On 24 April 2017 at 14:36, Daniel P. Berrange <berra...@redhat.com> wrote: > FYI, both gnutls and openssl use these CryptAcquireContext/CryptGenRandom > methods, so I'd prefer to stick with that.
They probably need the full crypto API anyway, though... > It seems we merely need to set CRYPT_SILENT in the flags to prevent any > chance of interactive prompts. > > https://msdn.microsoft.com/en-us/library/windows/desktop/aa379886(v=vs.85).aspx How about CRYPT_VERIFYCONTEXT? The docs say "in most cases this flag should be set". This kind of discussion puts me off the Crypt* APIs though -- they're a complicated API that can easily be misused. "Please just fill this buffer with randomness" is a simple API that's hard to call wrongly... thanks -- PMM
