s4:rpc_server: Use generate_secret_buffer() for backupkey wap_key
authorAndreas Schneider <asn@samba.org>
Wed, 31 Jul 2019 13:41:29 +0000 (15:41 +0200)
committerAndreas Schneider <asn@cryptomilk.org>
Mon, 12 Aug 2019 09:23:40 +0000 (09:23 +0000)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/rpc_server/backupkey/dcesrv_backupkey.c

index a826ae0..d192858 100644 (file)
@@ -1263,7 +1263,8 @@ static WERROR generate_bkrp_server_wrap_key(TALLOC_CTX *ctx, struct ldb_context
        char *secret_name;
        TALLOC_CTX *frame = talloc_stackframe();
 
-       generate_random_buffer(wrap_key.key, sizeof(wrap_key.key));
+       /* We need to use a CSPRNG which reseeds for generating session keys. */
+       generate_secret_buffer(wrap_key.key, sizeof(wrap_key.key));
 
        ndr_err = ndr_push_struct_blob(&blob_wrap_key, ctx, &wrap_key, (ndr_push_flags_fn_t)ndr_push_bkrp_dc_serverwrap_key);
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {