Request lower privilege crypt context when generating random numbers

author Christopher Dykes <cdykes@fb.com>

Wed, 9 Nov 2016 22:31:44 +0000 (14:31 -0800)

committer Facebook Github Bot <facebook-github-bot-bot@fb.com>

Wed, 9 Nov 2016 22:38:39 +0000 (14:38 -0800)
author Christopher Dykes <cdykes@fb.com>
Wed, 9 Nov 2016 22:31:44 +0000 (14:31 -0800)
committer Facebook Github Bot <facebook-github-bot-bot@fb.com>
Wed, 9 Nov 2016 22:38:39 +0000 (14:38 -0800)
diff --git a/folly/Random.cpp b/folly/Random.cpp

index 8f5e3128d2036952f31ba8efcc73791a139e333b..d4fb39b4ea3a4eaaa1d9140dfe422bcdd610a090 100644 (file)
--- a/folly/Random.cpp
+++ b/folly/Random.cpp
@@ -42,7 +42,12 @@ void readRandomDevice(void* data, size_t size) {
    static folly::once_flag flag;
    static HCRYPTPROV cryptoProv;
    folly::call_once(flag, [&] {
-    if (!CryptAcquireContext(&cryptoProv, nullptr, nullptr, PROV_RSA_FULL, 0)) {
+    if (!CryptAcquireContext(
+            &cryptoProv,
+            nullptr,
+            nullptr,
+            PROV_RSA_FULL,
+            CRYPT_VERIFYCONTEXT)) {
        if (GetLastError() == NTE_BAD_KEYSET) {
          // Mostly likely cause of this is that no key container
          // exists yet, so try to create one.
author	Christopher Dykes <cdykes@fb.com>
	Wed, 9 Nov 2016 22:31:44 +0000 (14:31 -0800)
committer	Facebook Github Bot <facebook-github-bot-bot@fb.com>
	Wed, 9 Nov 2016 22:38:39 +0000 (14:38 -0800)