[PATCH] Win32 use BCryptGenRandom to ensure the CNG FIPS RNG is used
Jouni Malinen
j at w1.fi
Sun Oct 30 01:32:07 PDT 2022
On Fri, Oct 14, 2022 at 05:23:54PM +0000, Norman Hamer wrote:
> diff --git a/src/utils/os_win32.c b/src/utils/os_win32.c
> int os_get_random(unsigned char *buf, size_t len)
> {
> - HCRYPTPROV prov;
> - BOOL ret;
> -
> - if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL,
> - CRYPT_VERIFYCONTEXT))
> - return -1;
> -
> - ret = CryptGenRandom(prov, len, buf);
> - CryptReleaseContext(prov, 0);
> -
> - return ret ? 0 : -1;
> + NTSTATUS status = BCryptGenRandom(NULL, buf, len, BCRYPT_USE_SYSTEM_PREFERRED_RNG);
> + return status ? -1 : 0;
Is this available on all Windows versions that someone might care about
nowadays? It looks like BCryptGenRandom was added after Windows XP which
was the version used when os_get_random() was implemented in this
manner. I guess no one should really be using Windows XP more, but I
don't really know what to expect about the use cases for the Windows
builds of wpa_supplicant.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list