From 5cd54770ca2055eee9ae651510b0ff5d1c914f6c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 31 Jul 2019 15:41:29 +0200
Subject: [PATCH 072/187] s4:rpc_server: Use generate_secret_buffer() for
 backupkey wap_key

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5a62056b4530e4c509444be9164a1fca1dce193f)
---
 source4/rpc_server/backupkey/dcesrv_backupkey.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index a826ae083f4..d192858e468 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -1263,7 +1263,8 @@ static WERROR generate_bkrp_server_wrap_key(TALLOC_CTX *ctx, struct ldb_context
 	char *secret_name;
 	TALLOC_CTX *frame = talloc_stackframe();
 
-	generate_random_buffer(wrap_key.key, sizeof(wrap_key.key));
+	/* We need to use a CSPRNG which reseeds for generating session keys. */
+	generate_secret_buffer(wrap_key.key, sizeof(wrap_key.key));
 
 	ndr_err = ndr_push_struct_blob(&blob_wrap_key, ctx, &wrap_key, (ndr_push_flags_fn_t)ndr_push_bkrp_dc_serverwrap_key);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-- 
2.23.0