Re: CSP error
From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 10/20/05
- Next message: sbardhan_at_adelphia.net: "Winlogon and Smartcard CSP"
- Previous message: Valery Pryamikov: "Re: To detect weak or blank password?"
- Maybe in reply to: Doug Barlow: "Re: CSP error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Oct 2005 12:31:06 -0700
Yes, thats' correct. You get the dll name from the Registry
(Cryptography\Defaults - unless you want to just "assume" rsaenh.dll is what
you want to use), use LoadLibrary then GetProcAddress to get all the CP...
functions. You should do thi sin your DllMain.
Then for each of YOUR CP... function (including the very first
CPAcquireContext) you call down the corresponding CP... function in the
loaded Microsoft provider.
One cautionary note:
This behavior have some security risks because you load a potentially
"unknown" CSP which may or may not signed by Microsoft. The CryptoAPI takes
care of signature checking for the CSPs it loads. Now if you want to be a
good security citizen than you SHOULD check the signature of the CSP you are
loading. (If you always want to load the standard Microsoft DLLs than you can
skip the trouble checking if Kernel mode debugger loaded - the MS CSPs must
always be signed anyway.)
Laszlo Elteto
SafeNet, Inc.
"bender" wrote:
> ahh, i really like that idea. It makes more sense anyways, since the way I
> am trying to do it is to call back to the Crypto level which is not a very
> nice design since I start to "bounce" around between levels. So if I
> understand what you are saying, I should load the crypto DLL of my choosing,
> then call it directly using the CP.... functions?
>
> "lelteto" wrote:
>
> > Actually, your CSP is called by the CryptoAPI level, so I don't think that's
> > the problem. Sorry my previous post on that part. I still think you should
> > create your own context.
> > Note that I don't have much experience calling Crypt... functions from my
> > CSP. Instead, what I always did was to load and call the Microsoft CSP layer
> > (ie. the CP... functions). That always worked for me.
> >
> > Laszlo Elteto
> > SafeNet, Inc.
> >
> > "bender" wrote:
> >
> > >
> > > "lelteto" wrote:
> > >
> > > > You should check why the CALLER sets the (I think bad) phProv value. The
> > > > error may not be in your code but the test code in its CryptAcquireContext.
> > > >
> > >
> > > The test code is a .exe file distributed by Microsoft in the CSPDK. I cant
> > > see what the code is doing (without reverse engineering which seems like more
> > > work than it is worth). I would think an error like this would have been
> > > caught by someone else in their use by now....
- Next message: sbardhan_at_adelphia.net: "Winlogon and Smartcard CSP"
- Previous message: Valery Pryamikov: "Re: To detect weak or blank password?"
- Maybe in reply to: Doug Barlow: "Re: CSP error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
