Improve k5_get_os_entropy for Windows
authorGreg Hudson <ghudson@mit.edu>
Tue, 4 Oct 2011 15:11:45 +0000 (15:11 +0000)
committerGreg Hudson <ghudson@mit.edu>
Tue, 4 Oct 2011 15:11:45 +0000 (15:11 +0000)
When acquiring a crypto context for CryptGenRandom, pass
CRYPT_VERIFYCONTEXT to indicate that we don't need access to private
keys.  Appears to make OS entropy work on Windows XP.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25297 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/crypto/krb/prng.c

index bed2a46b92110034d894754ae492d59cc5ad947f..e478b198d019b3979b282626f38bbc9a91b1be47 100644 (file)
@@ -41,7 +41,8 @@ k5_get_os_entropy(unsigned char *buf, size_t len)
     krb5_boolean result;
     HCRYPTPROV provider;
 
-    if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, 0))
+    if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
+                             CRYPT_VERIFYCONTEXT))
         return FALSE;
     result = CryptGenRandom(provider, len, buf);
     (void)CryptReleaseContext(provider, 0);