[PATCH] Win32 use BCryptGenRandom to ensure the CNG FIPS RNG is used

Jouni Malinen j at w1.fi
Sun Oct 30 01:32:07 PDT 2022


On Fri, Oct 14, 2022 at 05:23:54PM +0000, Norman Hamer wrote:
> diff --git a/src/utils/os_win32.c b/src/utils/os_win32.c

>  int os_get_random(unsigned char *buf, size_t len)
>  {
> -	HCRYPTPROV prov;
> -	BOOL ret;
> -
> -	if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL,
> -				 CRYPT_VERIFYCONTEXT))
> -		return -1;
> -
> -	ret = CryptGenRandom(prov, len, buf);
> -	CryptReleaseContext(prov, 0);
> -
> -	return ret ? 0 : -1;
> +	NTSTATUS status = BCryptGenRandom(NULL, buf, len, BCRYPT_USE_SYSTEM_PREFERRED_RNG);
> +	return status ? -1 : 0;

Is this available on all Windows versions that someone might care about
nowadays? It looks like BCryptGenRandom was added after Windows XP which
was the version used when os_get_random() was implemented in this
manner. I guess no one should really be using Windows XP more, but I
don't really know what to expect about the use cases for the Windows
builds of wpa_supplicant.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list