From: Christopher Dykes <cdykes@fb.com>
Date: Wed, 9 Nov 2016 22:31:44 +0000 (-0800)
Subject: Request lower privilege crypt context when generating random numbers
X-Git-Tag: v2016.11.14.00~19
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=2fac14da00e680f13c27262b6a623683b370f244;p=folly.git

Request lower privilege crypt context when generating random numbers

Summary: Without this flag, we were unintentionally requesting a context with access to private keys.

Reviewed By: yfeldblum

Differential Revision: D4155525

fbshipit-source-id: f33d18451b06e32b81d03bf6180efc1671cfa204
---

diff --git a/folly/Random.cpp b/folly/Random.cpp
index 8f5e3128..d4fb39b4 100644
--- a/folly/Random.cpp
+++ b/folly/Random.cpp
@@ -42,7 +42,12 @@ void readRandomDevice(void* data, size_t size) {
   static folly::once_flag flag;
   static HCRYPTPROV cryptoProv;
   folly::call_once(flag, [&] {
-    if (!CryptAcquireContext(&cryptoProv, nullptr, nullptr, PROV_RSA_FULL, 0)) {
+    if (!CryptAcquireContext(
+            &cryptoProv,
+            nullptr,
+            nullptr,
+            PROV_RSA_FULL,
+            CRYPT_VERIFYCONTEXT)) {
       if (GetLastError() == NTE_BAD_KEYSET) {
         // Mostly likely cause of this is that no key container
         // exists yet, so try to create one.