
> >
> > DLL_EXPORT
> > BOOL WINAPI
> > CPAcquireContext(
> > HCRYPTPROV* phProv,
> > CHAR* pszContainer,
> > DWORD dwFlags,
> > PVTableProvStruc pVTable
> > )
> > {
> > return CryptAcquireContext( phProv, NULL, NULL, PROV_RSA_FULL, dwFlags );
> > }
> >
> >
> > (all functions just pass onto default CSP for now)
> >
> >
> >
> > Thanks for any help

Relevant Pages

  • RE: Debugging a CSP dll
    ... you are registring your CSP the right way. ... it's not sufficient for winlogon to load it. ... Actually, by default, Winlogon ... dll unless it appears as a PC/SC reader to the system, ...
    (microsoft.public.platformsdk.security)
  • RE: MSCAPI integrity checks of CSPs - Downgrade Attack
    ... One thing you can do is to go to the Registry, ... the CSP dll file name from the crypto provider entry the VERIFY the dll ... the advapi32.dll file to completely bypass CSP signature check so can install ... I configure certificate server templates or xenroll to only issue ...
    (microsoft.public.platformsdk.security)
  • Re: CSP error
    ... You get the dll name from the Registry ... This behavior have some security risks because you load a potentially ... "unknown" CSP which may or may not signed by Microsoft. ... > am trying to do it is to call back to the Crypto level which is not a very ...
    (microsoft.public.platformsdk.security)
  • Re: CSP types
    ... You can write one dll and expose/register it via different types of CSPs. ... > I can write one CSP and one DLL and declare my self as supporting a few> CSP ... >> So on Windows 95 and Windows NT 4.0, there's a one-to-one mapping between>> CSPs and DLLs. ... one DLL can support any number of CSPs and>> types. ...
    (microsoft.public.platformsdk.security)
  • Re: CSP types
    ... You'll probably end up using the same entry points within ... specific to the CSP selected, as most of the code will be the same for all ... Note that each CSP supported by the DLL must have a separate unique name. ... >> On Windows 98, one DLL can support multiple CSPs, as long as each CSP is ...
    (microsoft.public.platformsdk.security)